[Løst] Kan noko gå gjennom dessa loggane?

thadon · 23. august 2008

SAS

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/23/2008 at 01:42 PM

Application Version : 4.20.1046

Core Rules Database Version : 3545

Trace Rules Database Version: 1534

Scan type : Quick Scan

Total Scan Time : 00:34:06

Memory items scanned : 720

Memory threats detected : 1

Registry items scanned : 428

Registry threats detected : 57

File items scanned : 28275

File threats detected : 3

Trojan.Unclassified/C00-WL/A

C:\WINDOWS\SYSTEM32\__C00F1FA9.DAT

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c00E28AC

C:\WINDOWS\SYSTEM32\__C00E28AC.DAT

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c00E66AA

C:\WINDOWS\SYSTEM32\__C00E66AA.DAT

Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c00F1FA9

Trojan.Unclassified/C00-WL

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0058459

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0058459#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0058459#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0058459#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0058459#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0058459#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00771A7

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00771A7#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00771A7#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00771A7#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00771A7#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00771A7#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C008DDC4

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C008DDC4#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C008DDC4#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C008DDC4#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C008DDC4#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C008DDC4#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0094DDA

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0094DDA#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0094DDA#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0094DDA#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0094DDA#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C0094DDA#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00B1DA8

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00B1DA8#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00B1DA8#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00B1DA8#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00B1DA8#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00B1DA8#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00CA2C4

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00CA2C4#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00CA2C4#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00CA2C4#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00CA2C4#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00CA2C4#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E28AC

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E28AC#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E28AC#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E28AC#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E28AC#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E28AC#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E66AA

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E66AA#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E66AA#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E66AA#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E66AA#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E66AA#Logon

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00F1FA9

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00F1FA9#Asynchronous

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00F1FA9#DllName

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00F1FA9#Impersonate

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00F1FA9#Startup

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00F1FA9#Logon

Combofix

ComboFix 08-08-21.02 - Fredrik 2008-08-23 13:57:50.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1214 [GMT 2:00]

Running from: C:\Users\Fredrik\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\__c0058459.dat

C:\Windows\system32\__c00771A7.dat

C:\Windows\system32\__c008DDC4.dat

C:\Windows\system32\__c0094DDA.dat

C:\Windows\system32\__c00B1DA8.dat

C:\Windows\system32\__c00CA2C4.dat

C:\Windows\system32\~.exe

C:\Windows\system32\MSINET.oca

C:\xcrashdump.dat

.

((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))

.

2008-08-23 13:04 . 2008-08-23 13:04 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\SUPERAntiSpyware.com

2008-08-23 13:04 . 2008-08-23 13:04 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-23 13:04 . 2008-08-23 13:04 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-08-23 13:04 . 2008-08-23 13:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-22 21:19 . 2008-08-22 21:19 <DIR> d-------- C:\Program Files\Stardock

2008-08-22 21:19 . 2008-08-22 21:19 <DIR> d-------- C:\Program Files\Common Files\Stardock

2008-08-22 16:53 . 2008-08-22 17:28 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Winamp

2008-08-22 07:38 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-08-22 07:38 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-08-22 07:38 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-08-22 07:38 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-08-22 07:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-08-22 07:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-08-22 07:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-08-22 07:36 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-08-22 07:36 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-08-18 16:39 . 2008-08-18 16:39 <DIR> d-------- C:\Users\All Users\Codemasters

2008-08-18 16:39 . 2008-08-18 16:39 <DIR> d-------- C:\ProgramData\Codemasters

2008-08-18 15:37 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll

2008-08-18 15:37 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll

2008-08-18 15:37 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1DEE.tmp

2008-08-18 15:37 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll

2008-08-18 15:37 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll

2008-08-18 15:37 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll

2008-08-18 15:37 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll

2008-08-18 15:36 . 2008-04-28 15:53 805,400 -ra------ C:\Windows\System32\tmp1DAF.tmp

2008-08-18 15:35 . 2008-08-18 15:36 206 --a------ C:\Windows\nyno31.ini

2008-08-18 15:31 . 2008-08-18 15:35 <DIR> d-------- C:\NYNO31

2008-08-16 03:01 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-15 21:38 . 2008-08-15 21:38 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Canneverbe_Limited

2008-08-15 07:28 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL

2008-08-15 07:28 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll

2008-08-15 07:27 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-08-15 07:27 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll

2008-08-15 07:27 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll

2008-08-14 21:13 . 2008-08-14 21:13 <DIR> d-------- C:\Users\Fredrik\AppData\Roaming\Convivea

2008-08-14 21:13 . 2008-08-14 21:13 <DIR> d-------- C:\Program Files\Bit Che

2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a------ C:\Windows\System32\xfcodec.dll

2008-08-01 23:41 . 2008-08-01 23:41 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys

2008-08-01 17:36 . 2008-08-01 17:36 673,546 --a------ C:\Windows\unins000.exe

2008-08-01 17:36 . 2003-09-22 17:10 61,440 --a------ C:\Windows\System32\marblaxp.dll

2008-08-01 17:36 . 2003-09-22 17:10 53,248 --a------ C:\Windows\System32\drivers\maplevmd000.exe

2008-08-01 17:36 . 2003-09-22 17:09 49,152 --a------ C:\Windows\System32\mapleapi.dll

2008-08-01 17:36 . 2003-09-22 17:10 31,624 --a------ C:\Windows\System32\mapledxp.dll

