ComboFix 08-12-05.06 - Stefano 2008-12-06 13:00:14.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2053 [GMT 0:00]
* Dannede nyt systemgendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
C:\resycled
c:\resycled\boot.com
c:\users\Stefano\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\Stefano\AppData\Roaming\.#
c:\users\Stefano\AppData\Roaming\.#\MBX@11B8@2341F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@11B8@2341F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@1564@C11F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@1564@C11F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@17D4@2091F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@17D4@2091F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@3F0@1E1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@3F0@1E1F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@860@D71F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@860@D71F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@888@1DB1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@888@1DB1F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@97C@1B1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@97C@1B1F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@CAC@381F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@CAC@381F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@E64@2451F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@E64@2451F28.###
c:\users\Stefano\AppData\Roaming\.#\MBX@F90@22E1F18.###
c:\users\Stefano\AppData\Roaming\.#\MBX@F90@22E1F28.###
c:\users\Stefano\AppData\Roaming\gadcom
c:\windows\system32\afavikot.ini
c:\windows\system32\alovewum.ini
c:\windows\system32\awtuRkjK.dll
c:\windows\system32\delehele.dll
c:\windows\system32\desaruzi.dll
c:\windows\system32\drivers\TDSSmccb.sys
c:\windows\system32\fesumuye.dll
c:\windows\system32\gebegimi.dll
c:\windows\system32\ggMmlnnn.ini
c:\windows\System32\ggMmlnnn.ini2
c:\windows\system32\izurased.ini
c:\windows\system32\jse783hfgfffe.dll
c:\windows\system32\kofemube.dll
c:\windows\system32\latavija.dll
c:\windows\system32\muwevola.dll
c:\windows\system32\nudeleze.dll
c:\windows\system32\pojovosa.dll
c:\windows\system32\ravemuse.dll
c:\windows\system32\TDSScrrx.dll
c:\windows\system32\TDSSfopt.dll
c:\windows\system32\TDSSntlv.dll
c:\windows\system32\TDSSnyfn.log
c:\windows\system32\TDSSqycx.dll
c:\windows\system32\TDSSrfpp.dll
c:\windows\system32\TDSStmei.dll
c:\windows\system32\TDSSwqsc.dat
c:\windows\system32\tipifipo.dll
c:\windows\system32\tokivafa.dll
c:\windows\system32\venaroyu.dll
c:\windows\system32\yuhodose.dll
c:\windows\system32\yujitana.dll
c:\windows\Tasks\zimvieno.job
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com
E:\Autorun.inf
E:\resycled
e:\resycled\boot.com
L:\Autorun.inf
L:\resycled
l:\resycled\boot.com
----- BITS: Mulige inficerede internetsteder -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS
-------\Service_Windows Tribute Service
((((((((((((((((((((((((((((( Filer skabt fra 2008-11-06 til 2008-12-06 )))))))))))))))))))))))))))))))))))
.
2008-12-03 22:50 . 2008-12-03 22:50 250 --a------ c:\windows\gmer.ini
2008-12-03 17:32 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\program files\Panda Security
2008-12-01 17:55 . 2008-12-01 23:06 <DIR> d-------- c:\users\Stefano\.housecall6.6
2008-12-01 17:17 . 2008-12-03 18:39 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-01 17:16 . 2008-12-01 17:16 <DIR> d-------- c:\windows\HDTVXviD Codec
2008-12-01 17:15 . 2008-12-01 17:15 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-27 15:48 . 2008-11-27 15:48 <DIR> d-------- c:\users\Stefano\AppData\Roaming\vlc
2008-11-26 18:49 . 2008-11-26 18:49 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 0 --a------ c:\windows\nsreg.dat
2008-11-25 00:56 . 2008-11-25 00:56 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Media Player Classic
2008-11-22 20:47 . 2008-11-22 20:47 <DIR> d--hs---- C:\Diskeeper
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\users\All Users\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\programdata\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\program files\Diskeeper Corporation
2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\System32\GPhotos.scr
2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\users\Stefano\AppData\Roaming\PeerNetworking
2008-11-14 21:25 . 2008-11-14 21:25 <DIR> d-------- c:\users\All Users\Real
2008-11-14 21:25 . 2008-11-14 21:26 <DIR> d-------- c:\program files\Real Alternative
2008-11-13 15:57 . 2008-11-13 15:57 <DIR> d-------- c:\windows\System32\xlive
