Druingz

5. april 2008

Erotic Dwarf Crime Scene Investigation

heh..

4. april 2008

Okei. Takker så mye for hjelpen. Satser på at eg ikke blir hacka i løpet av natten da =)

4. april 2008

Her er fra Virus total

File flashax.exe received on 04.04.2008 23:22:29 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 1/32 (3.13%)

Loading server information...

Your file is queued in position: 15.

Estimated start time is between 83 and 119 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

AhnLab-V3 2008.4.4.1 2008.04.04 -

AntiVir 7.6.0.81 2008.04.04 -

Authentium 4.93.8 2008.04.04 -

Avast 4.7.1098.0 2008.04.04 -

AVG 7.5.0.516 2008.04.04 -

BitDefender 7.2 2008.04.04 -

CAT-QuickHeal 9.50 2008.04.04 -

ClamAV 0.92.1 2008.04.04 -

DrWeb 4.44.0.09170 2008.04.04 -

eSafe 7.0.15.0 2008.04.01 -

eTrust-Vet 31.3.5670 2008.04.04 -

Ewido 4.0 2008.04.04 -

F-Prot 4.4.2.54 2008.04.04 -

F-Secure 6.70.13260.0 2008.04.04 -

FileAdvisor 1 2008.04.04 No threat detected, but known vulnerabilities exist

Fortinet 3.14.0.0 2008.04.04 -

Ikarus T3.1.1.20 2008.04.04 -

Kaspersky 7.0.0.125 2008.04.04 -

McAfee 5267 2008.04.04 -

Microsoft 1.3408 2008.04.03 -

NOD32v2 3003 2008.04.04 -

Norman 5.80.02 2008.04.04 -

Panda 9.0.0.4 2008.04.04 -

Prevx1 V2 2008.04.04 -

Rising 20.38.60.00 2008.04.03 -

Sophos 4.28.0 2008.04.04 -

Sunbelt 3.0.978.0 2008.03.18 -

Symantec 10 2008.04.04 -

TheHacker 6.2.92.265 2008.04.04 -

VBA32 3.12.6.3 2008.03.25 -

VirusBuster 4.3.26:9 2008.04.04 -

Webwasher-Gateway 6.6.2 2008.04.04 -

Additional information

File size: 606848 bytes

MD5...: a16126510106990df3e4445191adead8

SHA1..: 444b40b55c52b57472a6011ea7bdc5e2566e0242

SHA256: d3eb813e23cbbdc7c2b289e849064b1505f1d906b9c1d244d73a6f0702579598

SHA512: 7c5de3d51c9c3845237daf832cbff39b0d588826c1315ee944b528402c156a4e

945eb9f936fe0c9dcf455506a6c7b65bfe5aef39f02e91dbb4bbc3ffe9163df8

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x10065c0

timedatestamp.....: 0x32d64001 (Fri Jan 10 13:11:29 1997)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0xf78c 0xf800 6.50 76d3a10694feea19b07d36ef95096717

.data 0x11000 0x941c 0x3400 1.90 14ad842169a441882dfc3613c64c88d0

.rsrc 0x1b000 0x7e000 0x7dc00 7.95 29661ae0cb7392a9d3a623bd184011b6

.reloc 0x99000 0x1848 0x1a00 5.58 531fb64130d5b5539ef767bd8109c292

( 6 imports )

> ADVAPI32.dll: RegDeleteValueA, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, FreeSid, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegOpenKeyA, RegQueryInfoKeyA