2008-08-01 17:36 . 2004-04-05 10:44 24,720 --a------ C:\Windows\System32\drivers\mapledxp.sys

2008-08-01 17:36 . 2008-08-01 17:36 7,447 --a------ C:\Windows\unins000.dat

2008-08-01 17:35 . 2008-08-01 17:35 <DIR> d-------- C:\Program Files\VMKeyboard

2008-07-23 20:32 . 2008-07-23 20:33 3,080,154 --a------ C:\Users\Fredrik\AppData\Roaming\GameCommUpdate.v51.exe

2008-07-23 19:58 . 2008-07-23 19:59 3,083,712 --a------ C:\Users\Fredrik\AppData\Roaming\GameCommUpdate.v50.exe

2008-07-23 16:09 . 2008-07-23 16:09 <DIR> d-------- C:\Users\Fredrik\SystemRequirementsLab

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-23 11:55 --------- d-----w C:\Users\Fredrik\AppData\Roaming\Xfire

2008-08-23 11:55 --------- d-----w C:\Users\Fredrik\AppData\Roaming\Skype

2008-08-23 11:48 --------- d-----w C:\Users\Fredrik\AppData\Roaming\skypePM

2008-08-23 11:48 --------- d-----w C:\Program Files\Steam

2008-08-23 11:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-08-22 20:27 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-08-22 20:27 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-08-22 16:35 --------- d-----w C:\Users\Fredrik\AppData\Roaming\uTorrent

2008-08-22 14:56 --------- d-----w C:\Program Files\Winamp

2008-08-22 14:54 --------- d-----w C:\Program Files\Unlocker

2008-08-21 12:48 --------- d-----w C:\ProgramData\Xfire

2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-18 13:37 444,952 ----a-w C:\Windows\System32\wrap_oal.dll

2008-08-18 13:37 109,080 ----a-w C:\Windows\System32\OpenAL32.dll

2008-08-18 13:37 --------- d-----w C:\Program Files\OpenAL

2008-08-18 13:33 --------- d-----w C:\Users\Fredrik\AppData\Roaming\OpenOffice.org2

2008-08-18 13:10 --------- d-----w C:\Program Files\Codemasters

2008-08-18 13:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-17 20:39 --------- d-----w C:\Users\Fredrik\AppData\Roaming\GameComm

2008-08-17 19:36 --------- d-----w C:\Program Files\Google

2008-08-16 22:33 --------- d-----w C:\Users\Fredrik\AppData\Roaming\dvdcss

2008-08-16 01:09 --------- d-----w C:\Program Files\Windows Mail

2008-08-15 19:38 --------- d-----w C:\Program Files\CDBurnerXP

2008-08-14 18:18 --------- d-----w C:\Program Files\DC++

2008-08-13 04:59 --------- d-----w C:\Program Files\Xfire

2008-08-09 13:56 --------- d-----w C:\Program Files\Java

2008-08-05 15:11 --------- d-----w C:\Program Files\Call of Duty

2008-08-05 14:00 --------- d-----w C:\ProgramData\TrackMania

2008-08-02 20:17 --------- d-----w C:\Users\Fredrik\AppData\Roaming\Hamachi

2008-08-01 21:42 --------- d-----w C:\Program Files\Hamachi

2008-08-01 15:45 --------- d-----w C:\Program Files\Common Files\Steam

2008-08-01 15:24 --------- d-----w C:\Program Files\Guitar Pro 5

2008-07-23 18:37 --------- d-----w C:\Program Files\GameComm

2008-07-23 14:09 --------- d-----w C:\Program Files\SystemRequirementsLab

2008-07-22 08:39 --------- d-----w C:\Program Files\AGEIA Technologies

2008-07-22 08:31 --------- d-----w C:\Program Files\Ubisoft

2008-07-20 16:57 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-07-20 16:55 --------- d-----w C:\ProgramData\Media Center Programs

2008-07-20 16:36 --------- d-----w C:\Program Files\Sierra Entertainment

2008-07-18 18:38 587,264 ----a-w C:\Windows\WLXPGSS.SCR

2008-07-10 01:01 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-07-09 17:57 --------- d-----w C:\Users\Fredrik\AppData\Roaming\teamspeak2

2008-06-29 18:21 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll

2008-06-28 20:41 94,208 ----a-w C:\Windows\DIIUnin.exe

2008-06-28 20:41 2,829 ----a-w C:\Windows\DIIUnin.pif

2008-06-26 17:49 --------- d-----w C:\Program Files\Sony Ericsson

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll

2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe

2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll

2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll

2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll

2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll

2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll

2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll

2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll

2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll

2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll

2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll

2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll

2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll

2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin

2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin

2008-03-24 15:45 174 --sha-w C:\Program Files\desktop.ini

2008-02-18 20:43 32 ----a-w C:\Users\All Users\ezsid.dat

2008-02-18 20:43 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-15 17:41 22,328 ----a-w C:\Users\Fredrik\AppData\Roaming\PnkBstrK.sys

2007-08-12 11:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-08-12 11:16 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-08-12 11:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GameComm"="C:\Program Files\GameComm\GameComm" [X]

"Steam"="c:\program files\steam\steam.exe" [2008-06-19 10:09 1271032]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-03-24 17:07 125952]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-02 15:42 171448]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-01 01:46 5724184]

"Mmm"="C:\Program Files\HACE\Mmm\Mmm.exe" [2008-01-23 07:54 877568]

