Infekterad dator som är seg

3 sidor
1
2
3
→

Du kan inte starta en ny tråd
Du kan inte svara i tråden

#1
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 23 jul 2010, 21:38

Hej!

Jag har lite problem med min dator, den är lite seg och så df körde jag också
samma program (ComboFix) som du rekomenderade o här är logen:
Tack så jättemycket! kolla om det är något strull!

ComboFix 10-07-22.06 - bou 2010-07-23 21:22:10.1.1 - x86
Körs från: c:\documents and settings\bou\Skrivbord\ComboFix.exe
* Skapade en ny återställningspunkt
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\bou\Application Data\chrtmp
c:\documents and settings\bou\Start-meny\Program\Mach7.lnk
c:\program\Delade filer\m7
c:\program\Delade filer\m7\finish_install.exe
c:\program\Delade filer\m7\in.vbs
c:\program\Delade filer\m7\licence.txt
c:\program\Delade filer\m7\mach7.dat
c:\program\Delade filer\m7\mach7.exe
c:\program\Delade filer\m7\mach7ico.ico
c:\program\Delade filer\m7\startm7.bat
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\fonts
c:\windows\system32\fonts\DataStudioSymbol.TTF
c:\windows\system32\mxpvct22.dat
c:\windows\system32\mxpvct25.dat
c:\windows\Temp\_ex-08.exe

----- BITS: Troligen infekterade webbplatser -----

hxxp://www.podtrac.com
hxxp://libsyn.com
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS

(((((((((((((((((((((((( Filer Skapade från 2010-06-23 till 2010-07-23 ))))))))))))))))))))))))))))))
.

2010-07-23 19:34 . 2010-07-23 19:34 -------- dc----w- c:\temp\WPDNSE
2010-07-23 19:33 . 2010-07-23 19:33 53248 -c--a-w- c:\temp\catchme.dll
2010-07-23 19:32 . 2010-07-23 19:32 16384 -c--atw- c:\temp\Perflib_Perfdata_154.dat
2010-07-23 10:36 . 2010-07-23 19:26 -------- dc----w- c:\temp\div9.tmp
2010-07-21 10:05 . 2010-07-21 10:05 -------- dc----w- c:\temp\div3.tmp
2010-07-19 22:12 . 2010-07-22 19:11 -------- dc----w- c:\documents and settings\bou\Application Data\vlc
2010-07-19 22:09 . 2010-07-19 22:09 -------- dc----w- c:\documents and settings\bou\Lokala instï¿½llningar
2010-07-19 22:03 . 2010-07-19 22:03 -------- dc----w- c:\documents and settings\bou\Application Data\MozillaControl
2010-07-19 22:03 . 2010-07-23 19:26 -------- dc----w- c:\temp\{1D2C96C3-A3F3-49E7-B839-95279DED837F}
2010-07-19 22:01 . 2010-07-19 22:01 -------- dc----w- c:\program\Mozilla ActiveX Control v1.7.12
2010-07-19 21:57 . 2010-07-19 22:25 -------- dc----w- c:\program\Graboid
2010-07-19 20:12 . 2010-07-23 19:26 -------- dc----w- c:\temp\divBA.tmp
2010-07-14 15:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml1
2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml
2010-07-14 14:57 . 2010-07-14 14:57 -------- dc----w- c:\temp\VBE
2010-07-14 13:37 . 2010-07-23 19:26 -------- dc----w- c:\temp\iss1D.tmp
2010-07-14 13:19 . 2010-07-14 13:19 -------- dc----w- c:\temp\div16.tmp
2010-07-14 13:18 . 2010-07-23 19:26 -------- dc----w- c:\temp\is-TE48T.tmp
2010-07-14 12:58 . 2010-07-14 13:24 -------- dc----w- c:\temp\comtypes_cache
2010-07-14 11:51 . 2010-07-14 11:51 -------- dc----w- c:\windows\system32\wbem\Repository
2010-07-14 11:11 . 2010-07-14 11:54 766976 -c--a-w- c:\windows\system32\drivers\djscd.sys
2010-07-14 11:02 . 2010-07-20 22:00 -------- dc----w- c:\temp\hsperfdata_bou
2010-07-14 10:58 . 2010-07-14 10:58 -------- dc----w- c:\temp\div5.tmp
2010-07-13 21:02 . 2010-07-23 19:26 -------- dc----w- c:\temp\MessengerCache
2010-07-13 19:01 . 2010-07-13 19:01 -------- dc----w- c:\documents and settings\All Users\Application Data\wanted_demo
2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros
2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\program\AGEIA Technologies
2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\windows\system32\AGEIA
2010-07-13 14:46 . 2010-07-13 14:46 -------- dc----w- c:\program\Delade filer\Wise Installation Wizard
2010-07-13 09:47 . 2010-07-23 19:26 -------- dc----w- c:\temp\divA.tmp
2010-07-12 14:56 . 2010-07-12 14:56 -------- dc----w- c:\program\Thomas Wright Consulting
2010-07-11 11:08 . 2010-07-11 11:08 -------- dc----w- c:\windows\BBSTORE
2010-07-11 11:08 . 1997-05-12 14:53 314368 -c--a-w- c:\windows\IsUninst.exe
2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\program\Telia
2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Support.com
2010-07-10 19:16 . 2010-07-10 19:16 -------- dc----w- c:\windows\system32\winrm
2010-07-10 19:15 . 2010-07-10 19:16 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\program\MAGIX
2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-07-10 13:53 . 2010-07-10 14:56 -------- dc----w- c:\program\Ace Translator
2010-07-10 11:29 . 2010-07-10 11:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Boss Media
2010-07-08 19:56 . 2010-07-08 19:58 -------- dc----w- c:\windows\uninstall
2010-07-08 17:14 . 2010-07-08 17:14 -------- dc----w- c:\documents and settings\bou\Application Data\Need for Speed World
2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Ask.com
2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Adobe PhotoShop CS3
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Windows Desktop Search
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\PhotoFiltre
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Xara
2010-07-08 14:38 . 2010-07-14 13:37 -------- dc----w- c:\program\Uniblue
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\UnHackMe
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----r- c:\program\Net Nanny
2010-07-08 14:36 . 2010-07-08 16:25 -------- dc----w- c:\program\Delade filer\Adobe AIR
2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\documents and settings\bou\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2010-07-08 13:13 . 2010-07-08 14:36 -------- dc----w- c:\program\AdobeSupportAdvisor
2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\program\Delade filer\Adobe AIR(3)
2010-07-07 10:29 . 2010-07-07 10:29 -------- dc----w- c:\program\Activision
2010-07-04 20:04 . 2010-07-04 20:05 -------- dc----w- c:\documents and settings\All Users\Application Data\PlatinumHideIP
2010-07-04 20:04 . 2010-07-04 20:04 -------- dc----w- c:\documents and settings\bou\Application Data\PlatinumHideIP
2010-07-04 18:41 . 2010-07-04 20:03 -------- dc----w- c:\documents and settings\bou\Application Data\DVD Flick
2010-07-04 18:40 . 2010-07-04 18:41 -------- dc----w- c:\program\DVD Flick
2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 23:20 . 2010-07-03 23:20 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-07-03 23:20 . 2010-07-03 23:20 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe
2010-07-03 23:20 . 2010-07-03 23:20 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2010-07-02 16:54 . 2010-07-02 16:54 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-01 19:53 . 2010-07-01 19:53 -------- dc----w- c:\documents and settings\bou\Application Data\CheeseSoft
2010-07-01 19:53 . 2010-07-01 19:54 -------- dc----w- c:\program\FinalUninstaller
2010-06-27 15:36 . 2010-07-14 12:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-27 15:36 . 2010-06-30 11:11 -------- dc----w- c:\program\Spybot - Search & Destroy
2010-06-26 19:39 . 2010-06-26 19:39 2 -cshatr- c:\windows\winstart.bat
2010-06-26 00:06 . 2010-06-26 00:06 -------- dc----w- c:\program\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 19:32 . 2008-05-08 02:12 -------- dc----w- c:\program\NORMAN
2010-07-22 19:11 . 2010-07-19 22:12 -------- dc----w- c:\documents and settings\bou\Application Data\vlc
2010-07-19 22:49 . 2010-01-11 16:44 -------- dc----w- c:\documents and settings\bou\Application Data\uTorrent
2010-07-19 20:34 . 2010-02-03 17:56 -------- dc----w- c:\documents and settings\bou\Application Data\U3
2010-07-14 13:13 . 2010-05-07 17:01 -------- dc----w- c:\documents and settings\bou\Application Data\Uniblue
2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros
2010-07-13 18:48 . 2006-10-03 06:21 -------- dc-h--w- c:\program\InstallShield Installation Information
2010-07-11 10:58 . 2010-05-16 14:46 -------- dc----w- c:\program\MagicISO
2010-07-10 11:58 . 2010-06-14 16:59 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 11:58 . 2010-05-07 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 11:57 . 2010-07-10 11:57 56765 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 11:57 . 2010-05-07 21:05 -------- dc----w- c:\program\DivX
2010-07-10 11:57 . 2010-07-10 11:57 57715 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 11:57 . 2010-07-10 11:57 84054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 11:56 . 2010-07-10 11:56 54153 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 11:56 . 2010-06-16 17:39 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 11:54 . 2010-06-16 17:39 895256 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-08 16:24 . 2010-07-08 16:25 53632 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-08 16:23 . 2010-07-08 16:23 12124624 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe
2010-07-08 15:42 . 2010-02-11 14:34 -------- dc----w- c:\program\Delade filer\Adobe
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote
2010-07-04 18:46 . 2010-05-16 13:55 -------- dc----w- c:\documents and settings\bou\Application Data\ImgBurn
2010-07-04 18:45 . 2010-05-15 23:19 -------- dc----w- c:\program\ImgBurn
2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\documents and settings\bou\Application Data\PnkBstrK.sys
2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\documents and settings\bou\Application Data\PnkBstrK.sys
2010-07-01 22:16 . 2010-01-13 19:55 -------- dc----w- c:\documents and settings\bou\Application Data\HpUpdate
2010-07-01 21:26 . 2010-05-25 20:57 -------- dc----w- c:\program\Ubisoft
2010-07-01 20:11 . 2010-03-29 16:49 -------- dc----w- c:\documents and settings\bou\Application Data\Apple Computer
2010-07-01 15:30 . 2010-03-28 17:18 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-01 14:20 . 2008-05-08 02:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-30 19:54 . 2006-05-02 12:05 -------- dc----w- c:\program\Google
2010-06-30 13:33 . 2010-05-25 21:21 -------- dc----w- c:\program\CCleaner
2010-06-28 12:17 . 2010-04-25 08:27 1324 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-06-24 21:50 . 2008-05-30 08:03 -------- dc----w- c:\program\HP
2010-06-21 23:36 . 2010-03-24 20:19 -------- dc----w- c:\program\Free FLV Converter
2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-21 18:11 . 2010-05-29 10:14 -------- dc----w- c:\documents and settings\bou\Application Data\Dream Aquarium
2010-06-21 15:26 . 2010-06-21 15:24 -------- dc----w- c:\program\PcMedik
2010-06-19 19:54 . 2010-06-23 10:24 168448 -c--a-w- c:\windows\Wpicug.exe
2010-06-19 19:54 . 2010-06-22 12:01 168448 -c--a-w- c:\windows\Wpicuf.exe
2010-06-19 19:54 . 2010-06-21 23:49 168448 -c--a-w- c:\windows\Wpicue.exe
2010-06-19 19:54 . 2010-06-21 16:14 168448 -c--a-w- c:\windows\Wpicud.exe
2010-06-19 19:54 . 2010-06-21 09:02 168448 -c--a-w- c:\windows\Wpicuc.exe
2010-06-19 19:54 . 2010-06-20 10:47 168448 -c--a-w- c:\windows\Wpicub.exe
2010-06-19 19:53 . 2010-06-19 19:53 168448 -c--a-w- c:\windows\Wpicua.exe
2010-06-19 12:08 . 2010-06-19 12:08 -------- dc----w- c:\program\Saitek
2010-06-18 19:34 . 2010-02-27 14:29 -------- dc----w- c:\program\Windows Live Safety Center
2010-06-18 11:40 . 2004-08-04 12:00 84650 -c--a-w- c:\windows\system32\perfc01D.dat
2010-06-18 11:40 . 2004-08-04 12:00 446102 -c--a-w- c:\windows\system32\perfh01D.dat
2010-06-17 16:11 . 2010-01-17 17:51 -------- dc----w- c:\documents and settings\bou\Application Data\DivX
2010-06-17 10:44 . 2010-06-17 10:44 -------- dc----w- c:\program\SystemRequirementsLab
2010-06-17 10:16 . 2010-06-17 10:16 -------- dc----w- c:\program\Microsoft Games
2010-06-16 23:04 . 2010-02-11 20:41 -------- dc----w- c:\program\Windows Live
2010-06-16 23:03 . 2010-06-16 23:03 -------- dc----w- c:\program\Microsoft SQL Server Compact Edition
2010-06-16 17:39 . 2010-06-16 17:39 56997 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-16 17:39 . 2010-06-16 17:39 53600 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 54128 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 09:30 . 2010-03-24 20:19 311296 -c--a-w- c:\windows\system32\TubeFinder.exe
2010-06-08 09:00 . 2010-02-26 13:07 -------- dc----w- c:\documents and settings\bou\Application Data\Media Player Classic
2010-06-05 10:53 . 2010-06-05 10:53 -------- dc----w- c:\documents and settings\bou\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-06-05 10:07 . 2010-05-22 14:55 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-02 02:55 . 2010-06-23 12:23 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-23 12:23 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-23 12:23 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll
2010-05-29 10:14 . 2010-05-29 10:07 -------- dc----w- c:\program\Dream Aquarium
2010-05-27 20:32 . 2007-12-19 09:45 245936 -c--a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-27 20:31 . 2008-03-28 00:04 120104 -c--a-w- c:\windows\system32\SynTPCo4.dll
2010-05-27 20:31 . 2007-12-19 09:45 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-27 20:31 . 2007-12-19 09:45 210216 -c--a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 20:31 . 2007-12-19 09:45 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-26 09:41 . 2010-06-23 12:23 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
2010-05-25 20:59 . 2010-05-01 15:48 -------- dc----w- c:\program\Easy-Hide-IP
2010-05-25 20:59 . 2010-05-25 20:59 -------- dc----w- c:\program\Common Files
2010-05-25 20:54 . 2010-05-09 14:41 -------- dc----w- c:\program\AllWebMenus3
2010-05-25 20:54 . 2010-05-09 16:40 -------- dc----w- c:\program\Gigaset QuickSync(2)
2010-05-25 20:38 . 2010-02-25 16:29 -------- dc----w- c:\program\Sony Ericsson
2010-05-25 20:29 . 2010-05-21 22:07 -------- dc----w- c:\documents and settings\bou\Application Data\GetRightToGo
2010-05-25 20:29 . 2010-05-21 22:11 -------- dc----w- c:\program\Driver Checker
2010-05-25 20:26 . 2010-05-22 13:39 -------- dc----w- c:\program\Delade filer\Adobe AIR(2)
2010-05-25 20:06 . 2010-02-25 16:34 -------- dc----w- c:\program\QuickTime
2010-05-25 20:05 . 2010-05-25 19:38 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-17 19:00 . 2010-03-29 16:49 59052 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-05-06 10:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:10 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 05:44 . 2010-06-16 23:04 54760 -c--a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-04-25 10:55 . 2010-04-25 09:16 79488 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-04-25 10:55 . 2010-04-25 09:16 152576 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-04-17 18:59 . 2010-04-17 18:08 80 -csh--r- c:\windows\system32\D59F6963CD.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Norman ZANDA"="c:\program\NORMAN\Npm\bin\ZLH.EXE" [2009-10-06 275840]
"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"NNTray"="c:\program\Net Nanny\nnstart.exe" [2002-09-24 61440]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SwitchBoard"="c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
NalView.lnk - c:\program\Novell\ZENworks\NalView.exe [2005-9-8 35840]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2008-5-8 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 11:36 24576 -c--a-w- c:\windows\system32\Novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2007-05-02 02:21 364544 -c--a-r- c:\windows\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Photosmart Premier Snabbstart.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\HP Photosmart Premier Snabbstart.lnk
backup=c:\windows\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^bou^Start-meny^Program^Autostart^Telia Mobilt bredband.lnk]
path=c:\documents and settings\bou\Start-meny\Program\Autostart\Telia Mobilt bredband.lnk
backup=c:\windows\pss\Telia Mobilt bredband.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 -c--a-w- c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 02:28 11989960 -c--a-w- c:\program\Adobe\Adobe Bridge CS5\Bridge.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 -c--a-w- c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 16:05 15360 -c--a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 -c--a-w- c:\program\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 -c----w- c:\program\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 16:05 143872 -c--a-w- c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"ose"=3 (0x3)
"Bonjour Service"=2 (0x2)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\bou\\Skrivbord\\uTorrent.exe"=
"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program\\Ace Translator\\AceTrans.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-04-24 28552]
R1 NGS;Norman General Security Driver;c:\program\NORMAN\nvc\bin\ngs.sys [2010-01-11 25032]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-01-17 6899]
R2 Ndiskio;Ndiskio;c:\program\NORMAN\Nse\Bin\Ndiskio.sys [2010-01-11 24168]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-09-01 163840]
R2 USB Drive Letter Mananger;USBDLM;c:\program\USBDLM\USBDLM.exe [2006-05-24 64000]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [2005-01-10 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-01-10 2773]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-03 17149]
R3 nsesvc;Norman Scanner Engine Service;c:\program\NORMAN\Nse\Bin\Nsesvc.exe [2010-01-11 283976]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-01-11 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\program\NORMAN\nvc\bin\Nvcoas.exe [2010-01-11 185672]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\NORMAN\nvc\bin\Nvcsched.exe [2010-01-11 148808]
S2 hgfs;hgfs;c:\windows\system32\DRIVERS\hgfs.sys --> c:\windows\system32\DRIVERS\hgfs.sys [?]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-03-22 43392]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-02-25 13224]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-07-05 65664]
S3 SwitchBoard;SwitchBoard;c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-08-04 14336]
S4 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nattstad.se/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Filassociationer -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-adsnwk - c:\windows\system32\adsnwk.exe
HKLM-Run-FU_JFM - c:\program\FinalUninstaller\JFM.exe
MSConfigStartUp-Adobe ARM - c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-AGEIA PhysX SysTray - c:\program\AGEIA Technologies\TrayIcon.exe
MSConfigStartUp-IDMan - c:\temp\Rar$EX02.015\idm 5.18\IDMan.exe
MSConfigStartUp-m7 - c:\progra~1\common~1\m7\in.vbs
MSConfigStartUp-Sony Ericsson PC Suite - c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
MSConfigStartUp-swg - c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-Svenska Spels Poker - c:\casino\SVENSK~1\UNWISE.EXE
AddRemove-uTorrent - u:\\uTorrent.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 21:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NNTray = c:\program\Net Nanny\nnstart.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-2814842062-1513136318-2222897245-1045\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder]
@Denied: (A C D 2 3 6) (Everyone)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"D140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\program\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\msi.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'Explorer.exe'(3896)
c:\program\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\NLS\SVENSKA\NWSHLXNR.DLL
c:\windows\system32\NLS\SVENSKA\NOVNPNTR.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program\NORMAN\Npm\bin\ELOGSVC.EXE
c:\program\NORMAN\npm\bin\zanda.exe
c:\windows\system32\agrsmsvc.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program\Novell\ZENworks\nalntsrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program\Novell\ZENworks\wm.exe
c:\program\NORMAN\Npm\bin\NJEEVES.EXE
c:\program\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\NWTRAY.EXE
c:\program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\msiexec.exe
c:\program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program\NORMAN\Nvc\bin\cclaw.exe
c:\program\DataStudio\PASPortal.exe
.
**************************************************************************
.
Sluttid: 2010-07-23 21:42:14 - datorn startades om.
ComboFix-quarantined-files.txt 2010-07-23 19:42

