Hoppa till innehåll

Foto

Kapad dator?


  • Vänligen logga in för att kunna svara
40 svar till detta ämne

#21 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 30 mars 2012 klockan 16:09

Går det att göra en fullständig skanning med MBAM? Se till att om möjligt uppdatera programmet först. Om något hittas så klistra in den loggen.

Har du prövat att använda Unhide? För det återställer även en del registerinställningar som programmen "förstör".
http://www.bleepingc...opic405109.html

Kolla om det skadliga programmet möjligen har ändrat proxy-inställningen, se punkt 4-7 på sidan http://www.bleepingc...basic-antivirus

#22 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 30 mars 2012 klockan 16:24

Unhide har jag kört tidigare. Jag har också kollat proxyinställningar tidigare idag. Hittade en bra länk med utförlig beskrivning här: http://www.2-viruses...t-virus-problem samt här: http://www.2-viruses.com/remove-tdss Men tyvärr utan framgång. Jag har tidigare påbörjat fullständig skanning, men avbrutit eftersom det tagit för lång tid. Jag ger det kanske en chans till. Återkommer!

#23 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 30 mars 2012 klockan 16:37

www.2-viruses.com är inte en pålitlig webbplats när det gäller rensning av datorer (liksom många andra webbplatser). Det finns många helt olika typer av skadliga program som orsakar omdirigeringar i Google.

#24 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 30 mars 2012 klockan 16:51

1.
Spara RougueKiller på Skrivbordet.
http://www.sur-la-to...om/RogueKiller/
Stäng av alla program.

Kör RogueKiller. Om det inte går att köra så pröva med att döpa om programmet till winlogon.

Vänta tills "Prescan" har avslutats.
Klicka på "Scan"-knappen uppe till höger.
Vänta tills skanningen är klar.
En rapport ska då ha skapats på Skrivbordet.

Om något har hittats så klicka på "Delete"-knappen.
En till rapport ska då ha skapats på Skrivbordet.

Klicka på "ShortcutsFix"-knappen.
En till rapport ska då ha skapats på Skrivbordet.

Klistra in innehållet i alla "RKreport.txt", som finns på Skrivbordet, i ditt svar.

2.
Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe
Stäng alla program.
Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).
Välj "All users".

I rutan Custom scan klistra in följande rader (kolla att du verkligen får med alla raderna):
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

Bocka för LOP Check och Purity Check.

Tryck på Run Quick Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Redigerat av Cecilia, 30 mars 2012 klockan 21:08.
Ändrat vilken knapp som ska användas i OTL


#25 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 30 mars 2012 klockan 21:09

Observera att jag har ändrat lite i mitt förra inlägg.

#26 KennethT

KennethT

    Användare

  • Medlemmar
  • PipPip
  • 11 inlägg

Postad 30 mars 2012 klockan 22:39

Hej!
Detta liknar mycket det jag råkat ut för!
Dessvärre kan jag inte köra DDS, det blir ingen läsbar fil. Kan inte heller köra MBAM eftersom det krävs en databasuppdatering och när den körs inträffar ett fel...
Har inte åtkomst till mappen Documents and settings. I denna mapp finns sannolikt kvar en hel del av det som hela tiden återkommer.

Kenneth

#27 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 30 mars 2012 klockan 22:48

Kenneth, var snäll och försök göra det jag skrev i din tråd, inlägg 8. Om du har problem med det så skriv det i den tråden. Det blir väldigt rörigt här om den ska handla om två datorer med något olika infektioner.

#28 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 31 mars 2012 klockan 09:18

Igår körde jag MBAM med fullständig scanning, tog över fyra timmar, och då fann den tre nya trojaner/virus, men jag misstänker att de har tillkommit under de senaste dagarna. Men sökresultat i Google omdirigeras fortfarande till andra sidor snabbt och kommer sedan tillbaka till det ursprungliga sökresultatet. Verkar som att detta är ett sätt för det skadliga programmet att överleva genom att det laddas ner på nytt varje gång den besöker dessa mystiska webbplatser. MBAM fortsätter också att varna för anslutningsförsök till 206.161.121.4

Jag körde också RougeKiller och den verkade som den också fann vissa trojaner/virus. Rapport 1-3:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Internet [Admin rights]
Mode: Scan -- Date: 03/30/2012 22:00:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c55cac9f15e01a30d398eeb99a7677b8
[BSP] 87979d88ec3ec32ca6e0144fbb87418d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 0008e26557160de86230f1bfd753c3ad
[BSP] 87979d88ec3ec32ca6e0144fbb87418d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 156280320 | Size: 10 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Internet [Admin rights]
Mode: Remove -- Date: 03/30/2012 22:05:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c55cac9f15e01a30d398eeb99a7677b8
[BSP] 87979d88ec3ec32ca6e0144fbb87418d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 0008e26557160de86230f1bfd753c3ad
[BSP] 87979d88ec3ec32ca6e0144fbb87418d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 156280320 | Size: 10 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Internet [Admin rights]
Mode: Shortcuts HJfix -- Date: 03/30/2012 22:18:05

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 72 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 155 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped
[F:] \Device\CdRom2 -- 0x5 --> Skipped
[G:] \Device\CdRom3 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


Vad är det du söker i denna information och ger informationen några svar?? Ligger det något gömt här:
1 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 156280320 | Size: 10 Mo

Jag har också kört OTL, men den rapporten är ju alldeles för lång för att läggas in här på forumet och jag vill inte exponera all den informationen om min dator och vilka program mm som jag har på min dator! Kan du inte istället instruera mig i vad det är jag ska söka efter i rapporterna, så kan jag återkomma med resultatet senare idag?

Tacksam för fortsatt hjälp!

Redigerat av oktober08, 31 mars 2012 klockan 09:21.


#29 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 31 mars 2012 klockan 11:29

Klistra in loggen från MBAM där dessa tre nya hittades.

Jag tittar på varenda rad i OTL-loggen för att se om den är normal eller skadlig, så tyvärr inget jag kan ge instruktioner för dig att göra. Internet vimlar av OTL-loggar och hur ska någon kunna knyta loggen till dig personligen? Det är klart att om din namn står i klartext så kan du byta ut det på XXX.

