Tech Support Forum - View Single Post - Pc is Nuked: Blocked Updates and pop-ups

bimm3rcc · 12-07-2008, 04:19 AM

MY pc had been scanning for 9 hours... then i lost internet connections.
So i did not scan all pc but almost all of it i hope. 78% it says.
Looks like all the files are from the CombFix Quarentine

Untitled.jpg

ComboFix 08-12-06.04 - Stefano 2008-12-07 2:33:52.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1440 [GMT 0:00]
Kører fra: c:\users\Stefano\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Stefano\Desktop\CFScript.txt
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((( Filer skabt fra 2008-11-07 til 2008-12-07 )))))))))))))))))))))))))))))))))))
.

2008-12-07 01:57 . 2008-12-07 02:19 <DIR> d-------- c:\program files\PeerGuardian2
2008-12-06 13:10 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-06 13:10 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-06 13:10 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-06 13:10 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-06 13:09 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-06 13:09 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-06 13:09 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-06 13:09 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-06 13:09 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-03 22:50 . 2008-12-03 22:50 250 --a------ c:\windows\gmer.ini
2008-12-03 17:32 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\program files\Panda Security
2008-12-01 17:55 . 2008-12-01 23:06 <DIR> d-------- c:\users\Stefano\.housecall6.6
2008-12-01 17:17 . 2008-12-06 14:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-01 17:16 . 2008-12-01 17:16 <DIR> d-------- c:\windows\HDTVXviD Codec
2008-12-01 17:15 . 2008-12-01 17:15 <DIR> d-------- c:\windows\Easy Decrypter
2008-11-27 15:48 . 2008-11-27 15:48 <DIR> d-------- c:\users\Stefano\AppData\Roaming\vlc
2008-11-26 18:49 . 2008-11-26 18:49 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Thunderbird
2008-11-26 18:43 . 2008-11-26 18:43 0 --a------ c:\windows\nsreg.dat
2008-11-25 00:56 . 2008-11-25 00:56 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Media Player Classic
2008-11-22 20:47 . 2008-11-22 20:47 <DIR> d--hs---- C:\Diskeeper
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\users\All Users\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\programdata\Diskeeper Corporation
2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\program files\Diskeeper Corporation
2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\System32\GPhotos.scr
2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\users\Stefano\AppData\Roaming\PeerNetworking
2008-11-14 21:25 . 2008-11-14 21:25 <DIR> d-------- c:\users\All Users\Real
2008-11-14 21:25 . 2008-11-14 21:26 <DIR> d-------- c:\program files\Real Alternative
2008-11-13 15:57 . 2008-11-13 15:57 <DIR> d-------- c:\windows\System32\xlive
2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\windows\San Andreas Mod Installer
2008-11-10 17:39 . 2008-11-10 17:40 <DIR> d-------- c:\program files\San Andreas Mod Installer
2008-11-09 23:15 . 2008-11-09 23:15 0 --a------ c:\windows\System32\NeroCopyGadgetData-6387.xml
2008-11-09 02:40 . 2008-11-09 02:41 <DIR> d-------- c:\users\Stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64
2008-11-07 15:02 . 2008-11-07 20:10 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Red Alert 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 02:28 --------- d-----w c:\users\Stefano\AppData\Roaming\uTorrent
2008-12-06 23:41 --------- d-----w c:\users\Stefano\AppData\Roaming\OpenOffice.org2
2008-12-01 17:58 --------- d-----w c:\programdata\avg8
2008-11-14 14:40 --------- d-----w c:\users\Stefano\AppData\Roaming\FrostWire
2008-11-08 22:18 --------- d---a-w c:\programdata\TEMP
2008-11-05 17:25 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-11-05 17:17 --------- d-----w c:\programdata\DriverScanner
2008-11-05 17:14 --------- dc-h--w c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2008-11-05 17:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Uniblue
2008-11-05 17:14 --------- d-----w c:\program files\Uniblue
2008-11-05 16:51 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-03 23:54 180,064 ----a-w c:\windows\System32\WinVd32.sys
2008-11-03 23:54 --------- d-----w c:\program files\Folder Lock 6
2008-11-03 23:50 --------- d-----w c:\program files\PROnetworks
2008-11-03 15:27 --------- d-----w c:\program files\OO Software
2008-11-03 12:57 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-03 12:36 --------- d-----w c:\program files\Google
2008-11-03 12:36 --------- d-----w c:\program files\Common Files\PX Storage Engine
2008-11-02 18:53 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-02 18:46 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-02 18:46 --------- d-----w c:\program files\BitDefender
2008-11-02 17:54 --------- d-----w c:\program files\Zone Labs
2008-11-02 12:37 --------- d-----w c:\users\Stefano\AppData\Roaming\Winamp
2008-11-02 12:08 --------- d-----w c:\program files\AVG
2008-11-02 01:19 --------- d-----w c:\program files\Softwin
2008-11-02 01:19 --------- d-----w c:\program files\Common Files\Softwin
2008-11-02 01:13 --------- d-----w c:\programdata\avg8(32)
2008-11-02 00:37 352,605 ---ha-w c:\windows\system32\drivers\vsconfig(100).xml
2008-11-01 23:30 --------- d-----w c:\program files\Port Forwarding Wizard
2008-11-01 22:57 --------- d-----w c:\programdata\CheckPoint
2008-11-01 18:17 --------- d-----w c:\users\Stefano\AppData\Roaming\RecoveryFix for Windows
2008-11-01 02:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 02:53 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 14:23 --------- d-----w c:\program files\ATI
2008-10-22 16:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2008-10-22 00:04 --------- d-----w c:\users\Stefano\AppData\Roaming\SystemRequirementsLab
2008-10-22 00:04 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-21 20:14 --------- d-----w c:\program files\SubtitlesSynch
2008-10-21 19:57 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-10-21 19:57 249,856 ------w c:\windows\Setup1.exe
2008-10-21 18:42 --------- d-----w c:\users\Stefano\AppData\Roaming\Leadertech
2008-10-21 17:48 --------- d-----w c:\users\Stefano\AppData\Roaming\gnupg
2008-10-21 07:57 --------- d-----w c:\programdata\Uniblue
2008-10-20 23:33 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-10-20 23:33 --------- d-----w c:\program files\Realtek
2008-10-20 23:20 319,488 ----a-w c:\windows\HideWin.exe
2008-10-19 20:45 --------- d-----w c:\users\Stefano\AppData\Roaming\Bioshock
2008-10-18 20:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe
2008-10-18 16:53 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-10-18 16:53 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-10-18 16:37 --------- d-----w c:\program files\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\users\Stefano\AppData\Roaming\DAEMON Tools Pro
2008-10-18 16:35 --------- d-----w c:\programdata\DAEMON Tools Pro