Före genomsökningen: 64 613 941 248 byte ledigt
Efter genomsökningen: 65 233 313 792 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AE3DC8D7F051866BF7362490207FBACA

:thumbsup:

TACK!

Lev livet! ;)

#2
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 24 jul 2010, 02:18

ComboFix rekommenderas aldrig som första program att köra. Först vill se en översikt över datorn. Spara DDS på Skrivbordet.
http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.
Tryck Yes/Ja om frågan om Optional Scan dyker upp.
I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

#3
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 24 jul 2010, 18:27

Cecilia, den 24 jul 2010, 02:18, sa:

hej!
här är dds loggen:

DDS (Ver_10-03-17.01) - NTFSx86
Run by bou at 19:20:14,21 on 2010-07-24
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1919.1137 [GMT 2:00]

AV: Norman Virus Control *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

============== Running Processes ===============

C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRAM\NORMAN\Npm\bin\ELOGSVC.EXE
C:\PROGRAM\NORMAN\npm\bin\zanda.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\USBDLM\USBDLM.exe
C:\Program\Novell\ZENworks\wm.exe
C:\PROGRAM\NORMAN\Npm\bin\NJEEVES.EXE
C:\Program\Novell\ZENworks\WMRUNDLL.EXE
C:\PROGRAM\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\PROGRAM\NORMAN\Nvc\bin\nvcoas.exe
C:\Program\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRAM\NORMAN\Npm\bin\ZLH.EXE
C:\Program\Analog Devices\Core\smax4pnp.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRAM\NORMAN\Nvc\bin\cclaw.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\DataStudio\PASPortal.exe
C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\bou\Lokala inställningar\Temporary Internet Files\Content.IE5\UAO8I3H8\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File
uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NDPS] c:\windows\system32\dpmw32.exe
mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe
mRun: [NWTRAY] NWTRAY.EXE
mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe
mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [StartCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [SoundMAXPnP] c:\program\analog devices\core\smax4pnp.exe
mRun: [NNTray] c:\program\net nanny\nnstart.exe
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"
mRun: [SwitchBoard] c:\program\delade filer\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program\delade filer\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\nalview.lnk - c:\program\novell\zenworks\NalView.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\paspor~1.lnk - c:\windows\installer\{d4ab1a2a-72a8-4801-b238-0cb789c992fe}\NewShortcut1.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program\delade filer\sourcetec\swf catcher\InternetExplorer.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program\delade filer\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office11\REFIEBAR.DLL
IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program\novell\zenworks\AxNalServer.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nattstad.se/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwv1_0