Ta bort TDSSKiller och aswMBR. Ladda ner dem på nytt och se om det går bättre att köra dem nu.

#30 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 1 april 2012 klockan 13:51

Hej! Kampen fortsätter! Jag provade att ladda ner programmen och köra dem igen, men det det blir som förut att datorn hänger sig efter en kort stund. Trots att jag använde Firefox, kom det upp ett litet fönster med titeln Windows Internet Explorer och i fönstret stod det ungefär så här:

Vill du lämna den här sidan?

*******************************************
Whait - Last minute positions available!
** Click 'Cancel' to view **
*******************************************

Detta kan väl inte vara annat än falskt, dessutom var ända alternativet att klicka på Cancel! Ett annat alternativ som dyker är ett nedladdningsfönster som vill att jag ska ladda ner PC Performance Setup.exe Oj vilken röra!

Här är loggen för senaste MBAM. Efter det att man har raderar virus/trojaner som ligger i karantän, kommer det upp ett "brådskande" fönster från MBAM att datorn måste startas om. Är detta ett korrekt förfarande eller också falskt?
Jag återkommer senare idag med övriga loggar som önskades. Tack för fortsatt hjälp!


Malwarebytes Anti-Malware (Testversion) 1.60.1.1000
www.malwarebytes.org

Databasversion: v2012.03.30.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702

Skydd: Aktiverad

2012-03-30 17:25:46
mbam-log-2012-03-30 (17-25-46).txt

Skanningstyp: Fullständig skanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 332131
Förfluten tid: 3 timme(ar), 56 minut(er), 29 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 3
C:\Documents and Settings\Internet\Mina dokument\Hämtade filer\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe (Trojan.Downloader) -> Sattes i karantän och togs bort.
C:\Program\Apache Software Foundation\Apache2.2\bin\ab.exe (Trojan.Swrort) -> Sattes i karantän och togs bort.
C:\System Volume Information\_restore{1F479A81-54D8-4CFD-A643-2AC6B6375C76}\RP838\A0084487.exe (Trojan.Agent) -> Sattes i karantän och togs bort.

(klar)

#31 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 1 april 2012 klockan 15:06

Den första fråga är definitivt falsk.

MBAM behöver starta om datorn om den hittar en skadlig fil som används, för då kan den inte flytta filen till karantän på en gång utan det måste göras så tidigt under uppstarten av Windows att den skadliga filen inte är igång. Jag är inte säker på om det är detta som din fråga gäller.

Att använda cracks/keygen till program är alltid riskfyllt.

Är det något crack eller liknande inblandat när det gäller Apache också? För normalt så är ju ab.exe i det sammanhanget en normal fil som beskrivs på http://httpd.apache....rograms/ab.html

Hänger sig TDSSKiller före eller efter att dess fönster har kommit upp?
Om det är efter så försök med nedanstående:
Starta TDSSKiller.
Klicka på "Change parameters".
Bocka för "Detect TDLFS file system".
Klicka på "OK".
Klicka på "Start Scan".

När skannern är klar visas en lista på funna objekt.
Ändra inget val utan klicka bara på "Next/Continue" för att låta programmet åtgärda det som hittades.
Starta om datorn.
Klistra in dess log.

Men det går inte att komma vidare och bli hyfsat övertygad om att datorn är ren utan att se loggen från OTL.

#32 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 1 april 2012 klockan 20:25

Tycker också det är lite märkligt att en fil tillhörande Apache pekas ut som virus/trojan, så nu funkar väl inte Apache server för mig :(

Jo, jag vet att det är mindre lämpligt att använda cracks/keygen, men vad vore livet utan lite risker :)

TDSSKiller och aswMBR kommer inte så lång att jag äns ser något fönster! Kan det vara något annat som stör dem? Jag har ju även provat att avsluta MBAM och Telia Säker Surf för att kolla om det skulle hjälpa, men ej!

Bifogar OTL loggen nedan samt filen Extras, båda lätt censuerade :)

OTL loggen:

OTL logfile created on: 2012-03-31 07:53:09 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Internet\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

511,42 Mb Total Physical Memory | 174,82 Mb Available Physical Memory | 34,18% Memory free
1,45 Gb Paging File | 0,74 Gb Available in Paging File | 51,18% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 74,52 Gb Total Space | 20,07 Gb Free Space | 26,93% Space Free | Partition Type: NTFS

Computer Name: | User Name: Internet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-30 22:19:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet\Skrivbord\OTL.exe
PRC - [2012-01-31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-01-31 13:13:44 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011-12-02 18:33:54 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe
PRC - [2011-12-02 18:32:30 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe
PRC - [2011-12-02 18:32:30 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32.exe
PRC - [2011-09-05 19:41:40 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program\Java\jre7\bin\jqs.exe
PRC - [2011-05-31 22:22:45 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe
PRC - [2011-04-11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2010-10-11 19:12:26 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe
PRC - [2010-02-19 20:56:27 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009-11-24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program\WTouch\WTouchUser.exe
PRC - [2009-11-24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program\WTouch\WTouchService.exe
PRC - [2009-11-24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009-11-24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009-08-05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
PRC - [2009-08-05 17:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
PRC - [2009-08-05 17:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSHDLL32.EXE
PRC - [2009-08-05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-17 16:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program\ACD Systems\DevDetect\DevDetect.exe
PRC - [2001-09-06 22:33:36 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2011-12-02 18:33:31 | 000,030,888 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2011-05-22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program\FileZilla FTP Client\fzshellext.dll
MOD - [2011-04-11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program\MySQL\MySQL Server 5.5\bin\mysqld.exe
MOD - [2010-10-11 19:08:49 | 000,768,712 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fm4av.dll
MOD - [2010-06-06 18:34:21 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009-11-19 11:01:00 | 000,097,792 | ---- | M] () -- C:\Program\PHP\libpq.dll
MOD - [2009-08-05 17:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program\telia\telias sakerhetstjanster\hips\fshook32.dll
MOD - [2009-08-05 17:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program\telia\telias sakerhetstjanster\hips\fsumi.dll
MOD - [2009-08-05 17:56:56 | 000,920,160 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\gres.dll
MOD - [2009-08-05 17:56:50 | 000,045,056 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\fsavures.eng
MOD - [2009-08-05 17:56:32 | 000,838,240 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\about.dll
MOD - [2009-08-05 17:56:32 | 000,088,672 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\aboutres.dll
MOD - [2009-02-27 19:23:48 | 000,311,296 | ---- | M] () -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\pdfshell.SVE
MOD - [2005-10-18 10:30:02 | 000,012,288 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\strres.sve
MOD - [2005-10-18 10:30:00 | 000,056,320 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\FSGUI\flyerres.sve
MOD - [2005-08-18 13:41:48 | 000,053,248 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsavhres.sve