2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-11-10 17:39 . 2008-11-10 17:40 <DIR> d-------- c:\program files\San Andreas Mod Installer
2008-11-09 23:15 . 2008-11-09 23:15 0 --a------ c:\windows\System32\NeroCopyGadgetData-6387.xml
2008-11-09 02:40 . 2008-11-09 02:41 <DIR> d-------- c:\users\Stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64
2008-11-07 15:02 . 2008-11-07 20:10 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Red Alert 3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 12:35 --------- d-----w c:\users\Stefano\AppData\Roaming\OpenOffice.org2
2008-12-01 17:58 --------- d-----w c:\programdata\avg8
2008-12-01 17:40 --------- d-----w c:\users\Stefano\AppData\Roaming\uTorrent
2008-11-14 14:40 --------- d-----w c:\users\Stefano\AppData\Roaming\FrostWire
2008-11-08 22:18 --------- d---a-w c:\programdata\TEMP
2008-11-05 17:25 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-11-05 17:17 --------- d-----w c:\programdata\DriverScanner
2008-11-05 17:14 --------- dc-h--w c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-05 17:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Uniblue
2008-11-05 17:14 --------- d-----w c:\program files\Uniblue
2008-11-05 16:51 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-03 23:54 180,064 ----a-w c:\windows\System32\WinVd32.sys
2008-11-03 23:54 --------- d-----w c:\program files\Folder Lock 6
2008-11-03 23:50 --------- d-----w c:\program files\PROnetworks
2008-11-03 15:27 --------- d-----w c:\program files\OO Software
2008-11-03 12:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 12:36 --------- d-----w c:\program files\Google
2008-11-03 12:36 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-02 18:53 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-02 18:46 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-02 18:46 --------- d-----w c:\program files\BitDefender
2008-11-02 17:54 --------- d-----w c:\program files\Zone Labs
2008-11-02 12:37 --------- d-----w c:\users\Stefano\AppData\Roaming\Winamp
2008-11-02 12:08 --------- d-----w c:\program files\AVG
2008-11-02 01:19 --------- d-----w c:\program files\Softwin
2008-11-02 01:19 --------- d-----w c:\program files\Common Files\Softwin
2008-11-02 01:13 --------- d-----w c:\programdata\avg8(32)
2008-11-02 00:37 352,605 ---ha-w c:\windows\system32\drivers\vsconfig(100).xml
2008-11-01 23:30 --------- d-----w c:\program files\Port Forwarding Wizard
2008-11-01 22:57 --------- d-----w c:\programdata\CheckPoint
2008-11-01 18:17 --------- d-----w c:\users\Stefano\AppData\Roaming\RecoveryFix for Windows
2008-11-01 02:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 02:53 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 14:23 --------- d-----w c:\program files\ATI
2008-10-22 16:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2008-10-22 00:04 --------- d-----w c:\users\Stefano\AppData\Roaming\SystemRequirementsLab
2008-10-22 00:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-21 20:14 --------- d-----w c:\program files\SubtitlesSynch
2008-10-21 19:57 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-21 19:57 249,856 ------w c:\windows\Setup1.exe
2008-10-21 18:42 --------- d-----w c:\users\Stefano\AppData\Roaming\Leadertech
2008-10-21 17:48 --------- d-----w c:\users\Stefano\AppData\Roaming\gnupg
2008-10-21 07:57 --------- d-----w c:\programdata\Uniblue
2008-10-20 23:33 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-20 23:33 --------- d-----w c:\program files\Realtek
2008-10-20 23:20 319,488 ----a-w c:\windows\HideWin.exe
2008-10-19 20:45 --------- d-----w c:\users\Stefano\AppData\Roaming\Bioshock
2008-10-18 20:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-18 16:53 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-18 16:53 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-10-18 16:37 --------- d-----w c:\program files\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\users\Stefano\AppData\Roaming\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\programdata\DAEMON Tools Pro
2008-10-18 16:30 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-18 13:58 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-17 22:20 20,192 ----a-w c:\windows\System32\WinFl32.sys
2008-10-17 13:14 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-16 12:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 19:06 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-13 19:01 --------- d-----w c:\users\Stefano\AppData\Roaming\Xilisoft Corporation
2008-10-12 03:11 --------- d-----w c:\program files\Common Files\Steam
2008-10-11 20:16 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-10-10 01:27 --------- d-----w c:\program files\FrostWire