2008-10-18 16:30 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-18 13:58 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-10-17 22:20 20,192 ----a-w c:\windows\System32\WinFl32.sys
2008-10-17 13:14 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-16 12:08 --------- d-----w c:\program files\Windows Mail
2008-10-13 19:06 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-10-13 19:01 --------- d-----w c:\users\Stefano\AppData\Roaming\Xilisoft Corporation
2008-10-12 03:11 --------- d-----w c:\program files\Common Files\Steam
2008-10-11 20:16 --------- d-----w c:\program files\Debugging Tools for Windows (x86)
2008-10-10 01:27 --------- d-----w c:\program files\FrostWire
2008-10-09 23:01 --------- d-----w c:\program files\VideoLAN
2008-10-06 03:18 17,984 ----a-w c:\windows\System32\AntiSpyNative64.exe
2008-10-06 03:18 14,400 ----a-w c:\windows\System32\AntiSpyNative32.exe
2008-10-02 17:51 2,855 ----a-w c:\windows\PIF\Launcher.PIF
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-30 14:32 52,736 ----a-w c:\windows\ipuninst.exe
2008-09-30 12:23 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-09 17:32 806,432 ----a-w c:\windows\System32\RtkPgExt.dll
2008-09-09 17:32 6,281,760 ----a-w c:\windows\RtHDVCpl.exe
2008-09-09 17:32 42,016 ----a-w c:\windows\System32\RtkCoInst.dll
2008-09-09 17:32 285,216 ----a-w c:\windows\System32\RtkApoApi.dll
2008-09-09 17:32 2,333,728 ----a-w c:\windows\System32\RtkAPO.dll
2008-09-09 17:32 1,833,504 ----a-w c:\windows\SkyTel.exe
2008-09-09 17:32 1,206,816 ----a-w c:\windows\RtlUpd.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-06_13.08.05.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-07 02:33:10 6,295,552 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-12-07 02:24:07 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-10-16 10:55:29 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-07 02:24:41 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-12-06 23:38:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-06 23:38:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-06 13:05:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-06 23:39:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-06 23:39:53 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-06 13:05:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-06 23:39:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-06 23:39:58 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-12-07 02:26:07 3,864 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{2AB0942B-E958-4E7B-9537-894472B547A0}.bin
- 2008-07-18 21:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 14:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-06 12:56:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-07 02:33:19 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-11-03 16:10:26 17,318,336 ----a-w c:\windows\System32\MRT.exe
- 2008-12-06 12:45:43 105,078 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-06 23:45:17 105,078 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-06 12:45:43 595,748 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-06 23:45:17 595,748 ----a-w c:\windows\System32\perfh009.dat
- 2008-11-03 15:40:47 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2008-12-06 23:49:45 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
- 2008-12-06 13:01:27 8,762 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1431478250-751702932-1817854511-1000_UserData.bin
+ 2008-12-06 23:43:04 9,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1431478250-751702932-1817854511-1000_UserData.bin
- 2008-12-06 13:01:27 108,332 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 23:43:03 108,616 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-06 13:01:24 46,478 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-06 23:43:01 46,636 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-11-13 15:47:47 58,885,611 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-07 02:24:20 5,414,773 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll
+ 2008-10-21 05

53 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll
+ 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll
+ 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll
+ 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll
+ 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll
+ 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll
+ 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll
+ 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll
+ 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll
+ 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll
+ 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll
+ 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll
+ 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll
+ 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll
+ 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll
+ 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll
+ 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll
+ 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat
+ 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat
+ 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll
+ 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll
+ 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll
+ 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll
+ 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
+ 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys
+ 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
+ 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 13:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 14:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll
+ 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll
+ 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll
+ 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll
+ 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll
+ 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll
+ 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll
+ 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
+ 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll
+ 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll
+ 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll
+ 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll
+ 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll
+ 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll
+ 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll
+ 2008-01-21 02:25:16 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll
+ 2008-01-21 02:25:16 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll
+ 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll
+ 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll
+ 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll
+ 2008-12-07 02:24:08 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll
+ 2008-12-07 02:24:11 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll
.