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bou\applic~1\mozilla\firefox\profiles\9l2eva6x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-24 28552]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-2-16 10880]
R1 NGS;Norman General Security Driver;c:\program\norman\nvc\bin\ngs.sys [2010-1-11 25032]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-1-17 6899]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-17 54760]
R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\Ndiskio.sys [2010-1-11 24168]
R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\Zanda.exe [2010-1-11 411016]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-9-1 163840]
R2 USB Drive Letter Mananger;USBDLM;c:\program\usbdlm\USBDLM.exe [2006-5-24 64000]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-1-10 2773]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-3 17149]
R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\Nsesvc.exe [2010-1-11 283976]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-1-11 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\Nvcoas.exe [2010-1-11 185672]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\norman\nvc\bin\Nvcsched.exe [2010-1-11 148808]
S2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys --> c:\windows\system32\drivers\hgfs.sys [?]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-3-22 43392]
S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-2-25 13224]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-7-5 65664]
S3 SwitchBoard;SwitchBoard;c:\program\delade filer\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-3-2 135664]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-07-24 17:20:13 0 dc----w- c:\temp\A.tmp
2010-07-24 16:24:45 0 dc----w- c:\temp\WPDNSE
2010-07-24 16:11:37 16384 -c--atw- c:\temp\Perflib_Perfdata_144.dat
2010-07-23 21:28:27 0 dc----w- c:\program\VirtualDJ
2010-07-23 19:37:30 0 dc----w- c:\windows\system32\Fonts
2010-07-23 19:32:23 16384 -c--atw- c:\temp\Perflib_Perfdata_154.dat
2010-07-23 19:20:22 0 dcsha-r- C:\cmdcons
2010-07-23 17:22:16 77312 -c--a-w- c:\windows\MBR.exe
2010-07-23 17:22:16 256512 -c--a-w- c:\windows\PEV.exe
2010-07-23 17:22:15 98816 -c--a-w- c:\windows\sed.exe
2010-07-23 17:22:15 161792 -c--a-w- c:\windows\SWREG.exe
2010-07-23 10:36:49 0 dc----w- c:\temp\div9.tmp
2010-07-21 10:05:08 0 dc----w- c:\temp\div3.tmp
2010-07-19 22:09:44 0 dc----w- c:\documents and settings\bou\Lokala instï¿½llningar
2010-07-19 22:03:13 0 dc----w- c:\docume~1\bou\applic~1\MozillaControl
2010-07-19 22:03:02 0 dc----w- c:\temp\{1D2C96C3-A3F3-49E7-B839-95279DED837F}
2010-07-19 22:01:57 0 dc----w- c:\program\Mozilla ActiveX Control v1.7.12
2010-07-19 21:57:51 0 dc----w- c:\program\Graboid
2010-07-19 20:12:43 0 dc----w- c:\temp\divBA.tmp
2010-07-14 18:13:10 62 -c--a-w- c:\windows\MyProg.ini
2010-07-14 15:11:53 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 15:08:53 0 dc----w- c:\temp\msohtml1
2010-07-14 15:08:53 0 dc----w- c:\temp\msohtml
2010-07-14 14:57:37 0 dc----w- c:\temp\VBE
2010-07-14 13:37:47 0 dc----w- c:\temp\iss1D.tmp
2010-07-14 13:19:10 0 dc----w- c:\temp\div16.tmp
2010-07-14 13:18:38 0 dc----w- c:\temp\is-TE48T.tmp
2010-07-14 12:58:46 0 dc----w- c:\temp\comtypes_cache
2010-07-14 11:51:31 0 dc----w- c:\windows\system32\wbem\Repository
2010-07-14 11:11:04 766976 -c--a-w- c:\windows\system32\drivers\djscd.sys
2010-07-14 11:02:49 0 dc----w- c:\temp\hsperfdata_bou
2010-07-14 10:58:40 0 dc----w- c:\temp\div5.tmp
2010-07-13 21:02:22 0 dc----w- c:\temp\MessengerCache
2010-07-13 19:01:04 0 dc----w- c:\docume~1\alluse~1\applic~1\wanted_demo
2010-07-13 18:48:05 0 dc----w- c:\program\WarnerBros
2010-07-13 14:52:44 0 dc----w- c:\windows\system32\AGEIA
2010-07-13 14:46:24 0 dc----w- c:\program\delade filer\Wise Installation Wizard
2010-07-13 09:47:29 0 dc----w- c:\temp\divA.tmp
2010-07-12 14:56:41 0 dc----w- c:\program\Thomas Wright Consulting
2010-07-11 11:08:50 0 dc----w- c:\windows\BBSTORE
2010-07-11 11:08:37 314368 -c--a-w- c:\windows\IsUninst.exe
2010-07-11 11:08:32 0 -c--a-w- c:\windows\SETUP32.INI
2010-07-11 10:51:23 0 dc----w- c:\program\Telia
2010-07-10 19:16:02 0 dc----w- c:\windows\system32\winrm
2010-07-10 19:15:49 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-07-10 14:17:02 0 dc----w- c:\program\MAGIX
2010-07-10 14:17:02 0 dc----w- c:\docume~1\alluse~1\applic~1\MAGIX
2010-07-10 13:53:58 0 dc----w- c:\program\Ace Translator
2010-07-10 11:29:36 0 dc----w- c:\docume~1\alluse~1\applic~1\Boss Media
2010-07-08 19:56:02 0 dc----w- c:\windows\uninstall
2010-07-08 17:14:48 0 dc----w- c:\docume~1\bou\applic~1\Need for Speed World
2010-07-08 14:39:11 0 dc----w- c:\program\Ask.com
2010-07-08 14:39:02 0 dc----w- c:\program\Adobe PhotoShop CS3
2010-07-08 14:38:57 0 dc----w- c:\program\Vuze_Remote
2010-07-08 14:38:57 0 dc----w- c:\program\Windows Desktop Search
2010-07-08 14:38:57 0 dc----w- c:\program\PhotoFiltre
2010-07-08 14:38:56 0 dc----w- c:\program\Xara
2010-07-08 14:38:53 0 dc----w- c:\program\Uniblue
2010-07-08 14:38:52 0 dc----w- c:\program\UnHackMe
2010-07-08 14:38:51 0 dc----r- c:\program\Net Nanny
2010-07-08 14:36:30 0 dc----w- c:\program\delade filer\Adobe AIR
2010-07-08 13:13:55 0 dc----w- c:\docume~1\bou\applic~1\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2010-07-08 13:13:34 0 dc----w- c:\program\AdobeSupportAdvisor
2010-07-08 13:13:24 0 dc----w- c:\program\delade filer\Adobe AIR(3)
2010-07-07 10:29:29 0 dc----w- c:\program\Activision
2010-07-04 20:04:27 0 dc----w- c:\docume~1\bou\applic~1\PlatinumHideIP
2010-07-04 20:04:27 0 dc----w- c:\docume~1\alluse~1\applic~1\PlatinumHideIP
2010-07-04 18:41:17 0 dc----w- c:\docume~1\bou\applic~1\DVD Flick
2010-07-04 18:40:59 28672 -c--a-w- c:\windows\system32\mousewheel.ocx
2010-07-04 18:40:59 212240 -c--a-w- c:\windows\system32\richtx32.ocx
2010-07-04 18:40:59 0 dc----w- c:\program\DVD Flick
2010-07-03 23:20:53 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 23:20:53 138056 -c--a-w- c:\docume~1\bou\applic~1\PnkBstrK.sys
2010-07-03 23:20:38 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-07-03 23:20:35 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe
2010-07-03 23:20:34 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2010-07-01 19:53:46 0 dc----w- c:\docume~1\bou\applic~1\CheeseSoft
2010-07-01 19:53:39 0 dc----w- c:\program\FinalUninstaller
2010-06-27 15:36:35 0 dc----w- c:\program\Spybot - Search & Destroy
2010-06-27 15:36:35 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-26 19:39:21 2 -cshatr- c:\windows\winstart.bat
2010-06-26 00:06:16 0 dc----w- c:\program\Conduit

==================== Find3M ====================

2010-06-21 19:14:46 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-21 19:14:41 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicug.exe
2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicuf.exe
2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicue.exe
2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicud.exe
2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicuc.exe
2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicub.exe
2010-06-19 19:53:48 168448 -c--a-w- c:\windows\Wpicua.exe
2010-06-18 11:40:29 84650 -c--a-w- c:\windows\system32\perfc01D.dat
2010-06-18 11:40:29 446102 -c--a-w- c:\windows\system32\perfh01D.dat
2010-06-09 23:01:10 9200 -c----w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01:10 9072 -c----w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01:10 45648 -c----w- c:\windows\system32\drivers\PxHelp20.sys
2010-06-09 23:01:10 133616 -c----w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 -c----w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 -c----w- c:\windows\system32\pxcpyi64.exe
2010-06-08 09:30:38 311296 -c--a-w- c:\windows\system32\TubeFinder.exe
2010-06-02 02:55:30 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55:30 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55:30 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll
2010-05-27 20:32:58 245936 -c--a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-27 20:31:32 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-27 20:31:32 120104 -c--a-w- c:\windows\system32\SynTPCo4.dll
2010-05-27 20:31:28 210216 -c--a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 20:31:26 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-26 09:41:02 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41:02 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41:02 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41:02 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
2010-05-26 09:41:02 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-17 19:00:47 59052 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-05-06 10:36:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:10:15 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-17 18:59:57 80 -csh--r- c:\windows\system32\D59F6963CD.dll
2010-03-03 21:38:59 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2010-02-23 19:07:22 32768 -csha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012010022320100224\index.dat

============= FINISH: 19:20:51,47 ===============

Bifogade filer

Attach.txt (16,61Kb)
Antal nedladdningar: 115

Lev livet! ;)

#4
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 24 jul 2010, 22:42

uInternet Settings,ProxyServer = 127.0.0.1:8080
Har du själv ställt in att en Proxy Server ska användas?

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.
c:\windows\system32\drivers\djscd.sys
c:\windows\Wpicuc.exe
c:\windows\system32\D59F6963CD.dll
c:\windows\system32\mlfcache.dat

Vad finns i denna mapp?
2010-06-26 00:06:16 0 dc----w- c:\program\Conduit

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

#5
Brynäsarn

Veteran

Grupp: Medlemmar
Inlägg: 4 200
Gick med: 2003-04-19
Ort:Gävle

Skrivet 24 jul 2010, 22:52

Jag ser i loggen att det finns en gammal java-version med säkerhetshål i
datorn,avinstallera den i Kontrollpanelen Lägg till eller ta bort program,
hämta sedan uppdaterad Java http://www.java.com/sv/

Brynäsarn

#6
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 25 jul 2010, 13:38

Cecilia, den 24 jul 2010, 22:42, sa:

Länk 1: http://www.virustota...84e7-1280013778
Länk 2: http://www.virustota...35ed-1277581823
Länk 3: http://www.virustota...ea98-1277581762
Länk 4: http://www.virustota...6a8b-1280061125

Jag har ingen aning om Proxy Servern (?)
I mappen c:\program\Conduit finns en mapp till som heter Community Alerts o i den mappen finns en dll-fil som heter Alert.dll

Lev livet! ;)

#7
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 25 jul 2010, 14:08

Ett besvärligt rootkit verkar det vara.