2008-10-09 23:01 --------- d-----w c:\program files\VideoLAN
2008-10-06 09:51 --------- d-----w c:\users\Guest\AppData\Roaming\Nero
2008-10-06 09:51 --------- d-----w c:\users\Guest\AppData\Roaming\ATI
2008-10-06 03:18 17,984 ----a-w c:\windows\System32\AntiSpyNative64.exe
2008-10-06 03:18 14,400 ----a-w c:\windows\System32\AntiSpyNative32.exe
2008-10-02 17:51 2,855 ----a-w c:\windows\PIF\Launcher.PIF
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 14:32 52,736 ----a-w c:\windows\ipuninst.exe
2008-09-30 12:23 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-09 17:32 806,432 ----a-w c:\windows\System32\RtkPgExt.dll
2008-09-09 17:32 6,281,760 ----a-w c:\windows\RtHDVCpl.exe
2008-09-09 17:32 42,016 ----a-w c:\windows\System32\RtkCoInst.dll
2008-09-09 17:32 285,216 ----a-w c:\windows\System32\RtkApoApi.dll
2008-09-09 17:32 2,333,728 ----a-w c:\windows\System32\RtkAPO.dll
2008-09-09 17:32 1,833,504 ----a-w c:\windows\SkyTel.exe
2008-09-09 17:32 1,206,816 ----a-w c:\windows\RtlUpd.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-02 1235736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 c:\windows\RtHDVCpl.exe]
c:\users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^Users^Stefano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431478250-751702932-1817854511-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3F4DD4B2-BFDC-4370-A787-8671CB4DA670}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F52FC84-17C4-46F0-8917-26E80F896A7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6535A1CF-E801-49A8-B83D-484FD682C00A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{749DB05F-8D00-4313-AA18-2C90F30616D6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C1ABFD22-7957-4A0A-BE35-A00B02EE5B5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C16A4BD-8AD9-4E97-86EF-57DB64E395D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4FB78B1D-60A7-42A4-81E1-B83E654564A2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{3303F0EE-F45C-497B-B7AB-524CB5D1934A}d:\\program files\\tantrum\\die by the sword\\windie.exe"= UDP:d:\program files\tantrum\die by the sword\windie.exe:windie
"UDP Query User{AC92907C-DD43-42B3-885F-16E3AB2CEA23}d:\\program files\\tantrum\\die by the sword\\windie.exe"= TCP:d:\program files\tantrum\die by the sword\windie.exe:windie
"TCP Query User{4A04B999-CFED-408F-8AC5-D19C6F119587}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{DB828D1E-1640-4D0B-8DE6-5147E9FE11D1}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{AE0251AF-BE56-47D8-A34A-34716687DF33}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{D2DBB9E5-C5AC-46E6-938C-92C5FEAAB640}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{B55B4CA9-1788-4751-9BA3-1254C06ADDD3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{966BA7DE-2FD9-4A40-8C8F-5426A5F60F8D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{326DC1B0-1BEB-4745-80FE-088557E0D7AE}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{86CEFFED-116F-4847-8A5B-27344B24B9DB}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"{9BB52674-5DC8-462B-AA96-546782AF9F0B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{107F4726-5B22-4BAD-AEBD-C5104A7C4C32}"= TCP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2C05E19C-87E9-475C-B602-D5A7DED80AA2}"= UDP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DF47EA27-B051-49E6-9B39-1802E59613F9}"= TCP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8ADE7EF3-CF7B-41D7-884E-3EF159A133A2}"= UDP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3F0B2B83-E68B-42A2-AB57-993F4C53A73C}"= TCP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{BFFA7D66-F153-434A-A10F-149F3D4DBCE5}"= UDP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{C4B46306-7FF7-4578-9830-FC7044993C48}"= TCP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{26AEEF17-9456-4CC0-A3B9-0D99003A73F2}"= UDP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"{4D7767DA-C514-467E-A599-2FC0F1F8C02C}"= TCP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{01198DB2-ADD1-4A11-A5D9-B98B47B8AEA6}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= UDP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"UDP Query User{BAA0A3FC-86D3-4D99-B5D7-BBA459EF1C8D}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= TCP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"{CE59ADF9-7CC1-4384-9CCF-38CA6C962720}"= UDP:59151:µTorrent