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-03-30 10:13:23 | 000,000,110 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Internet\Application Data\Plug.bat -- (Mshost Manager)
SRV - [2012-01-31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-09-05 19:41:40 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-05-31 22:22:45 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011-04-11 15:02:28 | 008,142,848 | ---- | M] () [Auto | Running] -- C:\Program\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5)
SRV - [2010-10-11 19:12:26 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2010-02-19 20:56:27 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-11-24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009-11-24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009-08-05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE -- (FSMA)
SRV - [2009-08-05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008-09-08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-09-29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\dxji.sys -- (hfmsfx)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Internet\LOKALA~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012-03-30 21:34:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-01-18 11:04:38 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-12-02 18:36:16 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011-12-02 18:33:32 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011-01-14 09:27:39 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009-11-09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-08-05 17:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009-05-20 20:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009-03-30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008-09-23 09:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2008-08-26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-06-06 10:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-05-07 08:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008-05-07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008-05-07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-02-16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001-08-17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001-08-17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001-08-17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001-08-17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001-08-17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001-08-17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001-08-17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001-08-17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001-08-17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001-08-17 22:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Drivrutin för Creative SoundFont Manager (WDM)
DRV - [2001-08-17 22:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Drivrutin för Creative Interface Manager (WDM)
DRV - [2001-08-17 22:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {44475ACF-AC79-4352-B49B-5C569BA1927D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://google.com/se...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: fontfinder@bendodson.com:1.0
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Internet\Lokala inställningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Internet\Lokala inställningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program\Mozilla Firefox\components [2012-03-17 09:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2012-01-16 10:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program\Mozilla Thunderbird\components [2011-08-26 11:49:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program\Mozilla Thunderbird\plugins