-- Snapshot sat til dags dato --
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 c:\windows\RtHDVCpl.exe]

c:\users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Stefano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431478250-751702932-1817854511-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3F4DD4B2-BFDC-4370-A787-8671CB4DA670}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F52FC84-17C4-46F0-8917-26E80F896A7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6535A1CF-E801-49A8-B83D-484FD682C00A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{749DB05F-8D00-4313-AA18-2C90F30616D6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C1ABFD22-7957-4A0A-BE35-A00B02EE5B5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1C16A4BD-8AD9-4E97-86EF-57DB64E395D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{4FB78B1D-60A7-42A4-81E1-B83E654564A2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{3303F0EE-F45C-497B-B7AB-524CB5D1934A}d:\\program files\\tantrum\\die by the sword\\windie.exe"= UDP:d:\program files\tantrum\die by the sword\windie.exe:windie
"UDP Query User{AC92907C-DD43-42B3-885F-16E3AB2CEA23}d:\\program files\\tantrum\\die by the sword\\windie.exe"= TCP:d:\program files\tantrum\die by the sword\windie.exe:windie
"TCP Query User{4A04B999-CFED-408F-8AC5-D19C6F119587}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{DB828D1E-1640-4D0B-8DE6-5147E9FE11D1}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{AE0251AF-BE56-47D8-A34A-34716687DF33}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{D2DBB9E5-C5AC-46E6-938C-92C5FEAAB640}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{B55B4CA9-1788-4751-9BA3-1254C06ADDD3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{966BA7DE-2FD9-4A40-8C8F-5426A5F60F8D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{326DC1B0-1BEB-4745-80FE-088557E0D7AE}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{86CEFFED-116F-4847-8A5B-27344B24B9DB}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"{9BB52674-5DC8-462B-AA96-546782AF9F0B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{107F4726-5B22-4BAD-AEBD-C5104A7C4C32}"= TCP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{2C05E19C-87E9-475C-B602-D5A7DED80AA2}"= UDP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DF47EA27-B051-49E6-9B39-1802E59613F9}"= TCP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8ADE7EF3-CF7B-41D7-884E-3EF159A133A2}"= UDP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{3F0B2B83-E68B-42A2-AB57-993F4C53A73C}"= TCP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{BFFA7D66-F153-434A-A10F-149F3D4DBCE5}"= UDP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{C4B46306-7FF7-4578-9830-FC7044993C48}"= TCP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game
"{26AEEF17-9456-4CC0-A3B9-0D99003A73F2}"= UDP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"{4D7767DA-C514-467E-A599-2FC0F1F8C02C}"= TCP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher
"TCP Query User{01198DB2-ADD1-4A11-A5D9-B98B47B8AEA6}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= UDP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"UDP Query User{BAA0A3FC-86D3-4D99-B5D7-BBA459EF1C8D}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= TCP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie
"{CE59ADF9-7CC1-4384-9CCF-38CA6C962720}"= UDP:59151:µTorrent
"TCP Query User{50A8D18A-535A-44DB-AEB9-3DE2563D879E}d:\\doom 3\\doom3ded.exe"= UDP:d:\doom 3\doom3ded.exe:DOOM 3
"UDP Query User{48ED1F5A-1AEA-4C19-8A23-BFD0332EBD08}d:\\doom 3\\doom3ded.exe"= TCP:d:\doom 3\doom3ded.exe:DOOM 3
"TCP Query User{148E0837-E39B-4C4D-BD84-6BFDB8A545D7}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{F807E392-7812-449E-A916-CE649668932F}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{EF299F30-775E-4561-8525-DC00DC8676EE}d:\\crysis\\bin32\\crysis.exe"= UDP:d:\crysis\bin32\crysis.exe:Crysis
"UDP Query User{2E2B0B03-597F-460D-8066-70F9FD4ED24F}d:\\crysis\\bin32\\crysis.exe"= TCP:d:\crysis\bin32\crysis.exe:Crysis
"{81160EF1-46BD-4B77-B509-0DC4BA069B88}"= d:\command & conquer 3 kane's wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{001E32C5-642F-4A55-90C9-25FFC02448B2}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{81CCEBBB-9EEC-430E-96C9-2C9699037993}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{E259A6F1-3B46-4E5F-8C2D-3464249672BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F9A93C4E-195C-499E-AB12-8CAF5F9CAC70}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{65A3D0D0-00AE-4429-95A8-4B6C2CF43265}"= UDP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{E33896AF-F262-4E88-8F28-C957B5DAF0F7}"= TCP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{811F6413-AC91-46D1-8E58-C6E12299471D}"= UDP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{3692CF83-C45B-457D-8420-B2E04466F96A}"= TCP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{DD2CDB1B-C5D5-4783-A3DF-6A5D6977D670}"= UDP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{AEC062B1-218B-43F9-8040-E0F228AF04BE}"= TCP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{14D55197-F185-4C4E-808E-B122A1CC1836}"= UDP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{C3580697-E113-4743-BC80-AEFBCC0D849A}"= TCP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{BA9A5538-44D9-4BCA-A54C-DA91FDB40248}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{319D69B3-7B97-463C-9032-CC88C210F65C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{18487EC5-68DC-4B44-8794-82C8E6EE8A0C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F6D11C98-DB48-42E8-9B61-1E2DABA41268}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-30 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-02 90632]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-02 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\shell\AutoRun\command - L:\autorun.exe

*Newly Created Service* - PGFILTER
.
