Just nu i M3-nätverket
Gå till innehåll

No-1

Medlem
  • Antal inlägg

    57
  • Gick med

  • Senaste besök

Allt postat av No-1

  1. Här kommer OTL utan förhoppningsvis massa antivirus och liknande! Stoppade Ad-Aware, Spybot och Microsoft Security Essentials före jag körde programmet! ========== OTL ========== Service pbmbpiqp stopped successfully! Service pbmbpiqp deleted successfully! File C:\WINDOWS\system32\drivers\pbmbpiqp.sys File not found not found. Service ljdgjqcq stopped successfully! Service ljdgjqcq deleted successfully! File C:\WINDOWS\system32\drivers\ljdgjqcq.sys File not found not found. Service kgajuinm stopped successfully! Service kgajuinm deleted successfully! File C:\WINDOWS\system32\drivers\kgajuinm.sys File not found not found. Service iqzrrhgv stopped successfully! Service iqzrrhgv deleted successfully! File C:\WINDOWS\system32\drivers\iqzrrhgv.sys File not found not found. Service fdvvalym stopped successfully! Service fdvvalym deleted successfully! File C:\WINDOWS\system32\drivers\fdvvalym.sys File not found not found. Service chefschp stopped successfully! Service chefschp deleted successfully! File C:\WINDOWS\system32\drivers\chefschp.sys File not found not found. Service Changer stopped successfully! Service Changer deleted successfully! File File not found not found. Service bgzrghke stopped successfully! Service bgzrghke deleted successfully! File C:\WINDOWS\system32\drivers\bgzrghke.sys File not found not found. Service auwjjflh stopped successfully! Service auwjjflh deleted successfully! File C:\WINDOWS\system32\drivers\auwjjflh.sys File not found not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Update deleted successfully. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found. ========== COMMANDS ========== Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.0 log created on 07202012_153353 Här följer DDS: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Kristofer at 15:51:09 on 2012-07-20 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1999 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\Program\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\ABIT\ABIT uGuru\uGuru.exe C:\Program\Voddler\service\VNetManager.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\Program\DivX\DivX Update\DivXUpdate.exe C:\Program\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spotify\Data\SpotifyWebHelper.exe svchost.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program\Jamcast\jamcastsvc.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program\Skype\Updater\Updater.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nasdaqomxnordic.com/nordic/Nordic.aspx mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe uRun: [spotify Web Helper] "c:\program\spotify\data\SpotifyWebHelper.exe" uRun: [skype] "c:\program\skype\phone\Skype.exe" /minimized /regrun mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe mRun: [ABIT uGuru] c:\program\abit\abit uguru\uGuru.exe mRun: [GuruClock] c:\program\abit\abit uguru\GuruClock.exe mRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe mRun: [ATICustomerCare] "c:\program\ati\aticustomercare\ATICustomerCare.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [e-kort] c:\program\ekort\ekort.exe /dontopenmycards /Autostart mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe" mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe IE: E&xportera till Microsoft Excel - c:\program\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~4\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2010-11-10 10752] R2 Jamcast;Jamcast;c:\program\jamcast\jamcastsvc.exe [2010-12-18 62704] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] R2 SkypeUpdate;Skype Updater;c:\program\skype\updater\Updater.exe [2012-7-3 160944] R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2011-2-22 1039640] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-12 100368] S1 psepawfg;psepawfg;\??\c:\windows\system32\drivers\psepawfg.sys --> c:\windows\system32\drivers\psepawfg.sys [?] S1 raoetaji;raoetaji;\??\c:\windows\system32\drivers\raoetaji.sys --> c:\windows\system32\drivers\raoetaji.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2011-2-25 49904] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-10-9 13224] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-10-9 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-10-9 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-10-9 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-10-9 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-10-9 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-10-9 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-10-9 115752] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2010-11-16 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2010-11-16 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2010-11-16 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2010-11-16 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2010-11-16 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2010-11-16 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2010-11-16 90800] S3 Sony PC Companion;Sony PC Companion;c:\program\sony\sony pc companion\PCCService.exe [2011-10-9 155320] . =============== Created Last 30 ================ . 2012-07-20 13:38:50 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbd6ead6-75ee-4753-99fa-ff4f861c2542}\mpengine.dll 2012-07-20 13:33:53 -------- d-----w- C:\_OTL 2012-07-18 14:15:34 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-15 11:14:00 -------- d-----w- c:\documents and settings\kristofer\application data\Malwarebytes 2012-07-14 20:16:10 -------- d-----w- c:\program\HitmanPro 2012-07-14 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-07-14 18:02:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes . ==================== Find3M ==================== . 