"Google Update"="C:\Users\Fredrik\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-07-16 16:58 119280]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]

"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 08:56 278528]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 16:50 4399104 C:\Windows\RtHDVCpl.exe]

C:\Users\Fredrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-22 21:19:08 3450608]

Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-08-06 02:26:38 3065168]

YouTube Uploader.lnk - C:\Users\Fredrik\AppData\Local\YouTube\Uploader\youtubeuploader.exe [2007-11-09 14:33:08 71152]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Install Pending Files.LNK - C:\Program Files\SIFXINST\SIFXINST.EXE [2007-01-25 13:30:57 729088]

Oemreset.lnk - C:\Windows\OPTIONS\OemReset.exe [2007-01-25 13:30:55 446464]

orked.exe [2006-06-25 01:36:14 195461]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

"msacm.ac3filter"= ac3filter.acm

"VIDC.XFR1"= xfcodec.dll

"midi3"= mapledxp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

--------- 2006-06-12 14:32 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-50304252-36864870-1227155431-1000]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{BDD3A8AA-73B9-4780-9844-BA142C565FE8}C:\\program files\\steam\\steamapps\\thadon92\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\thadon92\source sdk base\hl2.exe:hl2

"UDP Query User{577C143B-41EC-421C-AA12-23ECC6111269}C:\\program files\\steam\\steamapps\\thadon92\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\thadon92\source sdk base\hl2.exe:hl2

"{D92D6E21-0D52-40E7-BDDC-AAB64A88438E}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{1BE3C678-3D8D-4495-B7BC-1C5A25408D93}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{3E478D36-3B7E-41E3-AE6E-4E458E7D84DF}C:\\program files\\steam\\steamapps\\thadon92\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\thadon92\counter-strike source\hl2.exe:hl2

"UDP Query User{4ED1C637-E984-4A35-BD74-A4F6C4D98905}C:\\program files\\steam\\steamapps\\thadon92\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\thadon92\counter-strike source\hl2.exe:hl2

"TCP Query User{F3C9CCA0-3971-4FBE-9476-ABC3C0FEA9A1}C:\\program files\\sega\\medieval ii total war\\medieval2.exe"= UDP:C:\program files\sega\medieval ii total war\medieval2.exe:Medieval 2: Total War

"UDP Query User{2961B995-A5A5-413E-8D66-A0E129431E6A}C:\\program files\\sega\\medieval ii total war\\medieval2.exe"= TCP:C:\program files\sega\medieval ii total war\medieval2.exe:Medieval 2: Total War

"TCP Query User{3EF9C098-8762-4D86-9C79-A022C1A12961}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= UDP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace

"UDP Query User{08574B2D-B8BE-469A-B324-DCE18C3F80D2}C:\\program files\\electronic arts\\battlefield 2142\\bf2142pace.exe"= TCP:C:\program files\electronic arts\battlefield 2142\bf2142pace.exe:BF2142Pace

"TCP Query User{C24B485F-D785-490E-A6BC-923EFDB83BDF}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire

"UDP Query User{C6E58624-B89A-4332-8095-2EF0EFB015A0}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

"TCP Query User{DCE858F9-1C64-4BCE-9ABC-8D361139FD3F}C:\\program files\\steam\\steamapps\\common\\red orchestra\\system\\redorchestra.exe"= UDP:C:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe:RedOrchestra

"UDP Query User{AC67E087-C3F2-454F-A6BC-D6E0551DCE04}C:\\program files\\steam\\steamapps\\common\\red orchestra\\system\\redorchestra.exe"= TCP:C:\program files\steam\steamapps\common\red orchestra\system\redorchestra.exe:RedOrchestra

"TCP Query User{D3B9598F-E82C-4784-8DB0-8BB31C1C497F}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"UDP Query User{B5B82077-3126-4213-BED0-FA5AD3E489E8}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC

"TCP Query User{7C47CB6E-F76A-4D3D-9252-CCE58A3FB038}C:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= UDP:C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:ravenshield

"UDP Query User{8D9FA8EC-E29C-4BA3-B6AB-F511EACE5635}C:\\program files\\red storm entertainment\\ravenshield\\system\\ravenshield.exe"= TCP:C:\program files\red storm entertainment\ravenshield\system\ravenshield.exe:ravenshield

"TCP Query User{912A2474-74F6-46F2-BB92-C4C2731D4B60}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm

"UDP Query User{EA4A3DF4-590D-4A72-9588-BE0E5663951B}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm

"TCP Query User{2FC184C6-2F36-49EA-9B5B-E3B5C21DE314}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{BB92E341-F9E6-47C3-987B-10721D695B2F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{1E6FB6F2-7B49-41AE-A622-44AB2BA4C4B5}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{8C7B3FBE-70F3-42BE-A12B-623D4305F3A1}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{7B1B7C17-3478-4977-B9B0-7737A042CB65}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{E304A3F2-99D8-4E8C-AB4B-A946AC847790}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{F16ECF98-D89C-4F71-BECB-BEB6E00687D8}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan

"{EF513CC6-11EA-47A2-857C-8B2A989CDA7D}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbChannelScan.exe:OrbChannelScan

"{AAA7E672-71FD-4A0B-BDDF-6C32D2E1DE5A}"= UDP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb

"{65AEAD30-F16E-49EF-8E62-7D5A50A3810B}"= TCP:C:\Program Files\Orb Networks\Orb\bin\Orb.exe:Orb