[2010-01-24 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Extensions
[2010-01-24 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012-02-03 17:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Firefox\Profiles\uhy40cal.default\extensions
[2011-12-06 09:48:51 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Firefox\Profiles\uhy40cal.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011-02-10 13:14:02 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Mozilla\Firefox\Profiles\uhy40cal.default\searchplugins\wikipedia-eng.xml
[2012-03-17 14:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\{04426594-BCE6-4705-B811-BCDBA2FD9C7B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012-03-17 09:15:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\browsercomps.dll
[2011-09-05 19:41:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-03 19:27:04 | 000,001,470 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-10-03 19:27:04 | 000,002,252 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\bing.xml
[2011-10-03 19:27:04 | 000,002,670 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-10-03 19:27:04 | 000,000,948 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-10-03 19:27:04 | 000,001,174 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-10-03 19:27:04 | 000,000,951 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program\Personal\bin\np_prsnl.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program\TabletPlugins\npwacom.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010-08-15 08:56:18 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Detector] C:\Program\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nokia FastStart] "C:\Program\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264336671468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1264336643875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.30 195.67.199.31 195.67.199.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC255FC-C485-44A7-B739-5FEEEDACE7D2}: DhcpNameServer = 195.67.199.30 195.67.199.31 195.67.199.32
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-24 12:45:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7c9deb84-2574-11df-a316-0008020fe8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{7c9deb84-2574-11df-a316-0008020fe8ec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{aa6b5826-08fe-11df-a2e0-0008020fe8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{aa6b5826-08fe-11df-a2e0-0008020fe8ec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-03-30 22:19:31 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Internet\Skrivbord\OTL.exe
[2012-03-30 21:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Skrivbord\RK_Quarantine
[2012-03-30 21:34:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-03-30 13:20:52 | 000,000,000 | --SD | C] -- C:\ComboFix2
[2012-03-30 13:17:45 | 004,450,054 | R--- | C] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix2.exe
[2012-03-29 09:30:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Internet\Skrivbord\ww.exe
[2012-03-29 09:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Skrivbord\tdsskiller
[2012-03-29 08:31:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\dds.scr
[2012-03-28 19:10:29 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012-03-28 19:02:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-03-28 19:02:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-03-28 19:02:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-03-28 19:02:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-03-28 19:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-03-28 18:59:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-28 18:34:40 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Internet\Skrivbord\unhide.exe
[2012-03-28 18:22:57 | 004,448,457 | R--- | C] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix.exe
[2012-03-28 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Application Data\Malwarebytes
[2012-03-28 15:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2012-03-28 15:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-03-28 15:51:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-03-28 15:51:31 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2012-03-28 15:50:37 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Internet\Mina dokument\mbam-setup.exe
[2012-03-28 15:03:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\CSC
[2012-03-26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Internet\Skrivbord\wed.com
[2012-03-26 10:37:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Internet\Recent
[2012-03-26 10:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\xxx
[2012-03-25 19:26:01 | 000,000,000 | --SD | C] -- C:\found.000
[2012-03-25 15:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Start-meny\Program\System Check
[2012-03-12 08:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Skrivbord\eclipse-SDK-3.7.2-win32
[5 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-03-31 07:33:58 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-308236825-725345543-1003UA.job
[2012-03-31 07:26:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-03-31 07:24:42 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-03-31 07:24:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-03-30 22:19:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet\Skrivbord\OTL.exe
[2012-03-30 21:55:36 | 001,261,056 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\RogueKiller.exe
[2012-03-30 21:34:29 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-03-30 17:31:07 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-308236825-725345543-1003Core.job
[2012-03-30 13:17:46 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix2.exe
[2012-03-30 11:48:45 | 002,048,299 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\tdsskiller.zip
[2012-03-30 10:13:23 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Plug.bat
[2012-03-29 11:38:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-03-29 10:40:26 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\rkill.com
[2012-03-29 09:30:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Internet\Skrivbord\ww.exe
[2012-03-29 08:31:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\dds.scr
[2012-03-29 08:19:37 | 000,001,541 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012-03-28 19:10:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-03-28 18:34:37 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Internet\Skrivbord\unhide.exe
[2012-03-28 18:22:41 | 004,448,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix.exe
[2012-03-28 15:51:35 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:51:35 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:50:30 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Internet\Mina dokument\mbam-setup.exe
[2012-03-26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Internet\Skrivbord\wed.com
[2012-03-25 15:25:31 | 000,568,762 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2012-03-25 15:25:31 | 000,567,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-25 15:25:31 | 000,127,352 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2012-03-25 15:25:31 | 000,113,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-25 13:26:22 | 000,145,183 | ---- | M] () -- C:\Documents and Settings\Internet\.recently-used.xbel
[2012-03-23 08:38:56 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-03-23 08:38:55 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Google Chrome.lnk
[2012-03-15 16:26:24 | 000,009,804 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\xxx-1_inlämning3_v1.zip
[2012-03-12 10:09:41 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Genväg till eclipse.exe.lnk
[2012-03-12 10:09:29 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Genväg till eclipse.exe.lnk
[2012-03-12 08:52:56 | 183,171,707 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\eclipse-SDK-3.7.2-win32.zip
[2012-03-02 13:21:28 | 000,398,597 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Assignment3 (1).pdf
[5 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-03-30 21:55:47 | 001,261,056 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\RogueKiller.exe
[2012-03-30 10:13:23 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Plug.bat
[2012-03-29 10:40:33 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\rkill.com
[2012-03-29 08:19:21 | 000,001,541 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-03-28 22:24:28 | 002,048,299 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\tdsskiller.zip
[2012-03-28 19:10:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-03-28 19:10:35 | 000,260,784 | R-S- | C] () -- C:\cmldr
[2012-03-28 19:02:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-03-28 19:02:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-03-28 19:02:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-03-28 19:02:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-03-28 19:02:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-03-28 18:48:15 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-03-28 18:48:15 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google SketchUp 7.lnk
[2012-03-28 18:48:15 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012-03-28 18:48:15 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-03-28 18:48:15 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual Studio 2010.lnk
[2012-03-28 18:48:15 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Starta webbläsaren Internet Explorer.lnk
[2012-03-28 18:48:15 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-03-28 18:48:15 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012-03-28 18:48:15 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\JCreator LE.lnk
[2012-03-28 18:48:15 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Genväg till eclipse.exe.lnk
[2012-03-28 18:48:15 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2012-03-28 18:48:15 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2012-03-28 18:48:15 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mina dokument.lnk
[2012-03-28 18:48:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Visa skrivbordet.scf
[2012-03-28 18:48:14 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee for PENTAX.lnk
[2012-03-28 18:48:14 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Blender.lnk
[2012-03-28 18:48:14 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk 3ds Max 9 32-bit.lnk
[2012-03-28 18:48:14 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\FileZilla Client.lnk
[2012-03-28 18:48:14 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Anteckningar.lnk
[2012-03-28 18:48:14 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Den här datorn.lnk
[2012-03-28 15:51:35 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:51:35 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:31:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-03-25 13:26:22 | 000,145,183 | ---- | C] () -- C:\Documents and Settings\Internet\.recently-used.xbel
[2012-03-15 16:26:14 | 000,009,804 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\xxx-1_inlämning3_v1.zip
[2012-03-12 10:09:29 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\Genväg till eclipse.exe.lnk
[2012-03-12 08:49:24 | 183,171,707 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\eclipse-SDK-3.7.2-win32.zip
[2012-03-02 13:21:27 | 000,398,597 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\Assignment3 (1).pdf
[2012-01-22 02:15:35 | 004,505,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-308236825-725345543-1003-0.dat
[2012-01-22 02:15:16 | 000,278,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-System.dat
[2012-01-10 11:15:10 | 134,301,135 | ---- | C] () -- C:\Program\eclipse-java-indigo-SR1-win32.zip
[2011-07-02 22:50:42 | 000,148,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-10-06 21:20:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Internet\Lokala inställningar\Application Data\PUTTY.RND
[2010-09-25 22:54:48 | 000,033,776 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-08-19 23:23:09 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Internet\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-06 18:36:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010-06-06 18:34:22 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010-06-06 18:34:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010-04-02 18:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

========== LOP Check ==========

[2010-01-29 22:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010-09-27 21:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGVIS
[2010-02-19 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012-01-18 11:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-01-24 13:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-10-11 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010-02-03 22:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011-09-05 22:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2011-05-07 08:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010-01-24 22:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010-01-24 22:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-02-26 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012-01-21 16:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010-02-01 21:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\.BitTornado
[2010-04-11 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\ACD Systems
[2011-04-16 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Blender Foundation
[2012-01-18 11:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\DAEMON Tools Lite
[2012-01-18 10:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\e-academy Inc
[2010-02-10 21:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\F-Secure
[2012-03-30 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\FileZilla
[2010-02-03 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\GARMIN
[2012-03-25 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\gtk-2.0
[2012-02-11 09:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\inkscape
[2011-09-05 22:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\JCreator
[2010-01-25 20:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\MySQL
[2011-07-02 13:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Nokia
[2010-02-08 21:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Notepad++
[2011-09-04 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Participatory Culture Foundation
[2010-01-24 22:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\PC Suite
[2012-01-25 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\PCF-VLC
[2010-06-06 18:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\pdf995
[2010-01-24 23:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Personal
[2010-10-25 21:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Philipp Winterberg
[2010-01-24 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Thunderbird
[2010-05-27 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\WTouch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\explorer.exe
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004-08-04 10:34:19 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=87A3C8EAD27CF3591713D629D8BCB990 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004-08-04 10:34:46 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8A75754B7B9ECC4753E3C09A56B18 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\system32\svchost.exe
[2012-01-31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-04-14 18:05:22 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 18:05:22 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\system32\userinit.exe
[2004-08-04 10:34:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=452202227D7A5020D058D49106C0B872 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-04 10:34:50 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=3E080D3D4F81B0638766CCC4D7707D10 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012-01-31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
Dator: X
Volymnr. Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volym 0 D DVD-ROM 0 B
Volym 1 E CD-ROM 0 B
Volym 2 F DVD-ROM 0 B
Volym 3 G DVD-ROM 0 B
Volym 4 C NTFS Partition 75 GB Felfri Systemst