> KERNEL32.dll: lstrcatA, GetFileAttributesA, lstrlenA, lstrcmpiA, GetPrivateProfileStringA, GetCurrentProcess, GetPrivateProfileIntA, lstrcpyA, GetModuleFileNameA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, _lclose, _llseek, _lopen, GetWindowsDirectoryA, CreateDirectoryA, GetSystemDirectoryA, GlobalUnlock, GlobalFree, GlobalLock, GlobalAlloc, LoadResource, CreateMutexA, GetLastError, SetEvent, CreateEventA, SetCurrentDirectoryA, TerminateThread, ResetEvent, CreateThread, GetVersionExA, FormatMessageA, FreeLibrary, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, LoadLibraryA, FreeResource, LockResource, SizeofResource, CreateFileA, ReadFile, WriteFile, LocalAlloc, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, GetTempFileNameA, GetSystemInfo, GetDiskFreeSpaceA, FindResourceA, GetDriveTypeA, GetVolumeInformationA, GetCurrentDirectoryA, LoadLibraryExA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, LocalFree, UnhandledExceptionFilter, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetFileType, GetStdHandle, DeleteCriticalSection, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, HeapFree, HeapAlloc, VirtualAlloc, GetLocaleInfoA, GetLocaleInfoW, FlushFileBuffers, SetStdHandle, CloseHandle, lstrcpynA, SetFilePointer, RtlUnwind

> GDI32.dll: GetDeviceCaps

> USER32.dll: PeekMessageA, LoadStringA, GetDesktopWindow, wsprintfA, ExitWindowsEx, CharPrevA, CharNextA, SetWindowLongA, GetWindowLongA, CallWindowProcA, GetDlgItem, SetForegroundWindow, SetWindowTextA, SendDlgItemMessageA, GetDlgItemTextA, EnableWindow, SendMessageA, SetDlgItemTextA, DispatchMessageA, MsgWaitForMultipleObjects, MessageBoxA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, ShowWindow, DialogBoxIndirectParamA, MessageBeep, EndDialog

> COMCTL32.dll: -

> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

( 0 exports )

Bit9 info: http://fileadvisor.bit9.com/services/extin...3e4445191adead8

4. april 2008

Eg gikk inn på en link som eg ikke burde gå inn på på wow forumet. Såg deretter at folk advarte mot at det var en keylogger. Kan gi en link om du vil det.

Avast fant heller ingenting.

Her er loggen fra combofix:

ComboFix 08-04-03.5 - André 2008-04-04 22:39:55.3 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1008 [GMT 2:00]

Running from: C:\Users\André\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))

.

2008-04-04 21:49 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys

2008-04-04 21:49 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys

2008-03-19 12:31 . 2008-03-19 12:31 288,582,209 --a------ C:\Windows\MEMORY.DMP

2008-03-15 21:56 . 2008-03-15 22:08 146,927,720 --a------ C:\Users\André\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe

2008-03-12 05:49 . 2007-12-17 00:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-03-12 05:49 . 2007-12-16 11:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-03-11 19:58 . 2008-03-11 19:58 <DIR> d-------- C:\Users\André\AppData\Roaming\Creative

2008-03-10 15:48 . 2008-03-10 15:48 <DIR> d-------- C:\Windows\xrayScreensaver2 dir

2008-03-10 15:48 . 2008-03-10 15:48 606,848 --a------ C:\Windows\flashax.exe

2008-03-10 15:48 . 2008-03-10 15:48 194,560 --a------ C:\Windows\xrayScreensaver2.scr

2008-03-10 15:48 . 2008-03-10 15:48 12,288 --a------ C:\Windows\impborl.dll

2008-03-09 20:44 . 2008-03-09 20:44 <DIR> d-------- C:\Program Files\Ventrilo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-04 20:40 3,407,872 --sha-w C:\Users\André\ntuser.dat

2008-04-04 20:04 --------- d-----w C:\Users\André\AppData\Roaming\OpenOffice.org2

2008-04-04 19:55 159,147 ----a-w C:\Users\André\AppData\Roaming\nvModes.dat

2008-04-04 12:44 --------- d-----w C:\Users\André\AppData\Roaming\LimeWire

2008-04-04 12:31 --------- d-----w C:\Users\André\AppData\Roaming\Azureus

2008-04-02 09:40 --------- d-----w C:\Program Files\World of Warcraft

2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe

2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys

2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys

2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys

2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr

2008-03-23 16:45 --------- d-----w C:\Users\André\AppData\Roaming\Real

2008-03-15 20:08 146,927,720 ----a-w C:\Users\André\WoW-2.3.3.7799-to-0.4.0.7897-enGB-patch.exe