"{39BAA69E-3894-498B-AC3F-1BC85882CEA8}"= UDP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{10E84620-E1F4-420D-821A-086832C8B08B}"= TCP:C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"TCP Query User{4187FE19-2F54-4DD1-A54A-82F60040100E}C:\\program files\\steam\\steamapps\\amadelius\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\amadelius\counter-strike source\hl2.exe:hl2

"UDP Query User{C1A673D5-65F8-461B-AAA1-10EEBE012A4C}C:\\program files\\steam\\steamapps\\amadelius\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\amadelius\counter-strike source\hl2.exe:hl2

"TCP Query User{7A6F8ACF-689D-428C-90D9-49D054196729}C:\\program files\\steam\\steamapps\\amadelius\\source sdk base\\hl2.exe"= UDP:C:\program files\steam\steamapps\amadelius\source sdk base\hl2.exe:hl2

"UDP Query User{7E9ACFAA-FB65-4B5B-B997-E5D1A4327C29}C:\\program files\\steam\\steamapps\\amadelius\\source sdk base\\hl2.exe"= TCP:C:\program files\steam\steamapps\amadelius\source sdk base\hl2.exe:hl2

"TCP Query User{C98E37B1-8FAB-4BBF-B831-62AFD0DCF24C}C:\\users\\fredrik\\desktop\\viviplay.exe"= UDP:C:\users\fredrik\desktop\viviplay.exe:viviplay.exe

"UDP Query User{525C6945-75F9-4867-A664-3F6CDD43035C}C:\\users\\fredrik\\desktop\\viviplay.exe"= TCP:C:\users\fredrik\desktop\viviplay.exe:viviplay.exe

"TCP Query User{68207719-058D-4CEF-9D58-242E960DAB2B}C:\\program files\\sierra\\fearcombat\\fpupdate.exe"= UDP:C:\program files\sierra\fearcombat\fpupdate.exe:fpupdate

"UDP Query User{5180609E-5E77-4B75-8DC1-936540F8B23A}C:\\program files\\sierra\\fearcombat\\fpupdate.exe"= TCP:C:\program files\sierra\fearcombat\fpupdate.exe:fpupdate

"TCP Query User{B523BCA0-DACA-45EB-A5CC-7928FEBD3ED6}C:\\program files\\steam\\steamapps\\common\\lost planet demo\\lostplanetdx9.exe"= UDP:C:\program files\steam\steamapps\common\lost planet demo\lostplanetdx9.exe:LostPlanetDX9

"UDP Query User{7B515D7E-22EF-4B29-AD15-398700D9A06C}C:\\program files\\steam\\steamapps\\common\\lost planet demo\\lostplanetdx9.exe"= TCP:C:\program files\steam\steamapps\common\lost planet demo\lostplanetdx9.exe:LostPlanetDX9

"{6F917F23-3F53-4FB7-BC06-E40F63F6F7C5}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"{A4DF8D07-E9D0-4BA9-A663-ED3B6511783C}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2

"TCP Query User{26061A01-EEE5-4897-B5EA-9B199C84D208}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC

"UDP Query User{1DC5957A-D26C-401D-9A0B-1FD77C466DEA}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC

"TCP Query User{5F5C4D9A-C812-42A2-BC80-41F32A20E9B0}C:\\program files\\steam\\steamapps\\thadon92\\half-life 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\thadon92\half-life 2\hl2.exe:hl2

"UDP Query User{4035F044-A08D-4395-986F-103F06696342}C:\\program files\\steam\\steamapps\\thadon92\\half-life 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\thadon92\half-life 2\hl2.exe:hl2

"{C83A012B-95E1-40C3-ABF2-6D188FF128CD}"= UDP:C:\Windows\System32\pnkbstra.exe:PnkBstrA

"{8296F94C-9BA0-41AA-88B2-B515C09A25F8}"= TCP:C:\Windows\System32\pnkbstra.exe:PnkBstrA

"{F088DFDB-E696-46A2-92A3-1F4FDEE0BB50}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{7EAA9F46-D0B3-4395-A71D-6E4AF480F322}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{A90A05EC-EAFD-4A1C-B58C-E4DC1B29E1C2}C:\\program files\\steam\\steamapps\\thadon92\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\thadon92\team fortress 2\hl2.exe:hl2

"UDP Query User{07A97945-7A68-4043-AF6F-5EBD6BD977C2}C:\\program files\\steam\\steamapps\\thadon92\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\thadon92\team fortress 2\hl2.exe:hl2

"TCP Query User{FE614402-83CF-422F-A70A-6B4834051ED8}C:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= UDP:C:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®

"UDP Query User{99B2722B-DCB8-4A7D-A1EE-B7AF6E3B89C6}C:\\program files\\microsoft games\\microsoft flight simulator x\\fsx.exe"= TCP:C:\program files\microsoft games\microsoft flight simulator x\fsx.exe:Microsoft Flight Simulator®

"TCP Query User{7B3C8359-D00C-4EE1-B319-B8172921F59A}C:\\windows\\ehome\\ehexthost.exe"= UDP:C:\windows\ehome\ehexthost.exe:Media Center Extensibility Host

"UDP Query User{1CE42790-0626-4AA9-94E5-1C42AFEBB07C}C:\\windows\\ehome\\ehexthost.exe"= TCP:C:\windows\ehome\ehexthost.exe:Media Center Extensibility Host

