Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28, on 2008-07-01
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BM63ad6d75] Rundll32.exe "C:\Users\Lasse\AppData\Local\Temp\jratsamm.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Windows\system32\xxyvUlLC.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplu...lug/beta/SP.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager-kontrol) - http://dlm.tools.aka...vex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\3dsmax2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
--
End of file - 9557 bytes
ComboFix log:
ComboFix 08-06-20.4 - Lasse 2008-07-01 21:41:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1030.18.1138 [GMT 2:00]
Running from: C:\Users\Lasse\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\aphhljdi.ini
C:\Windows\system32\awtuutut.dll
C:\Windows\System32\bccccfii.ini
C:\Windows\System32\bccccfii.ini2
C:\Windows\system32\cbxvWqNH.dll
C:\Windows\System32\CLlUvyxx.ini
C:\Windows\System32\CLlUvyxx.ini2
C:\Windows\system32\evcdvxpe.ini
C:\Windows\system32\h@tkeysh@@k.dll
C:\Windows\System32\HNqWvxbc.ini
C:\Windows\System32\HNqWvxbc.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\puknlwst.ini
C:\Windows\system32\pwsmnnqn.ini
C:\Windows\System32\QpAyxyay.ini
C:\Windows\System32\QpAyxyay.ini2
C:\Windows\system32\sqexgmhl.ini
C:\Windows\system32\tiyojfda.ini
C:\Windows\System32\tutuutwa.ini
C:\Windows\System32\tutuutwa.ini2
C:\Windows\system32\ulgrskov.ini
C:\Windows\system32\uoymjlmn.ini
C:\Windows\system32\wxymqqwy.ini
C:\Windows\system32\xxyvUlLC.dll
C:\Windows\system32\yayxyApQ.dll
C:\Windows\winhelp.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2099-11-11 13:19 . 2007-08-27 11:53 107,864 --a------ C:\Windows\System32\tsccvid.dll
2008-07-01 18:24 . 2008-07-01 18:24 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-07-01 18:24 . 2008-07-01 18:24 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-07-01 16:08 . 2008-07-01 16:08 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-06-30 18:36 . 2008-06-30 18:36 <DIR> d-------- C:\_OTMoveIt
2008-06-30 13:00 . 2008-06-30 13:00 <DIR> d-------- C:\Deckard
2008-06-27 12:58 . 2008-06-27 12:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-25 20:32 . 2007-03-23 05:05 29,272 -ra------ C:\Windows\System32\AdobePDF.dll
2008-06-24 16:29 . 2008-06-24 16:29 524,288 --ahs---- C:\ntuser.dat{b79c8056-41e8-11dd-8fb2-001a92304991}.TMContainer00000000000000000002.regtrans-ms
2008-06-24 16:29 . 2008-06-24 16:29 524,288 --ahs---- C:\ntuser.dat{b79c8056-41e8-11dd-8fb2-001a92304991}.TMContainer00000000000000000001.regtrans-ms
2008-06-24 16:29 . 2008-06-24 16:29 524,288 --ahs---- C:\ntuser.dat{b79c804a-41e8-11dd-8fb2-001a92304991}.TMContainer00000000000000000002.regtrans-ms
2008-06-24 16:29 . 2008-06-24 16:29 524,288 --ahs---- C:\ntuser.dat{b79c804a-41e8-11dd-8fb2-001a92304991}.TMContainer00000000000000000001.regtrans-ms
2008-06-24 16:29 . 2008-06-27 11:43 262,144 --a------ C:\ntuser.dat
2008-06-24 16:29 . 2008-06-24 16:29 65,536 --ahs---- C:\ntuser.dat{b79c8056-41e8-11dd-8fb2-001a92304991}.TM.blf
2008-06-24 16:29 . 2008-06-24 16:29 65,536 --ahs---- C:\ntuser.dat{b79c804a-41e8-11dd-8fb2-001a92304991}.TM.blf
2008-06-24 16:29 . 2008-06-27 11:43 5,120 --ah----- C:\ntuser.dat.LOG1
2008-06-24 16:29 . 2008-06-24 16:29 0 --ah----- C:\ntuser.dat.LOG2
2008-06-22 21:48 . 2008-06-27 10:58 <DIR> d-------- C:\VundoFix Backups
2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Users\Lasse\AppData\Roaming\DelinvFile
2008-06-22 21:00 . 2008-06-22 21:00 <DIR> d-------- C:\Program Files\PurgeIE
2008-06-21 20:13 . 2008-06-25 20:51 <DIR> d-------- C:\Joke
2008-06-21 13:59 . 2008-06-21 13:59 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll
2008-06-19 14:25 . 2008-06-19 14:25 <DIR> d-------- C:\Users\Lasse\AppData\Roaming\com.adobe.example.LotR-player
2008-06-18 15:32 . 2008-06-18 15:33 <DIR> d-------- C:\Custom Icons
2008-06-15 15:43 . 2008-06-15 15:43 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-15 15:43 . 2003-07-19 17:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-06-15 15:43 . 2005-01-03 08:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-06-15 15:18 . 2008-06-15 15:18 <DIR> d-------- C:\AeriaGames
2008-06-13 22:49 . 2008-06-13 22:49 <DIR> d-------- C:\Program Files\DivX
2008-06-13 21:31 . 2008-06-13 21:31 <DIR> d-------- C:\Program Files\vghd
2008-06-12 19:06 . 2008-06-12 19:16 <DIR> d-------- C:\Program Files\Windows Live
2008-06-11 22:49 . 2008-06-11 22:49 <DIR> d-------- C:\Program Files\FMOD SoundSystem
2008-06-11 16:56 . 2008-06-11 16:56 <DIR> d--h----- C:\TMP_inet
2008-06-10 23:18 . 2008-06-10 23:18 <DIR> d-------- C:\Windows\.jagex_cache_32