Indhold af mappen 'Planlagte Opgaver'

2008-10-21 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-06 03:19]
.
.
------- Yderligere scanning -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\5rndqojl.default\
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 02:35:42
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2008-12-07 2:37:39
ComboFix-quarantined-files.txt 2008-12-07 02:37:36
ComboFix2.txt 2008-12-06 13:10:18

Pre-Kørsel: 125.124.554.752 bytes free
Post-Kørsel: 124,776,923,136 bytes free

368 --- E O F --- 2008-12-07 02:26:07

12-07-2008, 04:19 AM	#7 (permalink)
bimm3rcc Registered User Join Date: Oct 2008 Posts: 32 OS: Vista_x86_sp1	Re: Pc is Nuked: Blocked Updates and pop-ups MY pc had been scanning for 9 hours... then i lost internet connections. So i did not scan all pc but almost all of it i hope. 78% it says. Looks like all the files are from the CombFix Quarentine Untitled.jpg ComboFix 08-12-06.04 - Stefano 2008-12-07 2:33:52.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1440 [GMT 0:00] Kører fra: c:\users\Stefano\Desktop\ComboFix.exe Kommandoer benyttet :: c:\users\Stefano\Desktop\CFScript.txt * Dannede nyt systemgendannelsespunkt . ((((((((((((((((((((((((((((( Filer skabt fra 2008-11-07 til 2008-12-07 ))))))))))))))))))))))))))))))))))) . 2008-12-07 01:57 . 2008-12-07 02:19 <DIR> d-------- c:\program files\PeerGuardian2 2008-12-06 13:10 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-12-06 13:10 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-12-06 13:10 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-12-06 13:10 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-12-06 13:09 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-12-06 13:09 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-12-06 13:09 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-12-06 13:09 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll 2008-12-06 13:09 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-12-03 22:50 . 2008-12-03 22:50 250 --a------ c:\windows\gmer.ini 2008-12-03 17:32 . 2008-06-19 17:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys 2008-12-03 17:11 . 2008-12-03 17:11 <DIR> d-------- c:\program files\Panda Security 2008-12-01 17:55 . 2008-12-01 23:06 <DIR> d-------- c:\users\Stefano\.housecall6.6 2008-12-01 17:17 . 2008-12-06 14:08 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-01 17:16 . 2008-12-01 17:16 <DIR> d-------- c:\windows\HDTVXviD Codec 2008-12-01 17:15 . 2008-12-01 17:15 <DIR> d-------- c:\windows\Easy Decrypter 2008-11-27 15:48 . 2008-11-27 15:48 <DIR> d-------- c:\users\Stefano\AppData\Roaming\vlc 2008-11-26 18:49 . 2008-11-26 18:49 <DIR> d-------- c:\program files\Mozilla Thunderbird 2008-11-26 18:43 . 2008-11-26 18:43 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Thunderbird 2008-11-26 18:43 . 2008-11-26 18:43 0 --a------ c:\windows\nsreg.dat 2008-11-25 00:56 . 2008-11-25 00:56 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Media Player Classic 2008-11-22 20:47 . 2008-11-22 20:47 <DIR> d--hs---- C:\Diskeeper 2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\users\All Users\Diskeeper Corporation 2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\programdata\Diskeeper Corporation 2008-11-22 15:04 . 2008-11-22 15:04 <DIR> d-------- c:\program files\Diskeeper Corporation 2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\System32\GPhotos.scr 2008-11-17 16:58 . 2008-11-17 16:58 <DIR> d-------- c:\users\Stefano\AppData\Roaming\PeerNetworking 2008-11-14 21:25 . 2008-11-14 21:25 <DIR> d-------- c:\users\All Users\Real 2008-11-14 21:25 . 2008-11-14 21:26 <DIR> d-------- c:\program files\Real Alternative 2008-11-13 15:57 . 2008-11-13 15:57 <DIR> d-------- c:\windows\System32\xlive 2008-11-10 17:39 . 2008-11-10 17:39 <DIR> d-------- c:\windows\San Andreas Mod Installer 2008-11-10 17:39 . 2008-11-10 17:40 <DIR> d-------- c:\program files\San Andreas Mod Installer 2008-11-09 23:15 . 2008-11-09 23:15 0 --a------ c:\windows\System32\NeroCopyGadgetData-6387.xml 2008-11-09 02:40 . 2008-11-09 02:41 <DIR> d-------- c:\users\Stefano\Diskeeper Pro Premier 2008 V.12.0.781 x86 and x64 2008-11-07 15:02 . 2008-11-07 20:10 <DIR> d-------- c:\users\Stefano\AppData\Roaming\Red Alert 3 . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 02:28 --------- d-----w c:\users\Stefano\AppData\Roaming\uTorrent 2008-12-06 23:41 --------- d-----w c:\users\Stefano\AppData\Roaming\OpenOffice.org2 2008-12-01 17:58 --------- d-----w c:\programdata\avg8 2008-11-14 14:40 --------- d-----w c:\users\Stefano\AppData\Roaming\FrostWire 2008-11-08 22:18 --------- d---a-w c:\programdata\TEMP 2008-11-05 17:25 --------- d-----w c:\program files\Microsoft IntelliPoint 2008-11-05 17:17 --------- d-----w c:\programdata\DriverScanner 2008-11-05 17:14 --------- dc-h--w c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-11-05 17:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Uniblue 2008-11-05 17:14 --------- d-----w c:\program files\Uniblue 2008-11-05 16:51 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-11-03 23:54 180,064 ----a-w c:\windows\System32\WinVd32.sys 2008-11-03 23:54 --------- d-----w c:\program files\Folder Lock 6 2008-11-03 23:50 --------- d-----w c:\program files\PROnetworks 2008-11-03 15:27 --------- d-----w c:\program files\OO Software 