< End of report >

Bifogad fil(er)

  • Bifogad fil  Extras.Txt   42,28K   1 Antal nerladdningar

Redigerat av oktober08, 2 april 2012 klockan 10:07.


#33 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 1 april 2012 klockan 22:03

Tycker också det är lite märkligt att en fil tillhörande Apache pekas ut som virus/trojan, så nu funkar väl inte Apache server för mig :(

Det går att återställa filer från MBAMs karantän. För säkerhets skull så kan du efter återställandet ladda upp filen på http://www.virustotal.com för att få den kollad av flera antivirusprogram.

1.
Vet du vad detta är för fil?
[2012-03-26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Internet\Skrivbord\wed.com

2.
Stäng av alla program du ser inklusive antivirusprogram och antispionprogram så att de inte krockar med OTL.
Hur? Se http://www.bleepingc...opic114351.html

Starta programmet OTL (i Vista/Windows7 högerklicka och välj Kör som administratör).
Kopiera alla raderna i rutan:
:OTL
SRV - [2012-03-30 10:13:23 | 000,000,110 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\Internet\Application Data\Plug.bat -- (Mshost Manager)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\dxji.sys -- (hfmsfx)
[2012-03-25 15:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Start-meny\Program\System Check
:Commands
[CREATERESTOREPOINT]
[REBOOT]
Klistra in dem i rutan Custom Scans/Fixes. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.
Tryck på Run Fix.
Om du blir tillfrågad om att starta om datorn så gör det.
Det kommer upp en logg i Anteckningar. Kopiera den och klistra in i ditt svar.

Om den inte kommer automatiskt så hittar du den i mappen c:\_OTL\Moved Files med ett namn som innehåller dagens datum och klockslaget för körningen.

3.
Kör också OTL på samma sätt som jag beskrev i inlägg 24 och klistra in den loggen också.

4.
Se om du nu kan köra TDSSKiller och aswMBR, helst i normalt läge men om det inte går så pröva i felsäkert läge.

#34 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 2 april 2012 klockan 07:24

1. Detta är TDSSKiller eller aswMBR som jag provade att döpa om för att testa om det gick att köra dem med annat namn.

Återkommer senare när jag utfört de andra momenten.

#35 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 2 april 2012 klockan 10:03

TDSSKiller och aswMBR känns helt livlösa när man klickar på dem. Det hörs lite i hårddisken för ett ögonblick medan ett tomglas dyker upp, men bara i ett ögonblick, sedan är det helt tyst från hårddisken. Känns som att inget händer. Provade både i normal läge och felsäkert läge. Kunde inte hitta något ny Extra.txt från OTL. Lite trist att det inte går att hitta något fel.


========== OTL ==========
Service Mshost Manager stopped successfully!
Service Mshost Manager deleted successfully!
C:\Documents and Settings\Internet\Application Data\Plug.bat moved successfully.
Service hfmsfx stopped successfully!
Service hfmsfx deleted successfully!
File System32\drivers\dxji.sys not found.
C:\Documents and Settings\Internet\Start-meny\Program\System Check folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)



Den andra OTL loggen:



OTL logfile created on: 2012-04-02 09:40:17 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Internet\Skrivbord
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

511,42 Mb Total Physical Memory | 300,12 Mb Available Physical Memory | 58,68% Memory free
1,45 Gb Paging File | 0,98 Gb Available in Paging File | 67,75% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 74,52 Gb Total Space | 19,81 Gb Free Space | 26,58% Space Free | Partition Type: NTFS