2008-06-10 20:40 . 2008-06-10 21:00 <DIR> d-------- C:\Visual Basic 6
2008-06-10 14:16 . 2008-06-22 21:14 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-10 14:16 . 2008-06-11 13:54 1,409 --a------ C:\Windows\QTFont.for
2008-06-09 22:48 . 2008-03-08 02:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-09 22:48 . 2008-03-08 06:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-06-06 16:39 . 2008-06-06 16:39 <DIR> d-------- C:\Program Files\PerformanceTest
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Videos
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Searches
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Saved Games
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Pictures
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Music
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Links
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Downloads
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Documents
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> dr------- C:\Users\Administrator\Contacts
2008-06-01 17:39 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Media Center Programs
2008-06-01 17:39 . 2008-02-08 23:12 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Apple Computer
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d--h----- C:\Users\Administrator\AppData
2008-06-01 17:39 . 2008-06-01 17:39 <DIR> d-------- C:\Users\Administrator
2008-06-01 14:40 . 2008-06-24 20:53 <DIR> d-------- C:\Program Files\3dsmax2009
2008-06-01 14:19 . 2008-06-25 18:02 <DIR> d-------- C:\Cracks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 19:38 --------- d-----w C:\ProgramData\Symantec
2008-07-01 13:02 --------- d---a-w C:\ProgramData\TEMP
2008-06-28 05:52 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-26 20:27 --------- d-----w C:\Users\Lasse\AppData\Roaming\uTorrent
2008-06-25 12:58 --------- d-----w C:\Users\Lasse\AppData\Roaming\Winff
2008-06-22 08:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-21 21:19 --------- d-----w C:\Program Files\Cheat Engine
2008-06-15 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 11:15 --------- d-----w C:\Program Files\Eltima Software
2008-06-14 12:41 --------- d-----w C:\Program Files\Warcraft III
2008-06-12 17:02 --------- d-----w C:\ProgramData\WLInstaller
2008-06-10 12:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-09 18:47 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-09 18:47 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-09 18:47 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-09 18:47 --------- d-----w C:\Program Files\Symantec
2008-06-09 18:47 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-04 16:44 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-01 12:46 --------- d-----w C:\Program Files\Autodesk
2008-05-17 14:52 --------- d-----w C:\Program Files\GameSpy
2008-05-17 14:51 22,328 ----a-w C:\Users\Lasse\AppData\Roaming\PnkBstrK.sys
2008-05-17 14:48 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-12 20:55 --------- d-----w C:\Program Files\Macromedia
2008-05-09 17:20 --------- d-----w C:\ProgramData\ALM
2008-05-08 16:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-07 12:51 --------- d-----w C:\Users\Lasse\AppData\Roaming\com.adobe.example.Crysis-Test
2008-05-04 12:00 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-05-03 11:01 2,829 ----a-w C:\Windows\War3Unin.pif
2008-05-03 11:01 139,264 ----a-w C:\Windows\War3Unin.exe
2008-05-01 19:14 --------- d-----w C:\Users\Lasse\AppData\Roaming\com.adobe.example.Keygen
2008-05-01 14:04 --------- d-----w C:\Users\Lasse\AppData\Roaming\com.adobe.example.Untitled-4-Scene-1
2008-04-21 17:54 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
2008-04-06 10:25 94,208 ----a-w C:\Windows\ScUnin.exe
2007-08-31 13:43 174 --sha-w C:\Program Files\desktop.ini
2007-12-31 19:55 80 --sha-r C:\Windows\System32\AA76078432.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:50 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 14:37 4186112 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 06:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 06:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 06:28 81920]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\609e5ee9]
C:\Users\Lasse\AppData\Local\Temp\oxsniqwh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM63ad6d75]
C:\Users\Lasse\AppData\Local\Temp\jratsamm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
C:\Windows\system32\xxyvUlLC.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Windows\system32\fcCrrspN.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{408BE893-C5EE-41A7-81F9-FADAF585B0EB}"= UDP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II