"TCP Query User{42AA90AF-3456-4854-B76B-3C2AE26A1584}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= UDP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"UDP Query User{52B9A0E7-F0C5-47AA-A3DD-23D81E2E0D72}C:\\program files\\thq\\company of heroes\\reliccoh.exe"= TCP:C:\program files\thq\company of heroes\reliccoh.exe:RelicCOH

"{826916CC-BAA5-441B-8215-563EF7C8CBF8}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client

"{A035257E-9767-4E3F-BD8A-5C4F8ED23D22}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client

"{9F32C6F7-DDD8-4B9C-812D-87ABBCBC7F8A}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{D1528E0B-F866-46FC-B847-EB940648E1A6}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{DF6DA505-C7C2-4585-B920-DA91CB0E53CD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{D6736F39-59A7-4193-B71A-DC796201B30E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{56BC5B7A-508C-4C51-8CB0-7CCBAD84B4A6}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{45CEF853-49A6-4F7C-999A-C8066269FD09}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{CC314FA1-F83F-4FEC-AFE5-59C6B2145F92}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{438E36E6-8679-4AF8-8016-4F1918A006B8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{D529B352-AD63-4DF6-B1AF-A87C7E38A886}C:\\windows\\system32\\java.exe"= UDP:C:\windows\system32\java.exe:Java Platform SE binary

"UDP Query User{7CF633E8-7969-42B7-ACF3-B887E2DD5D24}C:\\windows\\system32\\java.exe"= TCP:C:\windows\system32\java.exe:Java Platform SE binary

"TCP Query User{88D6216A-39CB-41AC-B9D1-954C08EB4001}C:\\program files\\steam\\steamapps\\thadon92\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\thadon92\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{2A37665D-6F70-42EB-99EF-76EC3D1AA9A6}C:\\program files\\steam\\steamapps\\thadon92\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\thadon92\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{6FC91A98-B344-4A00-804B-B64CCA0FDC45}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"UDP Query User{A31E04F7-6DDD-4F1B-BFED-B7B093ED7A72}C:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:C:\program files\sony\station\launchpad\launchpad.exe:LaunchPad

"TCP Query User{2AD1E7CE-F857-4328-BD23-5F1F41E07A85}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= UDP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942

"UDP Query User{7F58A62C-0BD0-459A-B412-0DAD84E3577C}C:\\program files\\ea games\\battlefield 1942\\bf1942.exe"= TCP:C:\program files\ea games\battlefield 1942\bf1942.exe:BF1942

"{B3A0C61E-F776-4C69-A97A-AC9CCD5CB972}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{1D33FD36-0155-4E19-B185-319FC17B1563}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{DBC0C27D-CBD5-4626-81BC-BA6B7A7E7922}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{5AB3291B-EA26-49AB-A3ED-AFCE19287930}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"TCP Query User{D9042772-2AFA-44B2-8060-165C3699C3A1}C:\\program files\\steam\\steamapps\\thadon92\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\thadon92\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{1D0E486E-5C6C-45FF-BC96-B7506BDCE495}C:\\program files\\steam\\steamapps\\thadon92\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\thadon92\half-life 2 deathmatch\hl2.exe:hl2

"TCP Query User{09A8E770-E9DF-45AB-9A0C-EA3717D0F9BA}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient

"UDP Query User{4B0DB167-B93A-4BC3-8929-1C0F44E490F2}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient

"TCP Query User{3270D141-D98E-43C2-9E08-70D5982D304C}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application

"UDP Query User{97D8C440-9B3D-49A9-BB56-09DDE8E72A7A}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application

"TCP Query User{D7CD1EBC-B38E-4A0E-9048-2761655B4BCD}C:\\program files\\steam\\steamapps\\broodwar94\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\broodwar94\counter-strike source\hl2.exe:hl2

"UDP Query User{A8675745-5904-44BA-9F89-3DA7E4EA9F27}C:\\program files\\steam\\steamapps\\broodwar94\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\broodwar94\counter-strike source\hl2.exe:hl2

"TCP Query User{7FF9F15C-16FA-447F-A7B9-6D5AC7D7CD35}C:\\program files\\raven\\sof platinum\\sof.exe"= UDP:C:\program files\raven\sof platinum\sof.exe:SoF

"UDP Query User{F89FB694-E331-48EA-8D0F-D55504BB863D}C:\\program files\\raven\\sof platinum\\sof.exe"= TCP:C:\program files\raven\sof platinum\sof.exe:SoF

"{EBA91A05-0FBA-4B41-8118-5557FFF89560}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{8C6F99D8-FB56-43AC-B58B-1CBA1591CF2F}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{0968755A-F9FF-4780-A56A-BC3ACAFB263F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{F176B93F-3406-4E46-A9C4-18184B2DBB9E}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"TCP Query User{943080B4-FD57-4635-B1AC-10AD7942C333}C:\\program files\\zattoo\\zattood.exe"= UDP:C:\program files\zattoo\zattood.exe:zattood

"UDP Query User{6DB3FE1E-91C6-462E-AFE4-CADCD5356940}C:\\program files\\zattoo\\zattood.exe"= TCP:C:\program files\zattoo\zattood.exe:zattood

"TCP Query User{7725ACB2-750D-4A23-A8BC-6B8029E503B7}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:

"UDP Query User{6D89211D-3CD1-4C40-8E9D-C5C1280CED23}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:

"TCP Query User{8FD8257A-3475-436D-B202-6A859A86EDA2}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3