Computer Name: X | User Name: Internet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-03-30 22:19:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet\Skrivbord\OTL.exe
PRC - [2012-01-31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011-12-02 18:32:30 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe
PRC - [2011-12-02 18:32:30 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32.exe
PRC - [2011-09-05 19:41:40 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program\Java\jre7\bin\jqs.exe
PRC - [2011-04-11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2010-02-19 20:56:27 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009-11-24 01:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program\WTouch\WTouchUser.exe
PRC - [2009-11-24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program\WTouch\WTouchService.exe
PRC - [2009-11-24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009-11-24 01:53:56 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009-08-05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
PRC - [2009-08-05 17:58:50 | 000,076,384 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSLAUNCHER1.EXE
PRC - [2009-08-05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
PRC - [2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003-06-17 16:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program\ACD Systems\DevDetect\DevDetect.exe
PRC - [2001-09-06 22:33:36 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2011-12-02 18:33:31 | 000,030,888 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\hashlib_x86.dll
MOD - [2011-05-22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program\FileZilla FTP Client\fzshellext.dll
MOD - [2011-04-11 15:02:28 | 008,142,848 | ---- | M] () -- C:\Program\MySQL\MySQL Server 5.5\bin\mysqld.exe
MOD - [2010-10-11 19:08:49 | 000,768,712 | ---- | M] () -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fm4av.dll
MOD - [2010-06-06 18:34:21 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2009-11-19 11:01:00 | 000,097,792 | ---- | M] () -- C:\Program\PHP\libpq.dll
MOD - [2009-08-05 17:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program\telia\telias sakerhetstjanster\hips\fshook32.dll
MOD - [2009-08-05 17:58:30 | 000,236,128 | ---- | M] () -- \\?\c:\program\telia\telias sakerhetstjanster\hips\fsumi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012-01-31 13:13:44 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011-09-05 19:41:40 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011-05-31 22:22:45 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011-04-11 15:02:28 | 008,142,848 | ---- | M] () [Auto | Running] -- C:\Program\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL5)
SRV - [2010-10-11 19:12:26 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program\Telia\Telias sakerhetstjanster\FWES\program\fsdfwd.exe -- (FSDFWD)
SRV - [2010-02-19 20:56:27 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009-11-24 01:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009-11-24 01:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009-08-05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE -- (FSMA)
SRV - [2009-08-05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008-09-08 08:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006-09-29 13:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Internet\LOKALA~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012-04-01 14:48:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012-01-18 11:04:38 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011-12-02 18:36:16 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2011-12-02 18:33:32 | 000,148,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program\Telia\Telias sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011-01-14 09:27:39 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009-11-09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009-08-05 17:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program\Telia\Telias sakerhetstjanster\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009-05-20 20:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009-03-30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008-09-23 09:24:00 | 000,042,368 | ---- | M] (Todos Data System AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\shbecr.sys -- (Tdsshbecr)
DRV - [2008-08-26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-06-06 10:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-05-07 08:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008-05-07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008-05-07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-04-13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007-02-16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2001-08-17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001-08-17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001-08-17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001-08-17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001-08-17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001-08-17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001-08-17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001-08-17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001-08-17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001-08-17 22:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Drivrutin för Creative SoundFont Manager (WDM)
DRV - [2001-08-17 22:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Drivrutin för Creative Interface Manager (WDM)
DRV - [2001-08-17 22:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001-08-17 22:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {44475ACF-AC79-4352-B49B-5C569BA1927D}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{44475ACF-AC79-4352-B49B-5C569BA1927D}: "URL" = http://google.com/se...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: turntoolviewer@turntool.com:2.9.5.9
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: fontfinder@bendodson.com:1.0
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Internet\Lokala inställningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Internet\Lokala inställningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program\Mozilla Firefox\components [2012-03-17 09:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2012-01-16 10:40:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program\Mozilla Thunderbird\components [2011-08-26 11:49:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program\Mozilla Thunderbird\plugins

