SystemLook 30.07.11 by jpshortstuff Log created at 21:58 on 06/11/2013 by Natalia Administrator - Elevation successful ========== filefind ========== Searching for "lydac.exe" C:\FRST\Quarantine\lydac.exe --a---- 440320 bytes [16:33 22/08/2013] [16:33 22/08/2013] 01B6BCA3428F05F567683CDE4BFDFA07 ========== regfind ========== Searching for "lydac.exe" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="WinRAR archiver" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{65246E6A-591B-45C4-B3D0-F9E03484CC2F}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{3238FD1A-0F17-4258-BC51-2F4D29F13BFB}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{BACB726B-8CF9-4B92-8438-41991DA76683}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{0A7542AE-B3E5-4742-90FD-0079C580AD1A}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{65246E6A-591B-45C4-B3D0-F9E03484CC2F}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{3238FD1A-0F17-4258-BC51-2F4D29F13BFB}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{BACB726B-8CF9-4B92-8438-41991DA76683}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{0A7542AE-B3E5-4742-90FD-0079C580AD1A}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{65246E6A-591B-45C4-B3D0-F9E03484CC2F}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{3238FD1A-0F17-4258-BC51-2F4D29F13BFB}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{BACB726B-8CF9-4B92-8438-41991DA76683}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "UDP Query User{0A7542AE-B3E5-4742-90FD-0079C580AD1A}C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\natalia\appdata\roaming\ciuh\lydac.exe|Name=lydac.exe|Desc=lydac.exe|" [HKEY_USERS\S-1-5-21-3742656717-3761440051-3153037642-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="WinRAR archiver" [HKEY_USERS\S-1-5-21-3742656717-3761440051-3153037642-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\users\natalia\appdata\roaming\ciuh\lydac.exe"="WinRAR archiver" -= EOF =-