2008-03-13 02:11 --------- d-----w C:\Program Files\Windows Mail

2008-03-13 02:05 --------- d-----w C:\ProgramData\Microsoft Help

2008-03-11 17:58 --------- d-----w C:\Users\André\AppData\Roaming\Creative

2008-03-10 20:57 --------- d-----w C:\Program Files\Azureus

2008-03-09 18:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-08 17:56 --------- d-----w C:\Program Files\Notebook Hardware Control

2008-03-08 17:49 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-03-06 16:13 --------- d---a-w C:\ProgramData\TEMP

2008-03-01 23:46 --------- d-----w C:\Users\André\AppData\Roaming\Winamp

2008-03-01 23:19 --------- d-----w C:\Program Files\Winamp

2008-03-01 20:44 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-02-23 11:46 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-23 11:46 --------- d-----w C:\Program Files\Creative

2008-02-13 10:39 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-13 10:39 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys

2008-02-13 10:36 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys

2008-02-13 10:36 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-13 10:36 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-13 10:36 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys

2008-02-13 10:36 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys

2008-02-13 10:36 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys

2008-02-13 10:36 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys

2008-02-13 10:35 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys

2008-02-13 10:35 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-02-13 10:35 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-02-13 10:35 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-02-13 10:35 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-13 10:35 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-13 10:35 216,632 ----a-w C:\Windows\system32\drivers\netio.sys

2008-02-13 10:35 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-02-13 10:35 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-02-13 10:35 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-13 10:35 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-02-13 10:33 824,832 ----a-w C:\Windows\System32\wininet.dll

2008-02-13 10:33 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-13 10:33 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-13 10:33 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-07 18:24 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-02-07 16:21 22,328 ----a-w C:\Users\André\AppData\Roaming\PnkBstrK.sys

2008-02-07 16:03 --------- d-----w C:\Program Files\Activision

2008-02-05 20:46 --------- d--h--w C:\Program Files\Creative Installation Information

2008-02-05 20:45 --------- d-----w C:\Program Files\Common Files\Creative

2008-02-04 16:17 --------- d-----w C:\ProgramData\Azureus

2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll

2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe

2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2007-12-24 21:07 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]

"Acer Tour Reminder"="" []

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"Generic Host Process for Win32 Services"="svchosts.exe" []

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]

"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-03-07 18:47 843776]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Generic Host Process for Win32 Services"="svchosts.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-16 06:05 1006264]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 07:09 865840]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]

"Acer Tour"="" []

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 09:33 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 09:32 8433664]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 09:33 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 12:39 4702208 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2007-09-04 12:39 1826816 C:\Windows\SkyTel.exe]

"PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 14:47 45056]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]

"SetPanel"="C:\Acer\APanel\APanel.cmd" [ ]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 03:36 707080]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]

"eRecoveryService"="" []

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"Updater"="C:\Windows\system32\updater\explorer.exe" [2007-11-15 16:59 1476987]

"Generic Host Process for Win32 Services"="svchosts.exe" []

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-11 16:53 185896]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]

"CreativeMS2020"="C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 14:58 143360]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Generic Host Process for Win32 Services"="svchosts.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-08-01 18:30 151552]

C:\Users\Andr‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-09-11 06:43:54 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-12-24 22:42:26 1208320]

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664]

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-16 06:52:34 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