[2010-01-24 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Extensions
[2010-01-24 17:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012-04-02 08:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Firefox\Profiles\uhy40cal.default\extensions
[2011-12-06 09:48:51 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Internet\Application Data\Mozilla\Firefox\Profiles\uhy40cal.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011-02-10 13:14:02 | 000,001,032 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Mozilla\Firefox\Profiles\uhy40cal.default\searchplugins\wikipedia-eng.xml
[2012-03-17 14:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\{04426594-BCE6-4705-B811-BCDBA2FD9C7B}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\INTERNET\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UHY40CAL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012-03-17 09:15:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\browsercomps.dll
[2011-09-05 19:41:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program\mozilla firefox\plugins\npdeployJava1.dll
[2011-10-03 19:27:04 | 000,001,470 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\allaannonser-sv-SE.xml
[2011-10-03 19:27:04 | 000,002,252 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\bing.xml
[2011-10-03 19:27:04 | 000,002,670 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\prisjakt-sv-SE.xml
[2011-10-03 19:27:04 | 000,000,948 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\tyda-sv-SE.xml
[2011-10-03 19:27:04 | 000,001,174 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia-sv-SE.xml
[2011-10-03 19:27:04 | 000,000,951 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo-sv-SE.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Internet\Lokala inst\u00E4llningar\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Nexus Personal (Enabled) = C:\Program\Personal\bin\np_prsnl.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program\TabletPlugins\npwacom.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010-08-15 08:56:18 | 000,000,355 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Detector] C:\Program\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program\Telia\Telias sakerhetstjanster\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nokia FastStart] "C:\Program\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program\Telia\Telias sakerhetstjanster\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264336671468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1264336643875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.67.199.30 195.67.199.31 195.67.199.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FC255FC-C485-44A7-B739-5FEEEDACE7D2}: DhcpNameServer = 195.67.199.30 195.67.199.31 195.67.199.32
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010-01-24 12:45:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7c9deb84-2574-11df-a316-0008020fe8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{7c9deb84-2574-11df-a316-0008020fe8ec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{aa6b5826-08fe-11df-a2e0-0008020fe8ec}\Shell - "" = AutoRun
O33 - MountPoints2\{aa6b5826-08fe-11df-a2e0-0008020fe8ec}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-04-02 08:37:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-04-01 14:48:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-04-01 09:05:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Internet\Skrivbord\aswMBR.exe
[2012-03-30 22:19:31 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Internet\Skrivbord\OTL.exe
[2012-03-30 21:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Skrivbord\RK_Quarantine
[2012-03-30 13:20:52 | 000,000,000 | --SD | C] -- C:\ComboFix2
[2012-03-30 13:17:45 | 004,450,054 | R--- | C] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix2.exe
[2012-03-29 09:30:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Internet\Skrivbord\ww.exe
[2012-03-29 09:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Skrivbord\tdsskiller
[2012-03-29 08:31:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\dds.scr
[2012-03-28 19:10:29 | 000,000,000 | R-SD | C] -- C:\cmdcons
[2012-03-28 19:02:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-03-28 19:02:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-03-28 19:02:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-03-28 19:02:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-03-28 19:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-03-28 18:59:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-03-28 18:34:40 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Internet\Skrivbord\unhide.exe
[2012-03-28 18:22:57 | 004,448,457 | R--- | C] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix.exe
[2012-03-28 15:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Application Data\Malwarebytes
[2012-03-28 15:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Malwarebytes' Anti-Malware
[2012-03-28 15:51:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012-03-28 15:51:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012-03-28 15:51:31 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2012-03-28 15:50:37 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Internet\Mina dokument\mbam-setup.exe
[2012-03-28 15:03:33 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012-03-26 13:41:12 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Internet\Skrivbord\wed.com
[2012-03-26 10:37:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Internet\Recent
[2012-03-26 10:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\xxx
[2012-03-25 19:26:01 | 000,000,000 | --SD | C] -- C:\found.000
[2012-03-12 08:55:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Internet\Skrivbord\eclipse-SDK-3.7.2-win32
[5 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-04-02 09:31:04 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-308236825-725345543-1003UA.job
[2012-04-02 09:03:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-04-02 09:01:26 | 000,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012-04-02 09:01:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-04-02 08:06:09 | 000,654,144 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Assignment4Help.pdf
[2012-04-02 08:05:28 | 000,323,928 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Assignment4.pdf
[2012-04-01 19:38:52 | 000,002,363 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Google Chrome.lnk
[2012-04-01 19:38:52 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-04-01 17:31:04 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-308236825-725345543-1003Core.job
[2012-04-01 14:48:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012-04-01 12:07:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-04-01 09:05:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Internet\Skrivbord\aswMBR.exe
[2012-04-01 09:05:00 | 002,048,299 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\tdsskiller.zip
[2012-03-30 22:19:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Internet\Skrivbord\OTL.exe
[2012-03-30 21:55:36 | 001,261,056 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\RogueKiller.exe
[2012-03-30 13:17:46 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix2.exe
[2012-03-29 10:40:26 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\rkill.com
[2012-03-29 09:30:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Internet\Skrivbord\ww.exe
[2012-03-29 08:31:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\dds.scr
[2012-03-29 08:19:37 | 000,001,541 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012-03-28 19:10:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012-03-28 18:34:37 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Internet\Skrivbord\unhide.exe
[2012-03-28 18:22:41 | 004,448,457 | R--- | M] (Swearware) -- C:\Documents and Settings\Internet\Skrivbord\ComboFix.exe
[2012-03-28 15:51:35 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:51:35 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:50:30 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Internet\Mina dokument\mbam-setup.exe
[2012-03-26 13:41:12 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Internet\Skrivbord\wed.com
[2012-03-25 15:25:31 | 000,568,762 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2012-03-25 15:25:31 | 000,567,448 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-03-25 15:25:31 | 000,127,352 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2012-03-25 15:25:31 | 000,113,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-03-25 13:26:22 | 000,145,183 | ---- | M] () -- C:\Documents and Settings\Internet\.recently-used.xbel
[2012-03-15 16:26:24 | 000,009,804 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\xxx-1_inlämning3_v1.zip
[2012-03-12 10:09:41 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Genväg till eclipse.exe.lnk
[2012-03-12 10:09:29 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\Genväg till eclipse.exe.lnk
[2012-03-12 08:52:56 | 183,171,707 | ---- | M] () -- C:\Documents and Settings\Internet\Skrivbord\eclipse-SDK-3.7.2-win32.zip
[5 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-04-02 08:06:13 | 000,654,144 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\Assignment4Help.pdf
[2012-04-02 08:05:44 | 000,323,928 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\Assignment4.pdf
[2012-03-30 21:55:47 | 001,261,056 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\RogueKiller.exe
[2012-03-29 10:40:33 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\rkill.com
[2012-03-29 08:19:21 | 000,001,541 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012-03-28 22:24:28 | 002,048,299 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\tdsskiller.zip
[2012-03-28 19:10:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012-03-28 19:10:35 | 000,260,784 | R-S- | C] () -- C:\cmldr
[2012-03-28 19:02:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-03-28 19:02:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-03-28 19:02:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-03-28 19:02:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-03-28 19:02:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-03-28 18:48:15 | 000,002,341 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-03-28 18:48:15 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Google SketchUp 7.lnk
[2012-03-28 18:48:15 | 000,001,630 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012-03-28 18:48:15 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012-03-28 18:48:15 | 000,000,950 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Visual Studio 2010.lnk
[2012-03-28 18:48:15 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Starta webbläsaren Internet Explorer.lnk
[2012-03-28 18:48:15 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012-03-28 18:48:15 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012-03-28 18:48:15 | 000,000,757 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\JCreator LE.lnk
[2012-03-28 18:48:15 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Genväg till eclipse.exe.lnk
[2012-03-28 18:48:15 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad++.lnk
[2012-03-28 18:48:15 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2012-03-28 18:48:15 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mina dokument.lnk
[2012-03-28 18:48:15 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Visa skrivbordet.scf
[2012-03-28 18:48:14 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\ACDSee for PENTAX.lnk
[2012-03-28 18:48:14 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Blender.lnk
[2012-03-28 18:48:14 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Autodesk 3ds Max 9 32-bit.lnk
[2012-03-28 18:48:14 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\FileZilla Client.lnk
[2012-03-28 18:48:14 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Anteckningar.lnk
[2012-03-28 18:48:14 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Den här datorn.lnk
[2012-03-28 15:51:35 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Internet\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:51:35 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes Anti-Malware.lnk
[2012-03-28 15:31:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-03-25 13:26:22 | 000,145,183 | ---- | C] () -- C:\Documents and Settings\Internet\.recently-used.xbel
[2012-03-15 16:26:14 | 000,009,804 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\xxx-1_inlämning3_v1.zip
[2012-03-12 10:09:29 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\Genväg till eclipse.exe.lnk
[2012-03-12 08:49:24 | 183,171,707 | ---- | C] () -- C:\Documents and Settings\Internet\Skrivbord\eclipse-SDK-3.7.2-win32.zip
[2012-01-22 02:15:35 | 004,505,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-S-1-5-21-507921405-308236825-725345543-1003-0.dat
[2012-01-22 02:15:16 | 000,278,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\WPFFontCache_v0400-System.dat
[2012-01-10 11:15:10 | 134,301,135 | ---- | C] () -- C:\Program\eclipse-java-indigo-SR1-win32.zip
[2011-07-02 22:50:42 | 000,148,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat
[2010-10-06 21:20:40 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Internet\Lokala inställningar\Application Data\PUTTY.RND
[2010-09-25 22:54:48 | 000,033,776 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-08-19 23:23:09 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Internet\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-06-06 18:36:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010-06-06 18:34:22 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010-06-06 18:34:21 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