1.
Ta bort den ComboFix du har på Skrivbordet och ladda ner en ny:
http://download.blee...Bs/ComboFix.exe

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.
Hur? Se http://www.bleepingc...opic114351.html
Kör ComboFix och följ anvisningarna som visas.
Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

Om du får problem med att komma ut på internet:
Kontrollpanelen - Nätverksanslutningar
högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

2.
Spara denna fil på Skrivbordet:
http://rootrepeal.go.../RootRepeal.zip
Packa upp zip-filen (extrahera) så att du får en programfil.

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.
Hur? Se http://www.bleepingc...opic114351.html

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).
Välj Report-fliken och tryck på Scan.
Bocka för alla sju valen och tryck sedan på Yes/Ja.
Välj C: och tryck Ok.
Det tar ett tag för RootRepeal att söka igenom C:.
När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.

3.
Spara Gmer på Skrivbordet från:
http://www2.gmer.net/download.php
Den har ett slumpmässigt namn så notera vad programmet sparas som.

Dra ur internetanslutningen.
Stäng alla program, även antivirusprogram och brandvägg.
Starta det nedladdade programmet.
En första snabbskanning startar.
Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.
Tryck på Save och spara resultatet på Skrivbordet.
Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.
Klistra in resultatet i ditt svar.

#8
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 25 jul 2010, 23:07

Cecilia, den 25 jul 2010, 14:08, sa:

Jag har bifogat alla tre loggarna:

Combofix log.txt (30,75Kb)
Antal nedladdningar: 45

RootRepeal report.txt (4,87Kb)
Antal nedladdningar: 48

Gmer_ log.txt (5,61Kb)
Antal nedladdningar: 60

Lev livet! ;)

#9
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 09:24

Jag klistrar in loggarna så att datt det är lätt att söka på det som står i och lätt att senare gå tillbaks och jämföra.

ComboFix 10-07-24.03 - bou 2010-07-25 18:18:25.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1919.1339 [GMT 2:00]
Körs från: c:\documents and settings\bou\Skrivbord\ComboFix.exe
AV: Norman Virus Control *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
* Resident AV is active

.

(((((((((((((((((((((((( Filer Skapade från 2010-06-25 till 2010-07-25 ))))))))))))))))))))))))))))))
.

2010-07-25 16:26 . 2010-07-25 16:26 53248 -c--a-w- c:\temp\catchme.dll
2010-07-25 16:18 . 2010-07-25 16:18 -------- dc----w- c:\temp\WPDNSE
2010-07-25 16:13 . 2010-07-25 16:13 16384 -c--atw- c:\temp\Perflib_Perfdata_73c.dat
2010-07-24 23:25 . 2010-07-24 23:25 503808 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e9a8723-n\msvcp71.dll
2010-07-24 23:25 . 2010-07-24 23:25 499712 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e9a8723-n\jmc.dll
2010-07-24 23:25 . 2010-07-24 23:25 348160 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e9a8723-n\msvcr71.dll
2010-07-24 23:25 . 2010-07-24 23:25 12800 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f92c13a-n\decora-d3d.dll
2010-07-24 23:25 . 2010-07-24 23:25 61440 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f92c13a-n\decora-sse.dll
2010-07-24 23:25 . 2010-06-22 02:36 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-07-24 17:20 . 2010-07-25 15:31 -------- dc----w- c:\temp\A.tmp
2010-07-23 21:28 . 2010-07-23 21:28 -------- dc----w- c:\program\VirtualDJ
2010-07-23 10:36 . 2010-07-23 19:26 -------- dc----w- c:\temp\div9.tmp
2010-07-21 10:05 . 2010-07-21 10:05 -------- dc----w- c:\temp\div3.tmp
2010-07-19 22:12 . 2010-07-22 19:11 -------- dc----w- c:\documents and settings\bou\Application Data\vlc
2010-07-19 22:09 . 2010-07-19 22:09 -------- dc----w- c:\documents and settings\bou\Lokala instï¿½llningar
2010-07-19 22:03 . 2010-07-19 22:03 -------- dc----w- c:\documents and settings\bou\Application Data\MozillaControl
2010-07-19 22:03 . 2010-07-23 19:26 -------- dc----w- c:\temp\{1D2C96C3-A3F3-49E7-B839-95279DED837F}
2010-07-19 22:01 . 2010-07-19 22:01 -------- dc----w- c:\program\Mozilla ActiveX Control v1.7.12
2010-07-19 21:57 . 2010-07-19 22:25 -------- dc----w- c:\program\Graboid
2010-07-19 20:12 . 2010-07-23 19:26 -------- dc----w- c:\temp\divBA.tmp
2010-07-14 15:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml1
2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml
2010-07-14 14:57 . 2010-07-14 14:57 -------- dc----w- c:\temp\VBE
2010-07-14 13:37 . 2010-07-23 19:26 -------- dc----w- c:\temp\iss1D.tmp
2010-07-14 13:19 . 2010-07-14 13:19 -------- dc----w- c:\temp\div16.tmp
2010-07-14 13:18 . 2010-07-23 19:26 -------- dc----w- c:\temp\is-TE48T.tmp
2010-07-14 12:58 . 2010-07-14 13:24 -------- dc----w- c:\temp\comtypes_cache
2010-07-14 11:51 . 2010-07-14 11:51 -------- dc----w- c:\windows\system32\wbem\Repository
2010-07-14 11:11 . 2010-07-14 11:54 766976 -c--a-w- c:\windows\system32\drivers\djscd.sys
2010-07-14 11:02 . 2010-07-24 23:25 -------- dc----w- c:\temp\hsperfdata_bou
2010-07-14 10:58 . 2010-07-14 10:58 -------- dc----w- c:\temp\div5.tmp
2010-07-13 21:02 . 2010-07-25 15:31 -------- dc----w- c:\temp\MessengerCache
2010-07-13 19:01 . 2010-07-13 19:01 -------- dc----w- c:\documents and settings\All Users\Application Data\wanted_demo
2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros
2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\program\AGEIA Technologies
2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\windows\system32\AGEIA
2010-07-13 14:46 . 2010-07-13 14:46 -------- dc----w- c:\program\Delade filer\Wise Installation Wizard
2010-07-13 09:47 . 2010-07-23 19:26 -------- dc----w- c:\temp\divA.tmp
2010-07-12 14:56 . 2010-07-12 14:56 -------- dc----w- c:\program\Thomas Wright Consulting
2010-07-11 11:08 . 2010-07-11 11:08 -------- dc----w- c:\windows\BBSTORE
2010-07-11 11:08 . 1997-05-12 14:53 314368 -c--a-w- c:\windows\IsUninst.exe
2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\program\Telia
2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Support.com
2010-07-10 19:16 . 2010-07-10 19:16 -------- dc----w- c:\windows\system32\winrm
2010-07-10 19:15 . 2010-07-10 19:16 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\program\MAGIX
2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-07-10 13:53 . 2010-07-10 14:56 -------- dc----w- c:\program\Ace Translator
2010-07-10 11:57 . 2010-07-10 11:57 56765 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 11:57 . 2010-07-10 11:57 57715 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-10 11:57 . 2010-07-10 11:57 84054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-10 11:56 . 2010-07-10 11:56 54153 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 11:29 . 2010-07-10 11:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Boss Media
2010-07-08 19:56 . 2010-07-08 19:58 -------- dc----w- c:\windows\uninstall
2010-07-08 17:14 . 2010-07-08 17:14 -------- dc----w- c:\documents and settings\bou\Application Data\Need for Speed World
2010-07-08 16:25 . 2010-07-08 16:24 53632 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-08 16:23 . 2010-07-08 16:23 12124624 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe
2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Ask.com
2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Adobe PhotoShop CS3
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Windows Desktop Search
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\PhotoFiltre
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Xara
2010-07-08 14:38 . 2010-07-14 13:37 -------- dc----w- c:\program\Uniblue
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\UnHackMe
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----r- c:\program\Net Nanny
2010-07-08 14:36 . 2010-07-08 16:25 -------- dc----w- c:\program\Delade filer\Adobe AIR
2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\documents and settings\bou\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2010-07-08 13:13 . 2010-07-08 14:36 -------- dc----w- c:\program\AdobeSupportAdvisor
2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\program\Delade filer\Adobe AIR(3)
2010-07-07 10:29 . 2010-07-07 10:29 -------- dc----w- c:\program\Activision
2010-07-04 20:04 . 2010-07-04 20:05 -------- dc----w- c:\documents and settings\All Users\Application Data\PlatinumHideIP
2010-07-04 20:04 . 2010-07-04 20:04 -------- dc----w- c:\documents and settings\bou\Application Data\PlatinumHideIP
2010-07-04 18:41 . 2010-07-04 20:03 -------- dc----w- c:\documents and settings\bou\Application Data\DVD Flick
2010-07-04 18:40 . 2010-07-04 18:41 -------- dc----w- c:\program\DVD Flick
2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\documents and settings\bou\Application Data\PnkBstrK.sys
2010-07-03 23:20 . 2010-07-03 23:20 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe
2010-07-03 23:20 . 2010-07-03 23:20 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe
2010-07-03 23:20 . 2010-07-03 23:20 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe
2010-07-02 16:54 . 2010-07-02 16:54 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-01 19:53 . 2010-07-01 19:53 -------- dc----w- c:\documents and settings\bou\Application Data\CheeseSoft
2010-07-01 19:53 . 2010-07-01 19:54 -------- dc----w- c:\program\FinalUninstaller
2010-06-27 15:36 . 2010-07-14 12:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-27 15:36 . 2010-06-30 11:11 -------- dc----w- c:\program\Spybot - Search & Destroy
2010-06-26 19:39 . 2010-06-26 19:39 2 -cshatr- c:\windows\winstart.bat
2010-06-26 00:06 . 2010-06-26 00:06 -------- dc----w- c:\program\Conduit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-25 16:13 . 2008-05-08 02:12 -------- dc----w- c:\program\NORMAN
2010-07-24 23:25 . 2008-05-08 02:17 -------- dc----w- c:\program\Delade filer\Java
2010-07-24 23:25 . 2008-05-08 02:17 -------- dc----w- c:\program\Java
2010-07-23 21:28 . 2010-07-23 21:28 -------- dc----w- c:\program\VirtualDJ
2010-07-22 19:11 . 2010-07-19 22:12 -------- dc----w- c:\documents and settings\bou\Application Data\vlc
2010-07-19 22:49 . 2010-01-11 16:44 -------- dc----w- c:\documents and settings\bou\Application Data\uTorrent
2010-07-19 20:34 . 2010-02-03 17:56 -------- dc----w- c:\documents and settings\bou\Application Data\U3
2010-07-14 13:13 . 2010-05-07 17:01 -------- dc----w- c:\documents and settings\bou\Application Data\Uniblue
2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros
2010-07-13 18:48 . 2006-10-03 06:21 -------- dc-h--w- c:\program\InstallShield Installation Information
2010-07-11 10:58 . 2010-05-16 14:46 -------- dc----w- c:\program\MagicISO
2010-07-10 11:58 . 2010-06-14 16:59 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 11:58 . 2010-05-07 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-10 11:57 . 2010-05-07 21:05 -------- dc----w- c:\program\DivX
2010-07-10 11:56 . 2010-06-16 17:39 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-10 11:54 . 2010-06-16 17:39 895256 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-08 15:42 . 2010-02-11 14:34 -------- dc----w- c:\program\Delade filer\Adobe
2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote
2010-07-04 18:46 . 2010-05-16 13:55 -------- dc----w- c:\documents and settings\bou\Application Data\ImgBurn
2010-07-04 18:45 . 2010-05-15 23:19 -------- dc----w- c:\program\ImgBurn
2010-07-01 22:16 . 2010-01-13 19:55 -------- dc----w- c:\documents and settings\bou\Application Data\HpUpdate
2010-07-01 21:26 . 2010-05-25 20:57 -------- dc----w- c:\program\Ubisoft
2010-07-01 20:11 . 2010-03-29 16:49 -------- dc----w- c:\documents and settings\bou\Application Data\Apple Computer
2010-07-01 15:30 . 2010-03-28 17:18 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-01 14:20 . 2008-05-08 02:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-30 19:54 . 2006-05-02 12:05 -------- dc----w- c:\program\Google
2010-06-30 13:33 . 2010-05-25 21:21 -------- dc----w- c:\program\CCleaner
2010-06-28 12:17 . 2010-04-25 08:27 1324 -c--a-w- c:\windows\system32\d3d9caps.dat
2010-06-24 21:50 . 2008-05-30 08:03 -------- dc----w- c:\program\HP
2010-06-21 23:36 . 2010-03-24 20:19 -------- dc----w- c:\program\Free FLV Converter
2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-06-21 18:11 . 2010-05-29 10:14 -------- dc----w- c:\documents and settings\bou\Application Data\Dream Aquarium
2010-06-21 15:26 . 2010-06-21 15:24 -------- dc----w- c:\program\PcMedik
2010-06-19 19:54 . 2010-06-23 10:24 168448 -c--a-w- c:\windows\Wpicug.exe
2010-06-19 19:54 . 2010-06-22 12:01 168448 -c--a-w- c:\windows\Wpicuf.exe
2010-06-19 19:54 . 2010-06-21 23:49 168448 -c--a-w- c:\windows\Wpicue.exe
2010-06-19 19:54 . 2010-06-21 16:14 168448 -c--a-w- c:\windows\Wpicud.exe
2010-06-19 19:54 . 2010-06-21 09:02 168448 -c--a-w- c:\windows\Wpicuc.exe
2010-06-19 19:54 . 2010-06-20 10:47 168448 -c--a-w- c:\windows\Wpicub.exe
2010-06-19 19:53 . 2010-06-19 19:53 168448 -c--a-w- c:\windows\Wpicua.exe
2010-06-19 12:08 . 2010-06-19 12:08 -------- dc----w- c:\program\Saitek
2010-06-18 19:34 . 2010-02-27 14:29 -------- dc----w- c:\program\Windows Live Safety Center
2010-06-18 11:40 . 2004-08-04 12:00 84650 -c--a-w- c:\windows\system32\perfc01D.dat
2010-06-18 11:40 . 2004-08-04 12:00 446102 -c--a-w- c:\windows\system32\perfh01D.dat
2010-06-17 16:11 . 2010-01-17 17:51 -------- dc----w- c:\documents and settings\bou\Application Data\DivX
2010-06-17 10:44 . 2010-06-17 10:44 -------- dc----w- c:\program\SystemRequirementsLab
2010-06-17 10:16 . 2010-06-17 10:16 -------- dc----w- c:\program\Microsoft Games
2010-06-16 23:04 . 2010-02-11 20:41 -------- dc----w- c:\program\Windows Live
2010-06-16 23:03 . 2010-06-16 23:03 -------- dc----w- c:\program\Microsoft SQL Server Compact Edition
2010-06-16 17:39 . 2010-06-16 17:39 56997 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-16 17:39 . 2010-06-16 17:39 53600 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-06-16 17:38 . 2010-06-16 17:38 54128 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-08 09:30 . 2010-03-24 20:19 311296 -c--a-w- c:\windows\system32\TubeFinder.exe
2010-06-08 09:00 . 2010-02-26 13:07 -------- dc----w- c:\documents and settings\bou\Application Data\Media Player Classic
2010-06-05 10:53 . 2010-06-05 10:53 -------- dc----w- c:\documents and settings\bou\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2010-06-05 10:07 . 2010-05-22 14:55 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-06-02 02:55 . 2010-06-23 12:23 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-06-23 12:23 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-06-23 12:23 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll
2010-05-29 10:14 . 2010-05-29 10:07 -------- dc----w- c:\program\Dream Aquarium
2010-05-27 20:32 . 2007-12-19 09:45 245936 -c--a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-27 20:31 . 2008-03-28 00:04 120104 -c--a-w- c:\windows\system32\SynTPCo4.dll
2010-05-27 20:31 . 2007-12-19 09:45 165160 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-27 20:31 . 2007-12-19 09:45 210216 -c--a-w- c:\windows\system32\SynCtrl.dll
2010-05-27 20:31 . 2007-12-19 09:45 173352 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-26 09:41 . 2010-06-23 12:23 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-06-23 12:23 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
2010-05-17 19:00 . 2010-03-29 16:49 59052 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-05-06 10:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:10 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 05:44 . 2010-06-16 23:04 54760 -c--a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-04-17 18:59 . 2010-04-17 18:08 80 -csh--r- c:\windows\system32\D59F6963CD.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-25_15.32.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-25 16:13 . 2008-05-08 09:21 14206 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\XPSec.dat
- 2010-07-25 12:21 . 2008-05-08 09:21 14206 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\XPSec.dat
+ 2010-07-25 16:13 . 2008-05-08 09:21 45056 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\IPS1.dat
- 2010-07-25 12:21 . 2008-05-08 09:21 45056 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\IPS1.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Norman ZANDA"="c:\program\NORMAN\Npm\bin\ZLH.EXE" [2009-10-06 275840]
"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"NNTray"="c:\program\Net Nanny\nnstart.exe" [2002-09-24 61440]
"SwitchBoard"="c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
NalView.lnk - c:\program\Novell\ZENworks\NalView.exe [2005-9-8 35840]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2008-5-8 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2005-01-10 11:36 24576 -c--a-w- c:\windows\system32\Novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2007-05-02 02:21 364544 -c--a-r- c:\windows\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Photosmart Premier Snabbstart.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\HP Photosmart Premier Snabbstart.lnk
backup=c:\windows\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Windows Search.lnk]
path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^bou^Start-meny^Program^Autostart^Telia Mobilt bredband.lnk]
path=c:\documents and settings\bou\Start-meny\Program\Autostart\Telia Mobilt bredband.lnk
backup=c:\windows\pss\Telia Mobilt bredband.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 -c--a-w- c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
2010-03-09 02:28 11989960 -c--a-w- c:\program\Adobe\Adobe Bridge CS5\Bridge.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 -c--a-w- c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 16:05 15360 -c--a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12 3872080 -c--a-w- c:\program\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 -c----w- c:\program\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 16:05 143872 -c--a-w- c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"ose"=3 (0x3)
"Bonjour Service"=2 (0x2)
"gupdate"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\bou\\Skrivbord\\uTorrent.exe"=
"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpmw32.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program\\Ace Translator\\AceTrans.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-04-24 28552]
R1 NGS;Norman General Security Driver;c:\program\NORMAN\nvc\bin\ngs.sys [2010-01-11 25032]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-01-17 6899]
R2 Ndiskio;Ndiskio;c:\program\NORMAN\Nse\Bin\Ndiskio.sys [2010-01-11 24168]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-09-01 163840]
R2 USB Drive Letter Mananger;USBDLM;c:\program\USBDLM\USBDLM.exe [2006-05-24 64000]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [2005-01-10 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-01-10 2773]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-03 17149]
R3 nsesvc;Norman Scanner Engine Service;c:\program\NORMAN\Nse\Bin\Nsesvc.exe [2010-01-11 283976]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-01-11 21832]
R3 nvcoas;Norman Virus Control on-access component;c:\program\NORMAN\nvc\bin\Nvcoas.exe [2010-01-11 185672]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\NORMAN\nvc\bin\Nvcsched.exe [2010-01-11 148808]
S2 hgfs;hgfs;c:\windows\system32\DRIVERS\hgfs.sys --> c:\windows\system32\DRIVERS\hgfs.sys [?]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-03-22 43392]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-02-25 13224]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-07-05 65664]
S3 SwitchBoard;SwitchBoard;c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-08-04 14336]
S4 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