"TCP Query User{50A8D18A-535A-44DB-AEB9-3DE2563D879E}d:\\doom 3\\doom3ded.exe"= UDP:d:\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{48ED1F5A-1AEA-4C19-8A23-BFD0332EBD08}d:\\doom 3\\doom3ded.exe"= TCP:d:\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{148E0837-E39B-4C4D-BD84-6BFDB8A545D7}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F807E392-7812-449E-A916-CE649668932F}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EF299F30-775E-4561-8525-DC00DC8676EE}d:\\crysis\\bin32\\crysis.exe"= UDP:d:\crysis\bin32\crysis.exe:Crysis
"UDP Query User{2E2B0B03-597F-460D-8066-70F9FD4ED24F}d:\\crysis\\bin32\\crysis.exe"= TCP:d:\crysis\bin32\crysis.exe:Crysis
"{81160EF1-46BD-4B77-B509-0DC4BA069B88}"= d:\command & conquer 3 kane's wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{001E32C5-642F-4A55-90C9-25FFC02448B2}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{81CCEBBB-9EEC-430E-96C9-2C9699037993}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{E259A6F1-3B46-4E5F-8C2D-3464249672BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9A93C4E-195C-499E-AB12-8CAF5F9CAC70}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65A3D0D0-00AE-4429-95A8-4B6C2CF43265}"= UDP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E33896AF-F262-4E88-8F28-C957B5DAF0F7}"= TCP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{811F6413-AC91-46D1-8E58-C6E12299471D}"= UDP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3692CF83-C45B-457D-8420-B2E04466F96A}"= TCP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{DD2CDB1B-C5D5-4783-A3DF-6A5D6977D670}"= UDP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{AEC062B1-218B-43F9-8040-E0F228AF04BE}"= TCP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{14D55197-F185-4C4E-808E-B122A1CC1836}"= UDP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{C3580697-E113-4743-BC80-AEFBCC0D849A}"= TCP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{BA9A5538-44D9-4BCA-A54C-DA91FDB40248}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{319D69B3-7B97-463C-9032-CC88C210F65C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{18487EC5-68DC-4B44-8794-82C8E6EE8A0C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6D11C98-DB48-42E8-9B61-1E2DABA41268}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{248F962A-103A-49C7-82F4-EB518A4C4ECE}"= UDP:c:\windows\explorer.exe:Explorer
"{A064312E-C168-431F-A33A-6F3772886C59}"= TCP:c:\windows\explorer.exe:Explorer
"{00780389-C35D-4A1F-95A5-D0F519BA91A8}"= UDP:c:\windows\System32\wininit.exe:wininit
"{32747379-E640-40F2-9097-E93FFC5DEBAB}"= TCP:c:\windows\System32\wininit.exe:wininit
"{D4A48BF4-E0F6-4F88-A25B-317E34EE9216}"= UDP:c:\windows\System32\wininit.exe:wininit
"{796E042D-CE67-4128-BC8C-9A6333A78D03}"= TCP:c:\windows\System32\wininit.exe:wininit
"{E6CC4360-7746-4E6D-B2F0-1E4FD7F21790}"= UDP:c:\windows\explorer.exe:Explorer
"{A128BB59-D7D2-46A1-AF2E-0C80752FCA17}"= TCP:c:\windows\explorer.exe:Explorer
"{84292B2C-5759-4B9D-8285-71AB045D023E}"= UDP:c:\windows\System32\services.exe:services
"{AF94E9C8-0B97-4FB8-AC43-4FA73405E83A}"= TCP:c:\windows\System32\services.exe:services
"{DDD21DA7-A6ED-4424-AED3-CEA06115B7F5}"= UDP:c:\combofix\FINDSTR.cfexe:FINDSTR
"{2DA8BAC9-A2E9-404F-A915-21C96A769626}"= TCP:c:\combofix\FINDSTR.cfexe:FINDSTR
"{6167A21B-7A81-4F8D-9082-48C498806063}"= UDP:c:\combofix\pv.cfexe:pv
"{0CA26688-8944-4542-BB43-8EC2B15CDBA7}"= TCP:c:\combofix\pv.cfexe:pv
"{68D3B9CF-6F3A-4F6D-830F-7547006BDB62}"= UDP:c:\windows\System32\dllhost.exe:DllHost
"{B7639F37-E9D9-4E8A-9A8A-FA1B2DC01889}"= TCP:c:\windows\System32\dllhost.exe:DllHost
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-02 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-02 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d17e5bd-8eec-11dd-804f-0021850364d1}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL l:\resycled\boot.com l:
\shell\Open\command - l:\resycled\boot.com l:
.
Indhold af mappen 'Planlagte Opgaver'
2008-10-21 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-06 03:19]
.
- - - - TOMME GENVEJE FJERNET - - - -
BHO-{a1960e60-6cf1-4263-913d-1f5b51d79362} - c:\windows\system32\delehele.dll
HKLM-Run-MSServer - c:\windows\system32\yayxvSjK.dll
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
.
------- Yderligere scanning -------
.
uStart Page = about
:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\5rndqojl.default\
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-06 13:05:52
Windows 6.0.6001 Service Pack 1 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\System32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\System32\VSSVC.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Gennemført tid: 2008-12-06 13:10:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2008-12-06 13:09:51
Pre-Kørsel: 133,153,832,960 bytes free
Post-Kørsel: 132,740,395,008 bytes free
378 --- E O F --- 2008-12-02 14:25:55