"MSVideo8"= VfWWDM32.dll

"VIDC.FPS1"= frapsvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{AE2BF644-D639-445C-84C4-ED01488B8E04}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{C838F199-B1ED-4E88-AEBF-E9A4D29805AC}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{AEFAA8AC-EDC0-4749-A353-C462F267EB99}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{4660D352-2FAC-4636-AB0B-D8372BE3D089}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{069A8F76-CA27-471B-B85B-BB1463800054}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{DA2ADCFE-F75E-4C7B-BC68-8D688E3BC345}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A68FF2E9-962D-46CD-BEA9-C4DA6E0BB2E8}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{883A8489-3088-4340-8A44-E0260072428F}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{599700F8-F2A9-42F0-9468-49F9C934A1F1}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{754AA326-74FF-46A6-BD52-856BFF1AD4D4}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM

"{890DD9B5-4EE6-406A-90BC-0DC1DB0A9F5A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{6B4E9696-F9CD-472D-81B7-B352C72677CC}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{F50DEECA-EF7C-463E-91B3-5B2DB98AD30A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{CBFDCC41-6521-4C78-A1F7-C2A98A4C4960}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader

"UDP Query User{D7AFD52E-3A10-4F78-9E92-A586561EF71A}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-engb-patch-downloader.exe:Blizzard Downloader

"TCP Query User{B05F4EC9-62F0-42B2-A818-0237161F24A8}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{CBDE62CE-0358-4B94-903C-5F2588F2C456}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"TCP Query User{FE3D4FDC-A1B8-400E-BA05-3B97880B2D68}C:\\program files\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader

"UDP Query User{1811586E-A84A-4C98-A009-E58163A00AD9}C:\\program files\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader

"TCP Query User{53800CFD-8C2E-4E6A-B12D-7A3281410BAA}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"UDP Query User{C5ED8FC8-2B92-4187-A6C4-27C44DF1D2CC}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

"TCP Query User{28AA94D8-5117-4662-B72A-7AEABC98A9E9}C:\\program files\\world of warcraft\\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe:Blizzard Downloader

"UDP Query User{78ACABDA-D08E-4922-871C-71571552C79A}C:\\program files\\world of warcraft\\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.3.0.7561-to-2.3.2.7741-engb-downloader.exe:Blizzard Downloader

"{2B428DB7-1C0E-47D5-A20E-A9B0C505E92D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{F32E7A2F-33C4-4DD8-9DEF-E015D0F5B1F5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{FE1EC01D-5A00-4BC1-A116-924F615A8D9E}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{9DD7538D-C560-42CC-82AF-B4EA79294300}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{F9336076-CB0D-47A1-9D64-329D566C63B8}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer

"UDP Query User{E6AA25B3-4AC6-4BB5-BE36-3504AA226987}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer

"TCP Query User{E13D7A32-9CFF-449D-ACF6-E1A6CE5BB24F}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{F0F867E9-C62B-47C9-88AC-92168E295EB3}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"{0407BA78-E312-4859-89AD-13F9F55F6E11}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{FAD6EC0C-D871-4D66-971A-DF3F3DBA1A1C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{C0B234F7-6DA2-404A-906E-3833E64492B7}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{8CD1F7FC-24D4-46A3-B5C1-D22203AFD3F5}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{C9E3CA40-0951-49C9-97B7-6C5047FF397D}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp

"UDP Query User{4A0B0D4B-F8FA-4093-81F4-9C0F43F43DB4}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp

"{BFAD86F1-327A-4619-86AC-CF286E58E635}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{DAB8E03E-0FAB-48D0-8FA3-5D916F73221B}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{F2B60A0F-0444-43AD-9A7A-9561E3260C38}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{A548A92D-C153-4A44-ACBA-297CE5C85001}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb

"{54C74A2B-9F38-444A-9801-6A0923112ACA}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{A055D4EE-082E-42A7-84BC-9051E5B7A278}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray

"{E5436ED5-7810-4F52-88DD-1AC9769AB5AD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{3AB868CB-5551-4967-9B20-06A14F38A6E6}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR

"{86CBC6B0-3199-4069-8439-089D138FC14A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"{15055087-142F-4215-AA4B-3911AA4755EB}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client

"TCP Query User{BFF67AC6-95DF-4C33-A559-166C9C2D2E73}C:\\windows\\winsxs\\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\\iexplore.exe"= UDP:C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe:Internet Explorer

"UDP Query User{1BD9F6EE-1D6C-4D07-AAFA-AB9D02768DED}C:\\windows\\winsxs\\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\\iexplore.exe"= TCP:C:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe:Internet Explorer

"TCP Query User{D5B88F53-8FB1-4FA6-83AB-031E7185A7EC}C:\\users\\andré\\downloads\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= UDP:C:\users\andré\downloads\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe

"UDP Query User{AFEE4956-1EE9-4C23-9DD7-07702937255A}C:\\users\\andré\\downloads\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= TCP:C:\users\andré\downloads\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe

"TCP Query User{833A07FF-C727-4A4A-AB26-AFDD50C8E385}C:\\users\\andré\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= UDP:C:\users\andré\desktop\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe

"UDP Query User{22E5B5AB-40E5-4410-91D0-8897EEA9E37E}C:\\users\\andré\\desktop\\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe"= TCP:C:\users\andré\desktop\wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe:wow-2.3.3.7799-to-0.4.0.7897-engb-downloader.exe

"TCP Query User{DFDC80E1-7961-481F-96CE-0C56A5B052CA}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"UDP Query User{46A0EF13-99B0-4CE1-86B2-0474CEC563BD}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu

"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption

"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34]

R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34]

R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34]

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 17:51]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]

R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34]

R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54]

R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50]

R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]

R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 12:23]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 09:33]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 09:09]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03]

S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 21:46]

S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 08:20]

S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 08:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04262e44-b28d-11dc-8157-806e6f6e6963}]

\shell\AutoRun\command - F:\Setup.exe

*Newly Created Service* - ASWFSBLK

*Newly Created Service* - ASWSP

.

Contents of the 'Scheduled Tasks' folder

"2008-01-02 13:54:39 C:\Windows\Tasks\Uniblue SpyEraser.job"

- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-04 22:42:13

Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-04 22:42:58

ComboFix-quarantined-files.txt 2008-04-04 20:42:53

ComboFix2.txt 2008-01-24 08:45:07

Pre-Run: 11,690,688,512 byte ledig

Post-Run: 11,674,136,576 byte ledig

.

2008-04-04 16:28:09 --- E O F ---

4. april 2008

Ey

Eg tror eg har fåt en keylogger installert på pcen(som stjeler, for det eg veit, wow passordet og brukernavnet ditt). SpyBot fant ingenting. Holder på å scanne med avast. Vist den heller ikke finner noe, er det noen grunn til bekymring.

17. mars 2008

jaja. Men det er det samme greiene heile tida ;[

16. mars 2008

Hei. Når jeg prøver å lage en ny snarvei på skrivebordet, venstreklikk > ny > snarvei, Skjer det ingenting. Noen som vet hva det kan vere?

4. mars 2008

hvor mange sesonger er det av scrubs?

1. mars 2008

når eg fikk min aspire 5920 så ville den ikke starte når eg hadde hatt den noen dager. ser ut som at det har gitt seg no. vetjse ka det er.

29. februar 2008

takker for svar :thumbup:

Skal prøve å heve maskinen med ett eller annet og se om det blir nokke bedre =)

27. februar 2008

Hei. Eg har en Acer aspire 5920g, som blir veldig varm når eg spiller, som f.eks wow. Når den blir varm begynner alt å hakke og musa går tregt og hakkete over skjermen. Pcen står kun på hard underlag men virka ikke som at vifta klara å kjøle ned maskina godt nokk.

Noen forslag til hva eg kan gjøre?