2010-07-25 c:\windows\Tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2010-07-25 c:\windows\Tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nattstad.se/ImageUploader6.cab
FF - ProfilePath - c:\documents and settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Filassociationer -------
.
regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 18:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NNTray = c:\program\Net Nanny\nnstart.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-2814842062-1513136318-2222897245-1045\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder]
@Denied: (A C D 2 3 6) (Everyone)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"D140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\msi.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'Explorer.exe'(3268)
c:\program\WINDOW~2\wmpband.dll
c:\windows\system32\NLS\SVENSKA\NWSHLXNR.DLL
c:\windows\system32\NLS\SVENSKA\NOVNPNTR.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'Explorer.exe'(3412)
c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program\SPYBOT~1\SDHelper.dll
c:\windows\system32\NLS\SVENSKA\NWSHLXNR.DLL
c:\windows\system32\NLS\SVENSKA\NOVNPNTR.DLL
c:\program\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceApi.dll
.
Sluttid: 2010-07-25 18:29:27
ComboFix-quarantined-files.txt 2010-07-25 16:29
ComboFix2.txt 2010-07-25 15:35
ComboFix3.txt 2010-07-23 19:42

Före genomsökningen: 70 397 325 312 byte ledigt
Efter genomsökningen: 70 420 205 568 byte ledigt

- - End Of File - - 80A0C7C8E22EE8C9AFE60AE2E8982B40

******************************************************
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/07/25 18:30
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\Temp\catchme.sys
Address: 0xBA428000 Size: 31744 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACD00000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5D2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mbr.sys
Image Path: C:\Temp\mbr.sys
Address: 0xBA3E0000 Size: 20864 File Visible: No Signed: -
Status: -

Name: nwfilter.sys
Image Path: nwfilter.sys
Address: 0xBA4CC000 Size: 15808 File Visible: No Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xBA628000 Size: 7872 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA927A000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\bou\lokala inställningar\temporary internet files\content.word\~wrf0003.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\localservice\lokala inställningar\temp\cookies\index.dat
Status: Allocation size mismatch (API: 4096, Raw: 16384)

Path: c:\documents and settings\localservice\lokala inställningar\temp\history\history.ie5\index.dat
Status: Allocation size mismatch (API: 4096, Raw: 16384)

Path: C:\Documents and Settings\bou\Lokala inställningar\Apps\2.0\35JMXCX0.71B\09YZR90V.567\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\bou\Lokala inställningar\Apps\2.0\35JMXCX0.71B\09YZR90V.567\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\eFerKar.RI-1418-393.000\Lokala inställningar\Apps\2.0\K8R1TVPG.ODN\6ZTKMYEJ.MCO\manifests\clickonce_bootstrap.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\eFerKar.RI-1418-393.000\Lokala inställningar\Apps\2.0\K8R1TVPG.ODN\6ZTKMYEJ.MCO\manifests\clickonce_bootstrap.exe.manifest
Status: Locked to the Windows API!