2008-11-03 12:57 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-03 12:36 --------- d-----w c:\program files\Google 2008-11-03 12:36 --------- d-----w c:\program files\Common Files\PX Storage Engine 2008-11-02 18:53 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-11-02 18:46 --------- d-----w c:\program files\Common Files\BitDefender 2008-11-02 18:46 --------- d-----w c:\program files\BitDefender 2008-11-02 17:54 --------- d-----w c:\program files\Zone Labs 2008-11-02 12:37 --------- d-----w c:\users\Stefano\AppData\Roaming\Winamp 2008-11-02 12:08 --------- d-----w c:\program files\AVG 2008-11-02 01:19 --------- d-----w c:\program files\Softwin 2008-11-02 01:19 --------- d-----w c:\program files\Common Files\Softwin 2008-11-02 01:13 --------- d-----w c:\programdata\avg8(32) 2008-11-02 00:37 352,605 ---ha-w c:\windows\system32\drivers\vsconfig(100).xml 2008-11-01 23:30 --------- d-----w c:\program files\Port Forwarding Wizard 2008-11-01 22:57 --------- d-----w c:\programdata\CheckPoint 2008-11-01 18:17 --------- d-----w c:\users\Stefano\AppData\Roaming\RecoveryFix for Windows 2008-11-01 02:54 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 02:53 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-23 14:23 --------- d-----w c:\program files\ATI 2008-10-22 16:14 --------- d-----w c:\users\Stefano\AppData\Roaming\Command & Conquer 3 Kane's Wrath 2008-10-22 00:04 --------- d-----w c:\users\Stefano\AppData\Roaming\SystemRequirementsLab 2008-10-22 00:04 --------- d-----w c:\program files\SystemRequirementsLab 2008-10-21 20:14 --------- d-----w c:\program files\SubtitlesSynch 2008-10-21 19:57 73,216 ----a-w c:\windows\ST6UNST.EXE 2008-10-21 19:57 249,856 ------w c:\windows\Setup1.exe 2008-10-21 18:42 --------- d-----w c:\users\Stefano\AppData\Roaming\Leadertech 2008-10-21 17:48 --------- d-----w c:\users\Stefano\AppData\Roaming\gnupg 2008-10-21 07:57 --------- d-----w c:\programdata\Uniblue 2008-10-20 23:33 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-10-20 23:33 --------- d-----w c:\program files\Realtek 2008-10-20 23:20 319,488 ----a-w c:\windows\HideWin.exe 2008-10-19 20:45 --------- d-----w c:\users\Stefano\AppData\Roaming\Bioshock 2008-10-18 20:52 111,928 ----a-w c:\windows\System32\PnkBstrB.exe 2008-10-18 16:53 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys 2008-10-18 16:53 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys 2008-10-18 16:37 --------- d-----w c:\program files\DAEMON Tools Pro 2008-10-18 16:35 --------- d-----w c:\users\Stefano\AppData\Roaming\DAEMON Tools Pro 2008-10-18 16:35 --------- d-----w c:\programdata\DAEMON Tools Pro 2008-10-18 16:30 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2008-10-18 13:58 66,872 ----a-w c:\windows\System32\PnkBstrA.exe 2008-10-17 22:20 20,192 ----a-w c:\windows\System32\WinFl32.sys 2008-10-17 13:14 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-10-16 12:08 --------- d-----w c:\program files\Windows Mail 2008-10-13 19:06 --------- d-----w c:\program files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2008-10-13 19:01 --------- d-----w c:\users\Stefano\AppData\Roaming\Xilisoft Corporation 2008-10-12 03:11 --------- d-----w c:\program files\Common Files\Steam 2008-10-11 20:16 --------- d-----w c:\program files\Debugging Tools for Windows (x86) 2008-10-10 01:27 --------- d-----w c:\program files\FrostWire 2008-10-09 23:01 --------- d-----w c:\program files\VideoLAN 2008-10-06 03:18 17,984 ----a-w c:\windows\System32\AntiSpyNative64.exe 2008-10-06 03:18 14,400 ----a-w c:\windows\System32\AntiSpyNative32.exe 2008-10-02 17:51 2,855 ----a-w c:\windows\PIF\Launcher.PIF 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-30 14:32 52,736 ----a-w c:\windows\ipuninst.exe 2008-09-30 12:23 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-09 17:32 806,432 ----a-w c:\windows\System32\RtkPgExt.dll 2008-09-09 17:32 6,281,760 ----a-w c:\windows\RtHDVCpl.exe 2008-09-09 17:32 42,016 ----a-w c:\windows\System32\RtkCoInst.dll 2008-09-09 17:32 285,216 ----a-w c:\windows\System32\RtkApoApi.dll 2008-09-09 17:32 2,333,728 ----a-w c:\windows\System32\RtkAPO.dll 2008-09-09 17:32 1,833,504 ----a-w c:\windows\SkyTel.exe 2008-09-09 17:32 1,206,816 ----a-w c:\windows\RtlUpd.exe 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-12-06_13.08.05.40 ))))))))))))))))))))))))))))))))))))))))) . + 2008-12-07 02:33:10 6,295,552 ----a-w c:\windows\ERDNT\Hiv-backup\schema.dat + 2008-12-07 02:24:07 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe - 2008-10-16 10:55:29 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-12-07 02:24:41 35,600 ----a-r c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe + 2008-12-06 23:38:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-12-06 23:38:48 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-12-06 13:05:48 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-06 23:39:53 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-06 23:39:53 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-12-06 13:05:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-06 23:39:58 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-06 23:39:58 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 + 2008-12-07 02:26:07 3,864 ----a-w c:\windows\SoftwareDistribution\PostRebootEventCache\{2AB0942B-E958-4E7B-9537-894472B547A0}.bin - 2008-07-18 21:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe + 2008-10-16 14:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe - 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-06 13:05:36 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-12-07 02:24:24 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-12-06 12:56:56 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2008-12-07 02:33:19 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2008-11-03 16:10:26 17,318,336 ----a-w c:\windows\System32\MRT.exe - 2008-12-06 12:45:43 105,078 ----a-w c:\windows\System32\perfc009.dat + 2008-12-06 23:45:17 105,078 ----a-w c:\windows\System32\perfc009.dat - 2008-12-06 12:45:43 595,748 ----a-w c:\windows\System32\perfh009.dat + 2008-12-06 23:45:17 595,748 ----a-w c:\windows\System32\perfh009.dat - 2008-11-03 15:40:47 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat + 2008-12-06 23:49:45 6,553,600 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat - 2008-12-06 13:01:27 8,762 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1431478250-751702932-1817854511-1000_UserData.bin + 2008-12-06 23:43:04 9,306 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1431478250-751702932-1817854511-1000_UserData.bin - 2008-12-06 13:01:27 108,332 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-12-06 23:43:03 108,616 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-12-06 13:01:24 46,478 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-12-06 23:43:01 46,636 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-11-13 15:47:47 58,885,611 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-12-07 02:24:20 5,414,773 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-10-21 05:16:20 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.16766_none_62ed735b99bf2599\connect.dll + 2008-10-21 0553 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6000.20940_none_6386b028b2d1f29e\connect.dll + 2008-10-21 05:25:17 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.18159_none_64e182cb96dae69e\connect.dll + 2008-10-21 05:21:42 1,645,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-getconnectedwizards_31bf3856ad364e35_6.0.6001.22291_none_6537dd96b0202b74\connect.dll + 2008-09-05 04:48:28 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3.dll + 2008-09-05 04:45:14 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16745_none_8661c59c99cb7ce9\msxml3r.dll + 2008-09-05 04:47:44 1,194,496 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3.dll + 2008-09-05 04:47:44 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.20910_none_8706d29fb2d54754\msxml3r.dll + 2008-09-05 05:14:05 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3.dll + 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\msxml3r.dll + 2008-09-05 05:08:23 1,191,936 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3.dll + 2008-09-05 05:04:53 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.22258_none_88c9d1ffb015159a\msxml3r.dll + 2008-09-10 03:25:00 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6.dll + 2008-09-10 03:21:24 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.16747_none_866381d899c9fc7a\msxml6r.dll + 2008-09-10 03:26:42 1,341,440 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6.dll + 2008-09-10 03:26:42 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6000.20913_none_87098f25b2d2e03c\msxml6r.dll + 2008-09-10 03:40:14 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6.dll + 2006-11-02 09:41:09 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll + 2008-09-10 03:27:55 1,334,272 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6.dll + 2008-09-10 03:23:55 2,048 ----a-w c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.22261_none_88b7bbb5b023cd0d\msxml6r.dll + 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16764_none_f064ff046e80cc5f\OESpamFilter.dat + 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20937_none_f1120e5787836182\OESpamFilter.dat + 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18157_none_f2590e746b9c8d64\OESpamFilter.dat + 2008-09-15 22:29:55 2,413,072 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22288_none_f2c33bc584d19a58\OESpamFilter.dat + 2008-08-28 03:24:50 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.16740_none_c85de4f0e87e1001\PhotoMetadataHandler.dll + 2008-08-28 03:21:23 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6000.20905_none_c917c4c40176bbe1\PhotoMetadataHandler.dll + 2008-08-28 03:40:09 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.18131_none_ca4ff3cce59b9e58\PhotoMetadataHandler.dll + 2008-08-28 03:37:44 425,472 ----a-w c:\windows\winsxs\x86_microsoft-windows-photometadatahandler_31bf3856ad364e35_6.0.6001.22253_none_cac5f153fec7a8b2\PhotoMetadataHandler.dll + 2008-08-26 01:11:59 211,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys + 2008-08-27 00:48:36 211,968 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys + 2008-08-27 01:05:41 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys + 2008-08-27 00:52:38 212,480 ----a-w c:\windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys + 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll + 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll + 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll + 2008-10-16 13:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe + 2008-10-16 14:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll + 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe + 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll + 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll + 2008-08-28 03:24:51 712,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.16740_none_94703b0aa417f9f5\WindowsCodecs.dll + 2008-08-28 03:22:04 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6000.20905_none_952a1addbd10a5d5\WindowsCodecs.dll + 2008-08-28 03:40:11 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.18131_none_966249e6a135884c\WindowsCodecs.dll + 2008-08-28 03:37:46 712,704 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodec_31bf3856ad364e35_6.0.6001.22253_none_96d8476dba6192a6\WindowsCodecs.dll + 2008-08-28 03:24:51 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.16740_none_91804ffcbb9f565c\WindowsCodecsExt.dll + 2008-08-28 03:22:04 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6000.20905_none_923a2fcfd498023c\WindowsCodecsExt.dll + 2008-08-28 03:40:11 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.18131_none_93725ed8b8bce4b3\WindowsCodecsExt.dll + 2008-08-28 03:37:46 347,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowscodecext_31bf3856ad364e35_6.0.6001.22253_none_93e85c5fd1e8ef0d\WindowsCodecsExt.dll + 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll + 2008-10-22 03:43:51 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceApi.dll + 2008-10-22 03:43:51 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceClassExtension.dll + 2008-10-22 03:43:51 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PortableDeviceTypes.dll + 2008-10-22 03:39:42 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceApi.dll + 2008-10-22 03:39:42 95,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceClassExtension.dll + 2008-10-22 03:39:42 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PortableDeviceTypes.dll + 2008-10-22 03:57:30 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceApi.dll + 2008-01-21 02:25:16 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceClassExtension.dll + 2008-01-21 02:25:16 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PortableDeviceTypes.dll + 2008-10-22 03:34:55 241,152 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceApi.dll + 2008-10-22 03:34:55 94,720 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceClassExtension.dll + 2008-10-22 03:34:55 160,768 ----a-w c:\windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PortableDeviceTypes.dll + 2008-12-07 02:24:08 1,286,152 ----a-w c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b\msxml4.dll + 2008-12-07 02:24:11 91,656 ----a-w c:\windows\winsxs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d\msxml4r.dll . -- Snapshot sat til dags dato -- . ((((((((((((((((((((((((((((((((((( Start steder i reg.basen )))))))))))))))))))))))))))))))))))))))))))))))) . . Bemærk tomme linier & lovlige standard linier vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-06 1261336] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024] "RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 c:\windows\RtHDVCpl.exe] c:\users\Stefano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^Stefano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent] --a------ 2007-09-06 13:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1431478250-751702932-1817854511-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{3F4DD4B2-BFDC-4370-A787-8671CB4DA670}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5F52FC84-17C4-46F0-8917-26E80F896A7C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6535A1CF-E801-49A8-B83D-484FD682C00A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{749DB05F-8D00-4313-AA18-2C90F30616D6}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{C1ABFD22-7957-4A0A-BE35-A00B02EE5B5E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1C16A4BD-8AD9-4E97-86EF-57DB64E395D8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{4FB78B1D-60A7-42A4-81E1-B83E654564A2}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{3303F0EE-F45C-497B-B7AB-524CB5D1934A}d:\\program files\\tantrum\\die by the sword\\windie.exe"= UDP:d:\program files\tantrum\die by the sword\windie.exe:windie "UDP Query User{AC92907C-DD43-42B3-885F-16E3AB2CEA23}d:\\program files\\tantrum\\die by the sword\\windie.exe"= TCP:d:\program files\tantrum\die by the sword\windie.exe:windie "TCP Query User{4A04B999-CFED-408F-8AC5-D19C6F119587}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{DB828D1E-1640-4D0B-8DE6-5147E9FE11D1}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{AE0251AF-BE56-47D8-A34A-34716687DF33}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe "UDP Query User{D2DBB9E5-C5AC-46E6-938C-92C5FEAAB640}c:\\users\\stefano\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\stefano\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe "TCP Query User{B55B4CA9-1788-4751-9BA3-1254C06ADDD3}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{966BA7DE-2FD9-4A40-8C8F-5426A5F60F8D}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{326DC1B0-1BEB-4745-80FE-088557E0D7AE}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{86CEFFED-116F-4847-8A5B-27344B24B9DB}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher "{9BB52674-5DC8-462B-AA96-546782AF9F0B}"= UDP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{107F4726-5B22-4BAD-AEBD-C5104A7C4C32}"= TCP:d:\assassin's creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{2C05E19C-87E9-475C-B602-D5A7DED80AA2}"= UDP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{DF47EA27-B051-49E6-9B39-1802E59613F9}"= TCP:d:\assassin's creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{8ADE7EF3-CF7B-41D7-884E-3EF159A133A2}"= UDP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{3F0B2B83-E68B-42A2-AB57-993F4C53A73C}"= TCP:d:\assassin's creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{BFFA7D66-F153-434A-A10F-149F3D4DBCE5}"= UDP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game "{C4B46306-7FF7-4578-9830-FC7044993C48}"= TCP:d:\mass effect\Binaries\MassEffect.exe:Mass Effect Game "{26AEEF17-9456-4CC0-A3B9-0D99003A73F2}"= UDP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher "{4D7767DA-C514-467E-A599-2FC0F1F8C02C}"= TCP:d:\mass effect\MassEffectLauncher.exe:Mass Effect Launcher "TCP Query User{01198DB2-ADD1-4A11-A5D9-B98B47B8AEA6}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= UDP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie "UDP Query User{BAA0A3FC-86D3-4D99-B5D7-BBA459EF1C8D}d:\\die by the sword\\tantrum\\die by the sword\\windie.exe"= TCP:d:\die by the sword\tantrum\die by the sword\windie.exe:windie "{CE59ADF9-7CC1-4384-9CCF-38CA6C962720}"= UDP:59151:µTorrent "TCP Query User{50A8D18A-535A-44DB-AEB9-3DE2563D879E}d:\\doom 3\\doom3ded.exe"= UDP:d:\doom 3\doom3ded.exe:DOOM 3 "UDP Query User{48ED1F5A-1AEA-4C19-8A23-BFD0332EBD08}d:\\doom 3\\doom3ded.exe"= TCP:d:\doom 3\doom3ded.exe:DOOM 3 "TCP Query User{148E0837-E39B-4C4D-BD84-6BFDB8A545D7}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= UDP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{F807E392-7812-449E-A916-CE649668932F}d:\\steam\\steamapps\\stefanocig\\counter-strike\\hl.exe"= TCP:d:\steam\steamapps\stefanocig\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{EF299F30-775E-4561-8525-DC00DC8676EE}d:\\crysis\\bin32\\crysis.exe"= UDP:d:\crysis\bin32\crysis.exe:Crysis "UDP Query User{2E2B0B03-597F-460D-8066-70F9FD4ED24F}d:\\crysis\\bin32\\crysis.exe"= TCP:d:\crysis\bin32\crysis.exe:Crysis "{81160EF1-46BD-4B77-B509-0DC4BA069B88}"= d:\command & conquer 3 kane's wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath "TCP Query User{001E32C5-642F-4A55-90C9-25FFC02448B2}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{81CCEBBB-9EEC-430E-96C9-2C9699037993}c:\\users\\stefano\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\stefano\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "{E259A6F1-3B46-4E5F-8C2D-3464249672BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F9A93C4E-195C-499E-AB12-8CAF5F9CAC70}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{65A3D0D0-00AE-4429-95A8-4B6C2CF43265}"= UDP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{E33896AF-F262-4E88-8F28-C957B5DAF0F7}"= TCP:d:\neverwinter nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{811F6413-AC91-46D1-8E58-C6E12299471D}"= UDP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{3692CF83-C45B-457D-8420-B2E04466F96A}"= TCP:d:\neverwinter nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{DD2CDB1B-C5D5-4783-A3DF-6A5D6977D670}"= UDP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{AEC062B1-218B-43F9-8040-E0F228AF04BE}"= TCP:d:\neverwinter nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{14D55197-F185-4C4E-808E-B122A1CC1836}"= UDP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{C3580697-E113-4743-BC80-AEFBCC0D849A}"= TCP:d:\neverwinter nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{BA9A5538-44D9-4BCA-A54C-DA91FDB40248}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{319D69B3-7B97-463C-9032-CC88C210F65C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "{18487EC5-68DC-4B44-8794-82C8E6EE8A0C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F6D11C98-DB48-42E8-9B61-1E2DABA41268}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-12-03 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-09-30 98440] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-02 90632] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-02 874776] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-30 231704] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L] \shell\AutoRun\command - L:\autorun.exe Newly Created Service - PGFILTER . Indhold af mappen 'Planlagte Opgaver' 2008-10-21 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-06 03:19] . . ------- Yderligere scanning ------- . uStart Page = about:blank IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FireFox -: Profile - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\5rndqojl.default\ FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 02:35:42 Windows 6.0.6001 Service Pack 1 NTFS scanner skjulte processer ... scanner skjulte autostarter ... scanner skjulte filer ... scanning gennemført med succes skjulte filer: 0 ************************************************************************ . Gennemført tid: 2008-12-07 2:37:39 ComboFix-quarantined-files.txt 2008-12-07 02:37:36 ComboFix2.txt 2008-12-06 13:10:18 Pre-Kørsel: 125.124.554.752 bytes free Post-Kørsel: 124,776,923,136 bytes free 368 --- E O F --- 2008-12-07 02:26:07