"UDP Query User{B11C9572-5979-4910-AF26-C1BA5878687A}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3

"TCP Query User{5576199E-200D-4EDF-868F-AC1CEE039217}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm

"UDP Query User{BAF64951-B065-4E9C-8EEA-7582141B487F}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm

"TCP Query User{4CCD8E41-1581-4993-B2B7-CD160B5FD781}C:\\program files\\paradox interactive\\hearts of iron 2\\hoi2.exe"= UDP:C:\program files\paradox interactive\hearts of iron 2\hoi2.exe:Hearts of Iron 2

"UDP Query User{2CB9BFFE-F955-4D5D-AE11-02480A76C9CC}C:\\program files\\paradox interactive\\hearts of iron 2\\hoi2.exe"= TCP:C:\program files\paradox interactive\hearts of iron 2\hoi2.exe:Hearts of Iron 2

"TCP Query User{D364F381-C79F-48F3-AB13-4B7D326AEEF5}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"UDP Query User{58751DF4-FA1C-4A56-92C6-029EDFB3A9C4}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade

"TCP Query User{1EB3FBD3-DCA0-4FEE-B235-BBB33756E480}C:\\program files\\ubisoft\\silent hunter 4 wolves of the pacific\\sh4.exe"= UDP:C:\program files\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe:Silent Hunter IV

"UDP Query User{80DFA95B-17D2-4321-AB30-6E05967C3E0B}C:\\program files\\ubisoft\\silent hunter 4 wolves of the pacific\\sh4.exe"= TCP:C:\program files\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe:Silent Hunter IV

"TCP Query User{65A3C5F8-8793-48A5-93C4-DFFDF63F7CDC}C:\\program files\\octoshape streaming services\\fredrik\\octoshapeclient.exe"= UDP:C:\program files\octoshape streaming services\fredrik\octoshapeclient.exe:OctoshapeClient

"UDP Query User{5A340D2C-F8DD-4875-AD0E-641B760497A2}C:\\program files\\octoshape streaming services\\fredrik\\octoshapeclient.exe"= TCP:C:\program files\octoshape streaming services\fredrik\octoshapeclient.exe:OctoshapeClient

"TCP Query User{B22D1373-DF8C-4436-BDD5-213DE0412503}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player

"UDP Query User{FAFBF7CF-7AED-460F-99EE-A94E08334C6B}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player

"TCP Query User{40504568-0353-4D10-BA7B-7190C2F5FC9C}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= UDP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game

"UDP Query User{501842F4-D5CD-44A6-A40E-6D4DC588874E}C:\\program files\\thq\\frontlines-fuel of war beta\\binaries\\ffow-beta.exe"= TCP:C:\program files\thq\frontlines-fuel of war beta\binaries\ffow-beta.exe:Frontlines Game

"TCP Query User{BDBF4278-70C2-43DA-8DF0-9AE78501BF10}C:\\program files\\bohemia interactive\\arma\\arma.exe"= UDP:C:\program files\bohemia interactive\arma\arma.exe:ArmA

"UDP Query User{A3D126FA-6793-4B8F-83F5-174B09589E91}C:\\program files\\bohemia interactive\\arma\\arma.exe"= TCP:C:\program files\bohemia interactive\arma\arma.exe:ArmA

"{3C8EDD3A-6C6E-4ECA-B1C1-FAA6E25281B1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{D4C2BBDB-AA3D-45F3-B1E6-862CCFD9DB12}C:\\program files\\call of duty\\codmp.exe"= UDP:C:\program files\call of duty\codmp.exe:CoDMP

"UDP Query User{9131125E-0916-4E67-8900-F4B501081B18}C:\\program files\\call of duty\\codmp.exe"= TCP:C:\program files\call of duty\codmp.exe:CoDMP

"{0D5B231F-3D0C-4FC2-95F7-A721483BCE0F}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{934403E5-A6AB-4DFE-A8AB-1B11C6AD08E2}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{E0700D25-173E-4A95-B64F-55784D241AED}"= UDP:J:\iTunes\iTunes.exe:iTunes

"{B022B713-E10A-4FC4-A005-7F826AC6D7E6}"= TCP:J:\iTunes\iTunes.exe:iTunes

"TCP Query User{2F22BD3E-4110-4A31-B5B7-FEBF10A9B4D8}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{0857FF03-F9A0-4739-963E-C53B748DD46A}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++

"{7E11D89D-00B5-4FA6-B79A-7C8A7DE3CEAA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"TCP Query User{88FE5B88-2B5B-4E86-BAEE-8AD1148AED73}C:\\users\\fredrik\\desktop\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\users\fredrik\desktop\battlefield vietnam\bfvietnam.exe:bfvietnam.exe

"UDP Query User{CDFC0CE3-D0D1-437E-B19B-04DE31B5599A}C:\\users\\fredrik\\desktop\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\users\fredrik\desktop\battlefield vietnam\bfvietnam.exe:bfvietnam.exe

"TCP Query User{3BBF0074-870D-454C-92E4-D68594B515D4}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{A4DB401D-ACFA-43C2-99A0-CFAAE8032289}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{8D827888-A8E5-45BA-8872-F3499602B424}C:\\users\\fredrik\\desktop\\age of empires\\empires2.exe"= UDP:C:\users\fredrik\desktop\age of empires\empires2.exe:empires2.exe