"{4C0E4ED4-E43C-48F9-97F7-48EF7C22ABF9}"= TCP:C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II
"{EF839638-1E88-4D3C-B322-5623400B2618}"= UDP:C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{6F6AE397-D98B-4729-8AB4-410A27567729}"= TCP:C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{5D02082D-0EFB-43C2-AA88-39BA6E0FC8F1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7D07383E-D12E-4AA8-ABFD-A1B3F3A31FAF}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6A147DED-DDE4-497D-84F8-EB0898886B9B}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{1268A6A8-2901-4897-B1CF-570227DB5955}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{C0575BB4-DCA0-46D4-9169-51A154F9B9B3}"= UDP:C:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat:The Battle for Middle-earth
"{EBCB3659-BB49-44D1-84AC-2BDD5A11996E}"= TCP:C:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat:The Battle for Middle-earth
"{CD8BC978-42A3-4762-BDA8-3143F4256671}"= UDP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{00FB5EAA-33CD-4275-A85C-DDDAADCA6621}"= TCP:C:\Program Files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{7834171C-2C67-4806-901E-3FEDEA2A20C0}"= UDP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{012B51E2-DB2A-4D24-A5D3-39F09FE33A6B}"= TCP:C:\Program Files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{F34E09CA-2FBE-4AEF-94DF-639D43EDF7BA}"= UDP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{0406DD43-2720-4416-B131-04DCF5F44AB6}"= TCP:C:\Program Files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{2BC4FF1B-98F1-46EC-BF29-8ED02FC869CF}"= UDP:5000:AresChatServer
"{A9F88261-E050-4BDF-9E90-0CE084EAD28F}"= TCP:2799:Altova License Metering Port (UDP)
"{6CC247B1-D77F-4DF0-BA80-9C8D65AD314F}"= UDP:2799:Altova License Metering Port (TCP)
"{8536701C-9967-487C-8353-DEE3C21FAFB3}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{EFB861C6-0554-4E94-916C-5C453C6632D9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{3C35FA13-37AB-4563-9FC9-73B3AEB68011}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9BC2BCC1-C0AF-4286-9FB4-08F7000CAF66}"= UDP:C:\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II
"{4708DA17-4475-43A9-AA8C-4B49923DD8B4}"= TCP:C:\Electronic Arts\The Battle for Middle-earth II\game.dat:The Battle for Middle-earth II
"{59D22197-D2F3-4B88-9110-EDE182104656}"= UDP:C:\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{43A888B7-299A-4D6D-8CE7-11273A457A4C}"= TCP:C:\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{F9F86575-F148-4B59-A57C-1D0B69B7A1EB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{7D0127F6-229F-4920-8A83-612A49C3636C}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{79A9A034-730A-462A-861C-48EF0C87A0D9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9D981F88-320F-414C-B7BA-A329FA8806AF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{93564E9F-B958-4EBC-9F5B-06D115E4B388}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{C685FE67-E130-4B19-B4A2-93F5FA2B9530}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{FBBA2392-965F-4D87-A1DB-308A58EF0407}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{38DF25D9-B9A2-496A-A09B-61229F3282CE}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{3E662055-E0D8-4689-B8E2-B9D5D633D5B6}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{490E4944-313E-48AF-A8CB-72E34C9379B1}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{7F847435-F070-4F10-8170-7D771FD8C7A8}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{EA054671-003E-40DC-A2E4-DEEBA4DF6DCE}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1132C691-EA79-447C-9E2B-A8EDA0A68869}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D31127E9-60C0-435E-9A8C-9AED007F16DA}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{A16452B9-AB45-4E9D-91F1-394A883E4B10}"= UDP:C:\Program Files\3dsmax2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{9D0BF382-D777-47A8-80F3-EE69BF6800FE}"= TCP:C:\Program Files\3dsmax2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{BE15AC57-4BD8-41B7-B7DF-F218B3EB9F26}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-02-13 18:18]
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 11:57]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;"C:\Program Files\3dsmax2009\mentalray\satellite\raysat_3dsMax2009_32server.exe" [2008-03-10 00:04]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 20:55]
S3 UPnPService;UPnPService;C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 17:00]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-30 19:32:30 C:\Windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Lasse.job"
NOTE: Kaspersky Scanning log is uploaded as a zip attachment because filesize was above 500 KB!