2012-06-13 13:55:19 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 17:46:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 17:46:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.VER 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.EXE 2012-06-05 15:49:58 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:34 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09:37 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44:07 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39:29 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14:59 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14:57 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 15:51:53,68 =============== Lever den? haha
  2. Well... hur ser det ut? OTL logfile created on: 2012-07-20 12:40:37 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Kristofer\Skrivbord Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 2,50 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 71,45% Memory free 4,35 Gb Paging File | 3,72 Gb Available in Paging File | 85,56% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Drive C: | 931,50 Gb Total Space | 702,95 Gb Free Space | 75,46% Space Free | Partition Type: NTFS Drive E: | 57,26 Gb Total Space | 16,19 Gb Free Space | 28,27% Space Free | Partition Type: NTFS Computer Name: KRISTOFER | User Name: Kristofer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kristofer\Skrivbord\OTL.exe (OldTimer Tools) PRC - C:\Program\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program\Voddler\service\VNetManager.exe () PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation) PRC - C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe (ABIT Computer Corp.) ========== Modules (No Company Name) ========== MOD - C:\Program\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\PDFShell.SVE () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_sv_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_sv_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Program\Voddler\service\VNetManager.exe () MOD - C:\Program\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MsMpSvc) -- c:\Program\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (Sony PC Companion) -- C:\Program\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (Lavasoft Ad-Aware Service) -- C:\Program\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (odserv) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (VoddlerNet) -- C:\Program\Voddler\service\voddler.exe (Voddler) SRV - (Jamcast) -- C:\Program\Jamcast\jamcastsvc.exe (Software Development Solutions, Inc.) SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (raoetaji) -- C:\WINDOWS\system32\drivers\raoetaji.sys File not found DRV - (psepawfg) -- C:\WINDOWS\system32\drivers\psepawfg.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (pbmbpiqp) -- C:\WINDOWS\system32\drivers\pbmbpiqp.sys File not found DRV - (ljdgjqcq) -- C:\WINDOWS\system32\drivers\ljdgjqcq.sys File not found DRV - (lbrtfdc) -- File not found DRV - (kgajuinm) -- C:\WINDOWS\system32\drivers\kgajuinm.sys File not found DRV - (iqzrrhgv) -- C:\WINDOWS\system32\drivers\iqzrrhgv.sys File not found DRV - (i2omgmt) -- File not found DRV - (fdvvalym) -- C:\WINDOWS\system32\drivers\fdvvalym.sys File not found DRV - (chefschp) -- C:\WINDOWS\system32\drivers\chefschp.sys File not found DRV - (Changer) -- File not found DRV - (bgzrghke) -- C:\WINDOWS\system32\drivers\bgzrghke.sys File not found DRV - (auwjjflh) -- C:\WINDOWS\system32\drivers\auwjjflh.sys File not found DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation) DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI) DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI) DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI) DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI) DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI) DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI) DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI) DRV - (uGuru) -- C:\WINDOWS\system32\drivers\uGuru.SYS (ABIT Computer Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (Winflash) -- C:\WINDOWS\System32\drivers\WINFLASH.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nasdaqomxnordic.com/nordic/Nordic.aspx IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@se.nexus/Personal: C:\Program\Personal\bin\np_prsnl.dll (Technology Nexus AB) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@voddler/voddlerplugin: C:\Program\Voddler\plugin\npvoddler.dll (Voddler Sweden AB) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ekort@orbiscom: C:\Program\ekort [2012-03-15 22:51:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-07 22:21:32 | 000,000,000 | ---D | M] O1 HOSTS File: ([2004-08-04 14:00:00 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (e-kort Helper Class) - {9065E913-4F23-4B47-9B5D-B055D32DB1F3} - C:\Program\ekort\EKortHelper.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (e-kort Toolbar) - {8DB2B2E8-579F-48A8-A496-18FEFCF8F4DF} - C:\Program\ekort\EKortToolbar.dll () O4 - HKLM..\Run: [ABIT uGuru] C:\Program\ABIT\ABIT uGuru\uGuru.exe (ABIT Computer Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [ATICustomerCare] C:\Program\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [e-kort] C:\Program\ekort\ekort.exe (Orbiscom Ltd. All rights reserved.) O4 - HKLM..\Run: [Genväg till egenskapssida för High Definition Audio] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [GuruClock] C:\Program\ABIT\ABIT uGuru\GuruClock.exe (ABIT Computer Corp.) O4 - HKLM..