==EOF==
******************************************************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 00:01:29
Windows 5.1.2600 Service Pack 3
Running: qev9us82.exe; Driver: C:\Temp\pfdiakog.sys

---- System - GMER 1.0.15 ----

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90F159A
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90F1655

Code \??\C:\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? nwfilter.sys Det går inte att hitta filen. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F73000, 0x17D80E, 0xE8000020]
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Det går inte att hitta filen. !
? C:\Temp\catchme.sys Det går inte att hitta filen. !
? C:\Temp\mbr.sys Det går inte att hitta filen. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\3da21691-e39d-4da6-8a4b-b43877bcb1b7@FlushCacheFiles C:\WINDOWS\SoftwareDistribution\EventCache\{DB945B03-1F52-4C6D-9D62-E7F9BE7B3165}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{D41787F5-BC1B-4414-AA72-2A55A861B78C}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{1E4FF124-BD1E-46F0-9B5C-B804E7257311}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{C169930F-A539-4CD1-B948-FDD1D85B0AB3}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{45DB4264-2C05-457C-AC39-7BD74B35C663}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{41C28601-E771-42F8-A228-A863E96A41D9}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{7FF6EC69-86A9-4BD7-AE99-677D14124B8B}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{E9D9F060-68FA-419C-B740-B887D0026D5B}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{2859028F-5302-4262-A7F7-FAA772C9C08A}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{E8D023DE-F5C1-4364-9F94-D3F07605DB2E}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{0725A93A-B858-4825-A1DC-0091682AA346}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{C47248F3-2F0C-4C9E-8EB5-95229BAA8
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32@Assembly Microsoft.Office.Interop.FrontPage, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32@Class Microsoft.Office.Interop.FrontPage.ApplicationClass
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0@Class Microsoft.Office.Interop.FrontPage.ApplicationClass
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0@Assembly Microsoft.Office.Interop.FrontPage, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\LocalServer32@ C:\Program\MICROS~4\OFFICE11\FRONTPG.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\LocalServer32@LocalServer32 F&HBVn-}f(ZXfeAR6.jiFPClientFiles>yl'iQFmea9c.svcfb5$r?
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\ProgID@ FrontPage.Application.6
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\VersionIndependentProgID@ FrontPage.Application

---- EOF - GMER 1.0.15 ----

Inlägget är redigerat av Cecilia: 26 jul 2010, 09:25.

#10
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 09:58

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

Är det en företagsdator eftersom Novell ZENworks är installerat? I så fall bör du inte göra något av följande för det kan förstöra inställningar så att datorn inte fungerar i ett företagsnätverk.

Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar
Klicka på Avancerat
Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.
Ta bort innehållet där så att alla rutor under rubriken Servrar är tomma.
Klicka OK
Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.
Ta bort eventuellt innehåll i rutan Adress
Avbocka "Använd en proxyserver...."

Kopiera alla rader i rutan:

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

och klistra in i Anteckningar.
Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.
Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.
Klistra in loggen som kommer ut.

Eftersom datorn blev infekterad för mer än en månad sedan är det bäst att kolla med OTL också eftersom det går att ställa in den för att titta på nya filer som är äldre än en månad. Spara OTL på Skrivbordet.
http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL (i Vista högerklicka och Kör som administratör).
Under Output högt upp så välj Minimal Output.
Ändra 30 days to 90 days.
Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

#11
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 26 jul 2010, 10:38

Cecilia, den 26 jul 2010, 09:58, sa:

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

länken funkar inte http://oldtimer.geekstogo.com/OTL.exe

Lev livet! ;)

#12
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 26 jul 2010, 10:48

Cecilia, den 26 jul 2010, 09:58, sa:

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

nej, men delvis. det är skolans dator jag använder, därför har jag novell
angående länken http://oldtimer.geekstogo.com/OTL.exe den funkar inte, och proxy-servern är inte förbockat, men när jag öppnar Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar under ProxyServer är rutan inte bockat, men det står Adress: 127.0.0.1 Port 8080 ska jag iaf tabort de eller låta de vara?

och en sista ting, ang

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

ska jag köra det i samband med jag först tarbort Proxyserven o därefter köra koden eller kan det köras annars också?
Tack!

Lev livet! ;)

#13
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 11:44

Citat

men när jag öppnar Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar under ProxyServer är rutan inte bockat, men det står Adress: 127.0.0.1 Port 8080 ska jag iaf tabort de eller låta de vara?

Då kan det vara kvar.

Jag kan inte garantera att datorn fungerar med skolans nätverk när den har blivit ren.

Du kan köra ComboFix med CFScript fast du inte ändrar proxy-server-rutan.

Jag återkommer med en annan OTL-länk.

#14
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 11:49

OTL: http://www.sendspace.com/file/vx2d9h

#15
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 26 jul 2010, 12:12

Cecilia, den 26 jul 2010, 11:44, sa:

jag har klistrat in ovanstående koden, och sparar den med namnet CFScript, men ska det vara en exe fil eller txt ?

Lev livet! ;)

#16
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 12:42

Tack för alla poäng!

När man sparar i Anteckningar så brukar det automatiskt bli filändelsen .txt och det ska det vara. Se till att det i Anteckningar ser ut precis som här i forumet, med lika många rader.

#17
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 26 jul 2010, 15:03

Cecilia, den 26 jul 2010, 12:42, sa:

Tack för alla poäng!

När man sparar i Anteckningar så brukar det automatiskt bli filändelsen .txt och det ska det vara. Se till att det i Anteckningar ser ut precis som här i forumet, med lika många rader.

Inga problem! =)

Det går inte att klistra in hela OTL-loggen "det blir för långt" enligt Eforum, därför
så bifogar jag de alla tre, sorry!

OTL.Txt (604,79Kb)
Antal nedladdningar: 65

Extras.Txt (183,07Kb)
Antal nedladdningar: 195

Combo log.txt (30,76Kb)
Antal nedladdningar: 42

Lev livet! ;)

#18
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 16:48

ComboFix tog bort filerna precis som den skulle.

OTL blev lite onödigt lång därför att du valde 180 dagar i stället för 90 dagar samt att i alla fall den bifogade OTL.txt innehåller loggen två gånger. Jag tog bort det som gällde filer skapade eller modifierade innan 14 juni och klistrade in resten.

OTL logfile created on: 2010-07-26 13:15:31 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\bou\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 111,79 Gb Total Space | 65,43 Gb Free Space | 58,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RI-1418-393
Current User Name: bou
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 180 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\bou\Skrivbord\OTL.exe (OldTimer Tools)
PRC - C:\Program\NORMAN\Nse\Bin\Nsesvc.exe (Norman ASA)
PRC - C:\Program\NORMAN\npm\Bin\Njeeves.exe (Norman ASA)
PRC - C:\Program\NORMAN\npm\Bin\Zlh.exe (Norman ASA)
PRC - C:\Program\NORMAN\npm\Bin\Zanda.exe (Norman ASA)
PRC - C:\Program\NORMAN\nvc\bin\Nvcsched.exe (Norman ASA)
PRC - C:\Program\NORMAN\nvc\bin\CClaw.exe (Norman ASA)
PRC - C:\Program\NORMAN\nvc\bin\Nvcoas.exe (Norman ASA)
PRC - C:\Program\NORMAN\npm\Bin\elogsvc.exe (Norman ASA)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program\DataStudio\PASPortal.exe (PASCO Scientific)
PRC - C:\Program\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
PRC - C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
PRC - C:\Program\Novell\ZENworks\WM.EXE (Novell, Inc.)
PRC - C:\Program\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)
PRC - C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\bou\Skrivbord\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- C:\ComboFix\PEV.cfx File not found
SRV - (fsssvc) -- C:\Program\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SwitchBoard) -- C:\Program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (nsesvc) -- C:\PROGRAM\NORMAN\Nse\bin\NSESVC.EXE (Norman ASA)
SRV - (Norman NJeeves) -- C:\Program\NORMAN\npm\Bin\Njeeves.exe (Norman ASA)
SRV - (Norman ZANDA) -- C:\PROGRAM\NORMAN\npm\bin\zanda.exe (Norman ASA)
SRV - (NVCScheduler) -- C:\Program\NORMAN\nvc\bin\Nvcsched.exe (Norman ASA)
SRV - (nvcoas) -- C:\PROGRAM\NORMAN\Nvc\bin\nvcoas.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\PROGRAM\NORMAN\Npm\bin\ELOGSVC.EXE (Norman ASA)
SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (USB Drive Letter Mananger) -- C:\Program\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)
SRV - (MDM) -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NALNTSERVICE) -- C:\Program\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)
SRV - (ZFDWM) -- C:\Program\Novell\ZENworks\WM.EXE (Novell, Inc.)
SRV - (Remote Management Agent) -- C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)
SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)
SRV - (XTAgent) -- C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)
SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (hgfs) -- C:\WINDOWS\System32\DRIVERS\hgfs.sys File not found
DRV - (catchme) -- C:\Temp\catchme.sys File not found
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (Ndiskio) -- C:\Program\NORMAN\Nse\Bin\Ndiskio.sys (Norman ASA)
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (NGS) -- c:\Program\NORMAN\nvc\bin\ngs.sys (Norman ASA)
DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys ()
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (vmscsi) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)
DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)
DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)
DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)
DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)
DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)
DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)
DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AR5523) -- C:\WINDOWS\system32\drivers\WG11TND5.sys (NETGEAR, Inc.)
DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)
DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)
DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)
DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)
DRV - (ATHFMWDL) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys (Windows ® 2000 DDK provider)
DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)
DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SaiNtHid) -- C:\WINDOWS\system32\drivers\SaiNtHid.sys (Saitek)
DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()
DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (s3legacy) -- C:\WINDOWS\system32\drivers\s3legacy.sys (Microsoft Corporation)
DRV - (DC21x4) -- C:\WINDOWS\system32\drivers\dc21x4.sys (Intel Corporation.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.se/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www2.firesearch.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-05-25 22:58:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-07-25 01:25:03 | 000,000,000 | ---D | M]

[2010-06-03 21:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bou\Application Data\Mozilla\Extensions
[2010-06-26 02:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions
[2010-05-25 22:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-05-25 22:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010-06-30 21:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010-05-25 22:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}
[2010-05-25 22:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010-05-25 22:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)
[2010-05-25 22:58:47 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions
[2010-07-25 01:25:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-06-22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010-07-25 17:32:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)
O4 - HKLM..\Run: [NNTray] C:\Program\Net Nanny\NNStart.exe (Net Nanny Software International, Inc.)
O4 - HKLM..\Run: [Norman ZANDA] C:\PROGRAM\NORMAN\Npm\bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NalView.lnk = C:\Program\Novell\ZENworks\NalView.exe (Novell, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\PASPortal.lnk = C:\WINDOWS\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe (InstallShield Software Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.nattstad....geUploader6.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.209.169.71 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint GmbH)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-02-16 11:27:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 180 Days ==========