========== LOP Check ==========

[2010-01-29 22:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010-09-27 21:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGVIS
[2010-02-19 21:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012-01-18 11:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010-01-24 13:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010-10-11 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2010-02-03 22:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011-09-05 22:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2011-05-07 08:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2010-01-24 22:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010-01-24 22:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012-02-26 10:45:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012-01-21 16:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2010-02-01 21:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\.BitTornado
[2010-04-11 09:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\ACD Systems
[2011-04-16 21:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Blender Foundation
[2012-01-18 11:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\DAEMON Tools Lite
[2012-01-18 10:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\e-academy Inc
[2010-02-10 21:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\F-Secure
[2012-03-30 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\FileZilla
[2010-02-03 22:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\GARMIN
[2012-03-25 13:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\gtk-2.0
[2012-02-11 09:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\inkscape
[2011-09-05 22:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\JCreator
[2010-01-25 20:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\MySQL
[2011-07-02 13:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Nokia
[2010-02-08 21:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Notepad++
[2011-09-04 15:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Participatory Culture Foundation
[2010-01-24 22:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\PC Suite
[2012-01-25 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\PCF-VLC
[2010-06-06 18:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\pdf995
[2010-01-24 23:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Personal
[2010-10-25 21:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Philipp Winterberg
[2010-01-24 17:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\Thunderbird
[2010-05-27 20:08:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Application Data\WTouch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\explorer.exe
[2008-04-14 18:05:06 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=74BB7DCD2BFDCC0E52869DB3582CA781 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004-08-04 10:34:19 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=87A3C8EAD27CF3591713D629D8BCB990 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2004-08-04 10:34:46 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=22D8A75754B7B9ECC4753E3C09A56B18 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008-04-14 18:05:21 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=6CCEF19D7301D9861F90E299C798AD3F -- C:\WINDOWS\system32\svchost.exe
[2012-01-31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008-04-14 18:05:22 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008-04-14 18:05:22 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=317799A2E42B5EA048A8A70F482CBA9F -- C:\WINDOWS\system32\userinit.exe
[2004-08-04 10:34:48 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=452202227D7A5020D058D49106C0B872 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004-08-04 10:34:50 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=3E080D3D4F81B0638766CCC4D7707D10 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012-01-31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 18:05:23 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ABD2D070BE76A9386A0A283A332E3862 -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
Dator: X
Volymnr. Enh Etikett Fils. Typ Storlek Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volym 0 D DVD-ROM 0 B
Volym 1 E CD-ROM 0 B
Volym 2 F DVD-ROM 0 B
Volym 3 G DVD-ROM 0 B
Volym 4 C NTFS Partition 75 GB Felfri Systemst

< End of report >


OTL by OldTimer - Version 3.2.39.2 log created on 04022012_083757

#36 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 2 april 2012 klockan 11:30

1. Pröva med att ladda ner TDSSKiller på nytt och under nedladdningen väljer du att filen ska sparas med namnet Winlogon på skrivbordet. Se om den går att köra efter det.

Om det fortfarande inte går så ta bort den ComboFix du har, ladda ner på nytt och försök köra den. Helst i normalt läge, men felsäkert går ju bra det också.

2. Kör RougeKiller en gång och klistra in dess logg.

3. Gör en snabbskanning med MBAM om det går (uppdatera programmet först).

Redigerat av Cecilia, 2 april 2012 klockan 11:40.


#37 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 3 april 2012 klockan 17:44

Äntligen lite framsteg! Jag lyckas köra TDSSKiller och programmet fann detta: ROOTKIT.Boot.SST.b Sedan dess har inte MBAM varnat för några försök att ansluta till ip adresser och sökresultat i Google omdirigeras inte.

Sedan kunde jag också köra ComboFix. Slutligen körde jag också RoughKiller, men där vet jag inte riktigt om jag gjorde rätt. Jag följe instruktionera från ett tidigare inlägg i denna tråd och klickade delete och fix shortcuts mm. Kanske inte nödvändigt? Vet inte om det fanns något att deleta riktigt heller, det finns ju flera flikar i RoughKiller!?

Kan min dator anses vara ren nu? Kan det vara någon risk att använda USB-minnen som jag använt för att säkerhetskopiera filer med under denna infektionstid?

#38 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 3 april 2012 klockan 18:50

Klistra in loggarna från:

TDSSKiller, i C:\ med namnet TDSSKiller följt av version och tidpunkt.
ComboFix, C:\combofix.txt
RougeKiller, loggen från den första och sista körningen av de tre

så får jag se vad programmen gjorde för något.

Var det just för att du bytte namn på TDSSKiller som det gick att köra det eller gjorde du något mer?

#39 oktober08

oktober08

    Användare

  • Medlemmar
  • PipPip
  • 64 inlägg

Postad 4 april 2012 klockan 19:59

Hej! Här kommer ett lite försenat svar!

Ja, det hjälpte att ändra namnet, men jag vill minnas att jag också behövde byta namn på mappen. Jag var kanske lite för snabb med att köra en uninstall av ComboFix, vilket medförde att rapporten raderades!? Ska jag köra ComboFix på nytt för att få fram en rapport? Återkommer med övriga rapporter inom kort.

Redigerat av oktober08, 4 april 2012 klockan 20:00.


#40 Cecilia

Cecilia

    Beroende

  • Huvudmoderator
  • 84 215 inlägg
  • Ort:Stockholm

Postad 4 april 2012 klockan 21:35

Ja, det är nog bäst att se vad ComboFix rapporterar. Rapporten bör tas bort vid en avinstallation.




0 användare läser detta ämne

0 medlemmar, 0 gäster, 0 anonyma medlemmar

 

Senaste trådarna

pc för alla Senaste nytt


Prenumerera på nyheter

Missa inte PC för Allas
smarta nyhetsbrev
Läs mer om nyhetsbreven här!
  PFA Express
  Veckans surftips
  Extreme
PC för Alla-nätverket