"UDP Query User{63021887-7FBD-46C6-BB71-CFF047775FFC}C:\\users\\fredrik\\desktop\\age of empires\\empires2.exe"= TCP:C:\users\fredrik\desktop\age of empires\empires2.exe:empires2.exe

"TCP Query User{90D94793-6B1D-45CD-9DD4-55F577A50EBF}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{00A69F14-00BA-4B0B-ACCC-1D8EAC68F7D9}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever

"TCP Query User{15CF7D4A-50A9-4DED-8CF3-0AB22838EEEF}C:\\program files\\steam\\steamapps\\sumptroll\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\sumptroll\counter-strike source\hl2.exe:hl2

"UDP Query User{295BAD2B-C6CE-45EE-B956-DC19994E659B}C:\\program files\\steam\\steamapps\\sumptroll\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\sumptroll\counter-strike source\hl2.exe:hl2

"TCP Query User{82E27D56-2381-4157-BE7D-B173E1CA0901}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"UDP Query User{9330AABB-1071-494C-9E89-BBEBD38F73A6}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

"TCP Query User{C7549BF2-2BCA-4FC4-A209-36996CE3E9BD}C:\\program files\\gamecomm\\gamecomm.exe"= UDP:C:\program files\gamecomm\gamecomm.exe:GameComm Client

"UDP Query User{25D446DB-8544-41E2-AA45-95F4EEF869A4}C:\\program files\\gamecomm\\gamecomm.exe"= TCP:C:\program files\gamecomm\gamecomm.exe:GameComm Client

"{07F3DC23-C675-485E-BF36-F273F58B383D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"{FB54FAF2-FE8D-447D-ABBE-AFE8053F9937}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

"TCP Query User{99317D3F-F389-4D65-800D-F8F7EF1132C5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{B8BF3AF0-EEA4-4194-9D4F-F10505DC3F97}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{B0F99CB7-599C-4211-9EC6-31E7E953DF20}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4

"{E2FC2E20-5ED1-4500-B08D-E8E32B0A62A1}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4

"TCP Query User{78DEEF0E-2ECC-4D8D-AB5D-C07AA9020361}J:\\programmer\\ramjets\\ramjets.exe"= UDP:J:\programmer\ramjets\ramjets.exe:ramjets

"UDP Query User{34884BB1-C433-4263-8031-323F6B65EA87}J:\\programmer\\ramjets\\ramjets.exe"= TCP:J:\programmer\ramjets\ramjets.exe:ramjets

"{1632C7A2-AE36-41F2-A7EF-D980C583679B}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords

"{C54C3C52-6341-4F38-98B4-401DBB548772}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords

"{F7E0940A-7244-4E1B-AACE-E8DFF5519F9B}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss

"{29E0D03A-9A0B-42CD-97EA-13F64636F8B9}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss

"TCP Query User{42EB7E30-24A2-4EDD-8E2E-DB7BDC45A677}C:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:C:\program files\wolfenstein - enemy territory\et.exe:ET

"UDP Query User{553F78FB-2CB9-41AF-BE66-B6792C89FBF1}C:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:C:\program files\wolfenstein - enemy territory\et.exe:ET

"TCP Query User{803590FF-F29F-4B24-BF38-1DAF8C5315CE}C:\\program files\\steam\\steamapps\\broodwar94\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\broodwar94\half-life 2 deathmatch\hl2.exe:hl2

"UDP Query User{077091FB-11B5-47B9-B562-F8969BCF926D}C:\\program files\\steam\\steamapps\\broodwar94\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\broodwar94\half-life 2 deathmatch\hl2.exe:hl2

"{BBB7434B-5216-44BF-A149-8B00A43A9EC8}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict

"{CAEB7509-1A47-4634-8CD4-7E76BD94CFF9}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict

"{CE18A7E5-FB90-4647-89B4-579A050C5C5E}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only

"{1D1F0FEE-6A87-4647-993A-0153089C9E52}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only

"{29074069-C93D-4D93-ACE1-10CBA2DCEFB2}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server

"{1EF559CB-2D1A-40D1-99AE-CD12D68F75B8}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server

"{017E9AFE-4735-47D3-8352-C96F150C399C}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game

"{27AA5941-5471-4C40-9277-B022D2183EB6}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\Yeti_Final_Win32.exe:Lost Via Domus Game

"{08FC47BE-C521-4F70-9CCE-5159B96AFCD7}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater

"{D7CB4DFE-F4F6-4A8A-93B7-B604A3A23C2F}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\gu.exe:Lost Via Domus Updater

"{BDD0E694-B75E-4B96-9B4F-D781348D377C}"= UDP:C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool

"{408C48BF-7C41-4B76-828B-F66DCE3E42F5}"= TCP:C:\Program Files\Ubisoft\Lost Via Domus\detection\Launcher.exe:Lost Via Domus Requirements Tool

"{C86EC203-EB4D-4644-97AD-FCE254C8E8FC}"= UDP:3390:XBox 360 Media Center

"{7AF2D5ED-6F80-4300-BA4F-3FEFA4B21C04}"= UDP:2869:xbox1

"{37E9EE88-9CFF-4CAA-9C6E-E9F2B9C19646}"= UDP:10243:Xbox2

"{0F9A9C9E-5BE4-4A23-A42A-BD8A29D8DCD2}"= TCP:1900:xbox3

"{6512DB7C-7DCB-4158-ACDE-BD994E72F82A}"= TCP:10284:xbox4

"{4A4E8385-C44B-4053-B290-93ECC82AE726}"= TCP:10283:xbox5

"{7CBDD4E3-6446-4464-A856-AC60B7A597BF}"= TCP:10282:xbox6

"{574E1486-9928-495F-83CA-9D57CB542E57}"= TCP:10281:xbox7

"{B7B9A111-78C9-4318-A083-E05F14A61844}"= TCP:10280:xbox7

"{95910993-BC10-4E8D-933E-1E638B50DD5C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{DA3AA558-FC6D-4EAF-BE4F-8733E616777D}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{0BDD5294-0F14-48F7-84AF-1BAF3E022C57}"= UDP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID

"{7F784AAA-BCB3-4CD8-9B2F-6EBACE27BD10}"= TCP:C:\Program Files\Codemasters\GRID\GRID.exe:GRID

"{2A7D4047-0CEA-453C-AC81-A7F9073C8859}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{50598D2C-5EF9-4D16-BA84-1A2539EE3A38}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{DDECA946-9113-46A1-87F0-97A676588165}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype

"{6BECC34B-D67A-430E-A8F4-8C7C6A4F3271}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

R1 mapledxp;mapledxp;C:\Windows\system32\drivers\mapledxp.SYS [2004-04-05 10:44]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 16:52]

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 17:59]

R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-03-24 17:04]

R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 12:58]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 22:08]

S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-03-24 17:04]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c990d52-3464-11dc-af61-0019db2074b7}]

\shell\AutoRun\command - H:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60d3633f-3656-11dd-8b56-0019db2074b7}]

\shell\AutoRun\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea7e64da-9207-11dc-b4a3-0019db2074b7}]

\shell\AutoRun\command - I:\autorun.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-08-22 C:\Windows\Tasks\1-Click Maintenance.job

- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 22:51]

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Fredrik\AppData\Roaming\Mozilla\Firefox\Profiles\2r1o4ihz.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - C:\Program Files\Octoshape Streaming Services\Fredrik\octoprogram-L03-N00-U00-C00_0804080_000\npoctoshape.dll

FF -: plugin - C:\Program Files\Octoshape Streaming Services\Fredrik\octoprogram-L03-NMS0806110_SUA_000\npoctoshape.dll

FF -: plugin - C:\Users\Fredrik\AppData\Local\Google\Update\1.2.121.17\npGoogleOneClick.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-23 14:03:09

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-08-23 14:05:33

ComboFix-quarantined-files.txt 2008-08-23 12:05:29

Pre-Run: 33,905,913,856 byte ledig

Post-Run: 33,888,743,424 byte ledig

435 --- E O F --- 2008-08-23 00:01:25

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:10:58, on 23.08.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Steam\Steam.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\HACE\Mmm\Mmm.exe

C:\Users\Fredrik\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Users\Fredrik\AppData\Local\YouTube\Uploader\youtubeuploader.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\conime.exe

C:\Windows\Explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Fredrik\Desktop\kapredette.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Mmm] "C:\Program Files\HACE\Mmm\Mmm.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Fredrik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [GameComm] "C:\Program Files\GameComm\GameComm"

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Startup: YouTube Uploader.lnk = C:\Users\Fredrik\AppData\Local\YouTube\Uploader\youtubeuploader.exe

O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE

O4 - Global Startup: Oemreset.lnk = C:\Windows\OPTIONS\OemReset.exe

O4 - Global Startup: orked.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll

O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O13 - Gopher Prefix:

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 8354 bytes

Var det riktig?

På førehand takk

Endret 23. august 2008 av thadon

norbat · 23. august 2008

Kjenner du til denne: orked.exe?

thadon · 23. august 2008

Eg har ikkje høyrd om den nei. Eg ser den har eit windows-ikon

norbat · 23. august 2008

Hvor ligger fila på systemet ditt? (hvis det ligger et ikon på skrivebordet, høyreklikk og velg egenskaper. Der vil du finne stien til der programfila ligger)

thadon · 23. august 2008

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

norbat · 23. august 2008

Hva skjer hvis du 'starter' programmet - kommer det opp noe vindu etc. som kan si noe om hva dette er?

thadon · 23. august 2008

Eg trykte på ikonet og det som skjedde var at heile pcen stoppa opp, mens musikken køyrde i bakgrunnen fortsatt spilte, eg kunne også sette den på pause og spille av igjen med mediatastene på tastaturet. Eg fekk ikkje til å trykke på startikonet eller skifte vinduar på pcen. Eg fekk heller ikkje til å trykke på noko i sjave firefox.

norbat · 23. august 2008

Ok,

kunne du ha lastet opp fila på http://virusscan.jotti.org/. Den vil sjekke om fila er knyttet til en infeksjon.

Lag også en ny hjt-logg som du legger ved i din neste post

thadon · 23. august 2008

File: orked.exe

Status:

POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

MD5: 3129aaaa57ebb9e7f8d32396c7c150a7

Packers detected:

UPX

Scanner results

Scan taken on 23 Aug 2008 17:05:01 (GMT)

A-Squared

Found nothing

AntiVir

Found nothing

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Fortinet

Found nothing

Ikarus

Found Backdoor.Win32.Rbot.c

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

HJT

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:08:37, on 23.08.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Steam\Steam.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\HACE\Mmm\Mmm.exe

C:\Users\Fredrik\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Xfire\xfire.exe

C:\Users\Fredrik\AppData\Local\YouTube\Uploader\youtubeuploader.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Last.fm\LastFM.exe