11. februar 2008

et klistermerke som eg kan feste på ting(før eg mister de), som kan man kan spore med et instrument som piper jo nærmere man kommer det. som f.eks er mobilen min (og laderen -.-) vekke, og har vert det i et halvt år no.

7. februar 2008

Det står at man trenger minst -0,5 syn styrke på begge øynene, ukorigert. Er det uten briller og linser, eller kommer man ikke inn med laseropperert syn?

22. januar 2008

Ser ut som at eg har fikset det nå. Takker så mye :thumbup:

Men med hver gang eg opner Internett Explorer kommer det en boks opp som sier:

Finner ikke ::{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}. Kontroller at banen eller internett adressen er riktig.

Og når eg trykker OK, forsvinner den og eg kommer inn på Internett Explorer. Hva i all verden er det for noe?

22. januar 2008

Heisann.

Når eg skanner pcen min med SpyBot, får eg vite at eg har ett problem på pcen: Smitfraud-C.generic.

Når eg prøver å fjerne denne får eg medling om at eg ikke er administrator, men eg fortsetter, og får meldingen:

Unexpected error in fixing problems

(Cannot create file "C:\\Windows\wininit.ini". Ingen tilgang)

Smitfraud-C.generic er ikke blit fjernet.

Eg har også opplevd at pcen ikke starter ordentlig, skjermen og viftene skrur seg av men pcen går fortsatt, kanskje det har noe med Smitfraud å gjøre?

Kan noen hjelpe ?

4. januar 2008

Hei, stefaren min har fått seg en iPod Touch. Men han får ikke til å koble den til tv'en. Han har koblet i den medfølgende ledningen, vet ikke hva den heter , som kobles til en av kontakt. Men den viser ingenting på tv'en.

Noen som kan hjelpe med hva som eg galt ? kansje det er noen ville innstillinger han må stille på?

2. januar 2008

absolutt et flott bilde.

31. desember 2007

Hei igjen.

Eg har scannet maskinen med Ad-Aware 2007. Fant 41 infiserte filer og eg fikk sletta de. Holder på å scanne nå med Avast antivirus. Internetten på maskinen ser ut til å funke veldig bra, i alle fall så langt.

Får se kordan det går.

Eg bruker vanligvist Avast, og ad-aware. Eg har Vista home premium.

Takker for tilbakemeldinger =)

29. desember 2007

Heisann.

Eg har en helt ny bærbar pc, Acer aspire 5920g. Etter å ha brukt den noen dager, kom det opp at svchosts.exe trengte godkjenning for å koble til. Eg var ikke sikker på hva det var, så eg krysset det bare bort. Men etter at eg gjorde det har internettet på pcen slutta nesten helt å funke etter at pcen har stått på i ca 1 min. Med en gang eg har slått på pcen så funka internettet som det skal, men etter et minutt funker den nesten ikke eller ikke i det hele tatt, selv om pcen gir beskjed om at nettet er kobla til og funker som bare det.

Andre pcer som eg har, har ingen problem når de er kobla til nettet mitt.

Noen som har en idé om hva som kan vere galt og hva eg må gjøre for å fikse dette?

Logg inn

Druingz

Innlegg

Ble med

Besøkte siden sist

Innholdstype

Profiler

Forum

Hendelser

Blogger

Om forumet

Innlegg skrevet av Druingz

Lag dine egne titler for spill! Navnegenerator...

Tror eg har keylogger

Tror eg har keylogger

Tror eg har keylogger

Tror eg har keylogger

Ny snarvei -> Vista

Ny snarvei -> Vista

Scrubstråden v 1.0

Acer aspire 5920.. Noe Feil her!

Hjelp varm! bærbar

Hjelp varm! bærbar

Hvilken oppfinnelse trenger du nå:P?

Politihøyskolen - spm angående opptakskrav

Fjerning av Smitfraud

Fjerning av Smitfraud

Hvordan koble iPod Touch til tv?

BK: Stemning på kirkegården

Internett problem på ny pc

Internett problem på ny pc