[2010-07-26 13:04:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010-07-26 12:51:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bou\Skrivbord\OTL.exe
[2010-07-26 11:32:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Fonts
[2010-07-25 18:29:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-07-25 18:29:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010-07-25 17:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\RootRepeal
[2010-07-25 01:25:03 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010-07-25 01:25:03 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010-07-25 01:25:03 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010-07-25 01:25:03 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010-07-23 23:28:27 | 000,000,000 | ---D | C] -- C:\Program\VirtualDJ
[2010-07-23 23:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\VirtualDJ
[2010-07-23 21:20:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010-07-23 19:22:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-07-23 19:22:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-07-23 19:22:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-07-23 19:22:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-07-23 19:21:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-07-23 19:21:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-07-22 18:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Tränings CD
[2010-07-22 00:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Build a PC
[2010-07-22 00:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Tattoo Flash 2 of 4 - More than 50k designs from great artists! GFXTRA.COM!
[2010-07-21 15:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Website Buttons MegaPack #4
[2010-07-20 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Xilisoft Corporation
[2010-07-20 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\vlc
[2010-07-20 00:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala instï¿½llningar
[2010-07-20 00:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Graboid
[2010-07-20 00:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Graboid_Inc
[2010-07-20 00:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Graboid
[2010-07-20 00:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\MozillaControl
[2010-07-20 00:01:57 | 000,000,000 | ---D | C] -- C:\Program\Mozilla ActiveX Control v1.7.12
[2010-07-19 23:57:51 | 000,000,000 | ---D | C] -- C:\Program\Graboid
[2010-07-18 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Lynda Photoshop Retouching
[2010-07-14 17:11:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010-07-13 21:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\wanted_demo
[2010-07-13 21:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\wanted_demo
[2010-07-13 20:48:05 | 000,000,000 | ---D | C] -- C:\Program\WarnerBros
[2010-07-13 19:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\baby
[2010-07-13 19:13:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bou\Recent
[2010-07-13 16:52:44 | 000,000,000 | ---D | C] -- C:\Program\AGEIA Technologies
[2010-07-13 16:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010-07-13 16:46:24 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard
[2010-07-12 16:56:41 | 000,000,000 | ---D | C] -- C:\Program\Thomas Wright Consulting
[2010-07-11 13:08:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE
[2010-07-11 13:08:37 | 000,314,368 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2010-07-11 12:51:23 | 000,000,000 | ---D | C] -- C:\Program\Telia
[2010-07-11 12:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2010-07-10 22:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\My Games
[2010-07-10 21:16:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010-07-10 21:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010-07-10 21:15:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010-07-10 16:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\5800_original_ringtones Mp3
[2010-07-10 16:17:02 | 000,000,000 | ---D | C] -- C:\Program\MAGIX
[2010-07-10 16:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010-07-10 15:53:58 | 000,000,000 | ---D | C] -- C:\Program\Ace Translator
[2010-07-10 13:57:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bou\Mina dokument\Mina videoklipp
[2010-07-10 13:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2010-07-08 21:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\uninstall
[2010-07-08 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\Need for Speed World
[2010-07-08 18:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Electronic_Arts_Inc
[2010-07-08 18:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Cover
[2010-07-08 16:39:11 | 000,000,000 | ---D | C] -- C:\Program\Ask.com
[2010-07-08 16:39:02 | 000,000,000 | ---D | C] -- C:\Program\Adobe PhotoShop CS3
[2010-07-08 16:38:57 | 000,000,000 | ---D | C] -- C:\Program\Vuze_Remote
[2010-07-08 16:38:57 | 000,000,000 | ---D | C] -- C:\Program\Windows Desktop Search
[2010-07-08 16:38:57 | 000,000,000 | ---D | C] -- C:\Program\PhotoFiltre
[2010-07-08 16:38:56 | 000,000,000 | ---D | C] -- C:\Program\Xara
[2010-07-08 16:38:53 | 000,000,000 | ---D | C] -- C:\Program\Uniblue
[2010-07-08 16:38:52 | 000,000,000 | ---D | C] -- C:\Program\UnHackMe
[2010-07-08 16:38:51 | 000,000,000 | R--D | C] -- C:\Program\Net Nanny
[2010-07-08 16:36:30 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Adobe AIR
[2010-07-08 15:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2010-07-08 15:13:34 | 000,000,000 | ---D | C] -- C:\Program\AdobeSupportAdvisor
[2010-07-08 15:13:24 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Adobe AIR(3)
[2010-07-08 12:37:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bou\Mina dokument\Nedladdade filer
[2010-07-07 12:29:29 | 000,000,000 | ---D | C] -- C:\Program\Activision
[2010-07-06 20:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\DivX Movies
[2010-07-04 22:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\PlatinumHideIP
[2010-07-04 22:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlatinumHideIP
[2010-07-04 20:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\DVD Flick
[2010-07-04 20:40:59 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2010-07-04 20:40:59 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2010-07-04 20:40:59 | 000,000,000 | ---D | C] -- C:\Program\DVD Flick
[2010-07-01 21:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\CheeseSoft
[2010-07-01 21:53:39 | 000,000,000 | ---D | C] -- C:\Program\FinalUninstaller
[2010-06-30 21:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Photoshop format
[2010-06-30 20:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Övrigt
[2010-06-30 20:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Alla typer av texter
[2010-06-30 20:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\My Photo
[2010-06-27 17:36:35 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy
[2010-06-27 17:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010-06-26 02:06:16 | 000,000,000 | ---D | C] -- C:\Program\Conduit
[2010-06-25 01:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Unity
[2010-06-23 14:23:27 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2010-06-23 14:23:27 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2010-06-23 14:23:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2010-06-23 14:23:26 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2010-06-23 14:23:26 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2010-06-23 14:23:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2010-06-23 14:23:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2010-06-23 14:23:25 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2010-06-23 14:23:24 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010-06-23 14:23:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010-06-23 14:23:23 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010-06-23 14:23:23 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010-06-23 14:23:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010-06-23 14:23:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010-06-23 14:23:21 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010-06-23 14:23:21 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010-06-23 14:23:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010-06-23 14:23:20 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010-06-23 14:23:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010-06-23 14:23:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010-06-23 14:23:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010-06-23 14:23:17 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010-06-23 14:23:16 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010-06-23 14:23:16 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010-06-23 14:23:16 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010-06-23 14:23:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010-06-23 14:23:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010-06-23 14:23:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010-06-23 14:23:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010-06-23 14:23:10 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010-06-23 14:23:10 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010-06-23 14:23:09 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010-06-23 14:23:09 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010-06-23 14:23:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010-06-23 14:23:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010-06-23 14:23:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010-06-23 14:23:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010-06-23 14:23:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010-06-23 14:23:06 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010-06-23 14:23:05 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010-06-23 14:23:05 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010-06-23 14:23:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010-06-23 14:23:04 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010-06-23 14:23:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010-06-23 14:23:03 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010-06-23 14:23:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010-06-23 14:23:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010-06-23 14:23:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010-06-23 14:23:01 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010-06-23 14:23:01 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010-06-23 14:23:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010-06-23 14:23:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010-06-23 14:22:59 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2010-06-23 14:22:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2010-06-23 14:22:58 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2010-06-23 14:22:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2010-06-23 14:22:57 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2010-06-23 14:22:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010-06-23 14:22:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2010-06-23 14:22:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2010-06-23 14:22:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2010-06-23 14:22:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2010-06-23 14:22:54 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2010-06-23 14:22:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2010-06-23 14:22:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2010-06-23 14:22:53 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2010-06-23 14:22:51 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2010-06-23 14:22:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2010-06-23 14:22:50 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2010-06-23 14:22:50 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2010-06-23 14:22:50 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2010-06-23 14:22:49 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2010-06-23 14:22:49 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2010-06-23 14:22:49 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2010-06-23 14:22:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2010-06-23 14:22:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2010-06-23 14:22:40 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2010-06-23 14:22:40 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2010-06-23 14:22:40 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2010-06-23 14:22:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2010-06-23 14:10:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010-06-23 14:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010-06-21 17:24:11 | 000,000,000 | ---D | C] -- C:\Program\PcMedik
[2010-06-19 14:08:06 | 000,184,320 | ---- | C] (Saitek plc) -- C:\WINDOWS\System32\PrfAct.exe
[2010-06-19 14:08:06 | 000,048,384 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiNtHid.sys
[2010-06-19 14:08:06 | 000,014,720 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiMini.sys
[2010-06-19 14:08:06 | 000,006,656 | ---- | C] (Saitek) -- C:\WINDOWS\System32\REnum.exe
[2010-06-19 14:08:06 | 000,000,000 | ---D | C] -- C:\Program\Saitek
[2010-06-19 14:08:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll
[2010-06-17 12:44:32 | 000,000,000 | ---D | C] -- C:\Program\SystemRequirementsLab
[2010-06-17 12:16:57 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Games
[2010-06-17 01:04:04 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys
[2010-06-17 01:03:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2010-06-17 01:03:04 | 000,000,000 | ---D | C] -- C:\Program\Microsoft SQL Server Compact Edition
[2010-06-16 19:38:31 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010-06-16 19:38:31 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010-06-16 19:38:31 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010-06-16 19:38:31 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010-06-16 19:38:30 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010-06-16 19:38:30 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010-06-16 19:38:30 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010-06-16 19:38:30 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010-06-16 19:38:30 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010-06-16 19:38:29 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2010-06-16 19:38:29 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2010-06-16 19:38:28 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2010-06-16 19:38:27 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2010-06-16 19:38:27 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2010-06-16 19:37:37 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\DivX Shared
[2010-06-14 22:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\DMCache
[2010-06-12 21:54:52 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

...

[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 180 Days ==========

[2010-07-26 13:05:48 | 000,243,712 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Downloads.doc
[2010-07-26 13:05:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-07-26 13:05:00 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job
[2010-07-26 13:02:31 | 000,001,272 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010-07-26 12:51:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bou\Skrivbord\OTL.exe
[2010-07-26 12:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-07-26 11:42:02 | 000,079,328 | ---- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT
[2010-07-26 11:33:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\PASPortal.lnk
[2010-07-26 11:33:03 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Xplorer GLX Simulator.lnk
[2010-07-26 11:33:03 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DataStudio.lnk
[2010-07-26 11:32:56 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job
[2010-07-26 11:30:19 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-07-26 11:30:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-07-26 11:29:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-07-26 00:24:40 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\bou\ntuser.dat
[2010-07-26 00:24:40 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\bou\ntuser.ini
[2010-07-25 18:26:52 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-07-25 17:54:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\qev9us82.exe
[2010-07-25 17:32:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-07-25 17:22:42 | 003,744,048 | R--- | M] () -- C:\Documents and Settings\bou\Skrivbord\ComboFix.exe
[2010-07-24 18:12:43 | 003,596,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-07-23 23:28:33 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Virtual DJ Trial.lnk
[2010-07-23 21:20:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010-07-23 18:52:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-07-23 12:12:53 | 000,059,038 | ---- | M] () -- C:\ziswin.hst
[2010-07-23 01:38:38 | 000,007,184 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\msn.jpg
[2010-07-22 23:10:13 | 000,023,152 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Izabella-Scorupco4.jpg
[2010-07-20 00:25:18 | 000,000,140 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010-07-20 00:00:21 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\VLC media player.lnk
[2010-07-17 20:57:42 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\bou\Mina dokument\schema.doc
[2010-07-14 20:46:17 | 000,000,062 | ---- | M] () -- C:\WINDOWS\MyProg.ini
[2010-07-14 13:54:54 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\djscd.sys
[2010-07-12 21:32:40 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-07-12 16:56:43 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Software_KeyGen_Demo.exe11.lnk
[2010-07-12 00:57:03 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\AdobeSupportAdvisor.lnk
[2010-07-11 13:08:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SETUP32.INI
[2010-07-11 12:58:26 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\MagicISO.lnk
[2010-07-10 16:30:09 | 000,000,829 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-07-10 15:54:50 | 000,008,194 | ---- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\atrans.7
[2010-07-10 15:53:59 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Ace Translator.lnk
[2010-07-10 15:53:59 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Ace Translator.lnk
[2010-07-10 13:57:54 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\DivX Movies.lnk
[2010-07-10 13:57:33 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Player.lnk
[2010-07-05 02:32:12 | 003,227,756 | -H-- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\IconCache.db
[2010-07-04 20:45:35 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\ImgBurn.lnk
[2010-07-04 20:41:07 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\DVD Flick.lnk
[2010-07-04 01:20:53 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-07-04 01:20:53 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\bou\Application Data\PnkBstrK.sys
[2010-07-04 01:20:34 | 002,434,856 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010-07-02 01:41:06 | 000,413,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100712-171721.backup
[2010-07-02 01:15:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010-07-01 21:53:42 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Final Uninstaller.lnk
[2010-06-30 15:33:09 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\CCleaner.lnk
[2010-06-28 20:21:38 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Spybot - Search & Destroy.lnk
[2010-06-28 14:17:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-06-26 21:39:21 | 000,002,578 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010-06-26 21:39:21 | 000,001,638 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010-06-26 21:39:21 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010-06-22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010-06-22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010-06-22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010-06-22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-22 01:36:36 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Free FLV Converter.lnk
[2010-06-21 21:14:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010-06-21 21:14:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010-06-21 17:24:12 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\PcMedik 6.lnk
[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicug.exe
[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicuf.exe
[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicue.exe
[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicud.exe
[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicuc.exe
[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicub.exe
[2010-06-19 21:53:48 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicua.exe
[2010-06-19 21:53:44 | 000,195,584 | ---- | M] () -- C:\WINDOWS\System32\SSHNAS21.DLL.del
[2010-06-18 13:40:29 | 001,059,284 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-18 13:40:29 | 000,446,102 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2010-06-18 13:40:29 | 000,443,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-18 13:40:29 | 000,084,650 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2010-06-18 13:40:29 | 000,072,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-17 12:18:07 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\RalliSport Challenge Trial Version.lnk
[2010-06-16 19:38:17 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Converter.lnk
[2010-06-14 16:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

...

[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-07-25 17:54:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\qev9us82.exe
[2010-07-23 23:28:33 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Virtual DJ Trial.lnk
[2010-07-23 21:20:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010-07-23 21:20:24 | 000,260,784 | ---- | C] () -- C:\cmldr
[2010-07-23 19:22:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-07-23 19:22:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-07-23 19:22:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-07-23 19:22:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-07-23 19:22:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-07-23 19:20:33 | 003,744,048 | R--- | C] () -- C:\Documents and Settings\bou\Skrivbord\ComboFix.exe
[2010-07-23 01:38:43 | 000,007,184 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\msn.jpg
[2010-07-22 23:10:19 | 000,023,152 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Izabella-Scorupco4.jpg
[2010-07-14 20:13:10 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2010-07-14 17:08:47 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\bou\Mina dokument\schema.doc
[2010-07-14 13:11:04 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\djscd.sys
[2010-07-13 20:47:51 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\bou\ntuser.dat
[2010-07-12 16:56:43 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Software_KeyGen_Demo.exe11.lnk
[2010-07-11 13:08:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010-07-11 12:58:26 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\MagicISO.lnk
[2010-07-10 15:54:50 | 000,008,194 | ---- | C] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\atrans.7
[2010-07-10 15:53:59 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Ace Translator.lnk
[2010-07-10 15:53:59 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Ace Translator.lnk
[2010-07-10 13:57:54 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\DivX Movies.lnk
[2010-07-08 18:25:36 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\AdobeSupportAdvisor.lnk
[2010-07-04 20:45:35 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\ImgBurn.lnk
[2010-07-04 20:41:07 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\DVD Flick.lnk
[2010-07-04 01:20:53 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010-07-04 01:20:53 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\PnkBstrK.sys
[2010-07-04 01:20:38 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010-07-04 01:20:35 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010-07-04 01:20:34 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010-07-01 21:53:42 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Final Uninstaller.lnk
[2010-06-27 17:36:44 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Spybot - Search & Destroy.lnk
[2010-06-26 21:39:21 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010-06-23 12:24:45 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicug.exe
[2010-06-22 14:01:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicuf.exe
[2010-06-22 01:49:31 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicue.exe
[2010-06-21 21:14:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010-06-21 21:14:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010-06-21 18:14:07 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicud.exe
[2010-06-21 17:24:12 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\PcMedik 6.lnk
[2010-06-21 11:02:17 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicuc.exe
[2010-06-20 21:10:14 | 000,243,712 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Downloads.doc
[2010-06-20 12:47:56 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicub.exe
[2010-06-19 21:53:59 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicua.exe
[2010-06-19 21:53:44 | 000,195,584 | ---- | C] () -- C:\WINDOWS\System32\SSHNAS21.DLL.del
[2010-06-19 14:08:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\NX.exe
[2010-06-19 14:08:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\E2.exe
[2010-06-19 14:08:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2010-06-17 12:18:07 | 000,002,032 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\RalliSport Challenge Trial Version.lnk
[2010-06-16 19:39:00 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Player.lnk
[2010-06-16 19:38:17 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Converter.lnk
[2010-06-16 18:45:20 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-16 18:45:19 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-13 21:27:35 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\CS5-inställningar för PNG-format i Adobe
[2010-06-03 22:25:06 | 000,059,038 | ---- | C] () -- C:\ziswin.hst
[2010-05-29 12:07:23 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Dream Aquarium.lnk
[2010-05-29 12:07:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\DreamAquarium.scr
[2010-05-29 11:55:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dance.ini
[2010-05-25 23:21:26 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\CCleaner.lnk
[2010-04-29 12:06:31 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2010-04-29 12:06:31 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h
[2010-04-25 16:07:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2010-04-25 10:27:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-04-17 20:42:11 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI
[2010-04-17 20:08:14 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\D59F6963CD.dll
[2010-04-17 19:41:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\keylappini.ini
[2010-04-08 23:02:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf
[2010-04-01 09:37:15 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Starta webbläsaren Internet Explorer.lnk
[2010-03-31 21:14:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010-03-31 21:14:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010-03-31 21:14:02 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010-03-31 21:14:02 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010-03-31 21:14:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010-03-31 21:14:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010-03-31 21:14:00 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010-03-31 21:14:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010-03-31 21:14:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010-03-31 21:13:59 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010-03-31 21:13:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010-03-31 21:12:31 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Play Ghost Recon Advanced Warfighter.lnk
[2010-03-29 18:49:24 | 000,059,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-03-29 17:01:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010-03-28 19:18:28 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Sothink SWF Decompiler.lnk
[2010-03-26 22:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010-03-26 22:57:34 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-03-26 22:57:34 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk
[2010-03-24 22:19:15 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Free FLV Converter.lnk
[2010-03-24 22:19:13 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2010-03-24 22:19:13 | 000,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2010-03-24 22:19:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2010-03-11 22:53:51 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Telia_Smartfire_FW_3.14.0.log
[2010-03-04 12:52:39 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job
[2010-02-28 21:02:35 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\bou\.recently-used.xbel
[2010-02-27 00:21:31 | 000,000,406 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job
[2010-02-25 18:36:06 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Media Go.lnk
[2010-02-25 18:31:08 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Update Service.lnk
[2010-02-25 17:56:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf
[2010-02-25 17:56:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2010-02-23 23:17:03 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Convert AVI to MP4.lnk
[2010-02-23 19:40:32 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010-02-23 19:39:46 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010-02-23 19:39:09 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010-02-23 19:38:51 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010-02-23 18:18:07 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 8.lnk
[2010-02-22 22:47:29 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010-02-12 17:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-01-19 16:03:30 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008-05-08 11:33:30 | 000,063,488 | ---- | C] () -- C:\WINDOWS\XOBGLU16.DLL
[2008-05-08 11:33:30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\XOBGLU32.DLL
[2008-05-08 11:22:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\AVTC.ini
[2008-05-08 04:17:42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008-05-08 04:17:41 | 000,612,864 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008-05-08 04:17:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-05-08 04:17:40 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008-05-08 04:17:40 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008-05-08 04:17:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008-05-08 04:17:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007-12-12 13:32:25 | 000,000,475 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007-12-11 15:15:36 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\peimg.ini
[2007-06-06 08:51:10 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2007-06-06 08:49:26 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2007-06-06 08:20:04 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2007-06-05 15:02:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2007-06-05 15:02:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2007-06-05 15:02:06 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2007-06-05 15:01:59 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2007-06-05 15:01:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2007-06-05 15:01:40 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2007-06-05 15:01:37 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2007-06-05 15:01:36 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2007-06-05 15:01:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll
[2007-06-05 15:01:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2007-06-04 15:34:17 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007-04-27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006-10-03 11:51:18 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006-10-03 11:51:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006-05-26 13:45:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-05-26 13:25:29 | 000,005,237 | ---- | C] () -- C:\WINDOWS\System32\kTool.ini
[2006-03-22 08:58:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Bknpci.dll
[2004-08-04 14:00:00 | 000,153,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys
[2004-07-09 11:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2004-03-16 14:09:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004-03-16 14:08:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll
[2002-04-17 14:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[1999-08-07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
< End of report >

#19
ferdi_k

Aktiv

Grupp: Medlemmar
Inlägg: 244
Gick med: 2009-10-02
Ort:Eskilstuna

Skrivet 26 jul 2010, 17:12

Cecilia, den 26 jul 2010, 16:48, sa:

ok hur ser den ut då?

Lev livet! ;)

Inlägget är redigerat av Cecilia: 26 jul 2010, 17:46.
Anledning till redigering: Tog bort loggen, för det är onödigt att ha den två gånger och gör sidan långsam /Cecilia, moderator

#20
Cecilia

Beroende

Grupp: Huvudmoderator
Inlägg: 75 560
Gick med: 2003-05-06
Ort:Stockholm

Skrivet 26 jul 2010, 17:44

Körde du ComboFix efter att du hade kört OTL? Bara så jag vet, eftersom filerna som ComboFix skulle ta bort finns kvar i OTL-loggen.

Kolla upp dessa filer på virustotal-sidan:
C:\WINDOWS\System32\NX.exe
C:\WINDOWS\System32\E2.exe
C:\WINDOWS\System32\SaiCfg.dll
C:\WINDOWS\System32\D59F6963CD.dll

Avinstallera:
Java™ 6 Update 4 (gammal version med säkerhetshål)
FinalUninstaller (olämpligt program att ha, se http://www.mywot.com...uninstaller.com )

PcMedik verkar inte heller vara något att ha med tanke på betygen på http://download.cnet...4-10062573.html

Ta bort mapparna:
C:\Program\Ask.com
C:\Documents and Settings\bou\Application Data\CheeseSoft
C:\Program\FinalUninstaller (om kvar efter avinstallationen)
C:\Program\Conduit

Ta bort filen:
C:\WINDOWS\System32\SSHNAS21.DLL.del

3 sidor
1
2
3
→

Du kan inte starta en ny tråd
Du kan inte svara i tråden