\Run: [MSC] c:\Program\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [update] C:\WINDOWS\system32\fest0r_ot.exe File not found O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe () O4 - HKCU..\Run: [spotify Web Helper] C:\Program\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.26.226.3 81.26.228.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A}: DhcpNameServer = 81.26.226.3 81.26.228.3 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Min aktuella startsida) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Sommar.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010-11-10 00:18:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008-08-16 16:03:15 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{454a180b-0664-11e1-9fc2-00508dedde65}\Shell - "" = AutoRun O33 - MountPoints2\{454a180b-0664-11e1-9fc2-00508dedde65}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012-07-19 23:05:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristofer\Skrivbord\OTL.exe [2012-07-19 00:07:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Kristofer\Skrivbord\dds.scr [2012-07-15 14:15:55 | 150,726,432 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Kristofer\Skrivbord\kav12.0.0.374sv_se.exe [2012-07-15 13:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristofer\Application Data\Malwarebytes [2012-07-14 22:16:10 | 000,000,000 | ---D | C] -- C:\Program\HitmanPro [2012-07-14 22:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro [2012-07-14 20:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012-06-27 18:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristofer\Application Data\dvdcss [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012-07-20 12:36:50 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012-07-20 12:36:50 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012-07-20 12:35:47 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012-07-20 12:35:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-07-20 12:35:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-07-19 23:05:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristofer\Skrivbord\OTL.exe [2012-07-19 15:42:52 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\SystemLook.exe [2012-07-19 00:08:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Kristofer\Skrivbord\dds.scr [2012-07-16 22:15:17 | 000,102,400 | ---- | M] () -- C:\Documents and Settings\Kristofer\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-07-15 14:16:03 | 150,726,432 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Kristofer\Skrivbord\kav12.0.0.374sv_se.exe [2012-07-15 12:50:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012-07-12 13:10:59 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-07-12 00:52:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012-07-08 22:21:29 | 001,594,331 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Emmelie [2012-06-24 22:15:20 | 000,125,452 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Gräddbebis.jpg [2012-06-24 16:29:15 | 003,939,628 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Changing course.pdf [2012-06-24 16:28:49 | 000,890,134 | ---- | M] () -- C:\Documents and Settings\Kristofer\Skrivbord\Million dollars careers.pdf [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012-07-19 15:42:51 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\SystemLook.exe [2012-07-08 22:21:20 | 001,594,331 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Emmelie [2012-06-24 22:15:17 | 000,125,452 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Gräddbebis.jpg [2012-06-24 16:29:14 | 003,939,628 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Changing course.pdf [2012-06-24 16:28:46 | 000,890,134 | ---- | C] () -- C:\Documents and Settings\Kristofer\Skrivbord\Million dollars careers.pdf [2012-02-15 19:26:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011-12-05 23:04:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll [2011-12-05 23:03:52 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll [2011-11-13 18:32:36 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011-05-04 19:01:49 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011-05-04 19:01:49 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2010-12-31 01:41:19 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OBroker.exe [2010-12-20 22:28:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2010-11-27 22:34:15 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010-11-11 22:28:52 | 000,102,400 | ---- | C] () -- C:\Documents and Settings\Kristofer\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010-11-10 23:37:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010-11-10 23:30:37 | 000,000,280 | ---- | C] () -- C:\WINDOWS\game.ini [2010-11-10 21:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010-11-10 21:54:39 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010-11-10 21:54:38 | 000,608,507 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010-11-10 21:54:38 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010-11-10 19:12:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010-11-10 01:10:25 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010-11-10 01:09:21 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010-11-10 00:28:35 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\WINFLASH.SYS [2010-11-10 00:28:34 | 000,018,606 | ---- | C] () -- C:\WINDOWS\System32\FlashMenu.sys [2010-11-10 00:28:34 | 000,018,606 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashMenu.sys [2010-11-10 00:28:34 | 000,005,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\HWDRV.SYS [2010-11-10 00:28:34 | 000,005,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\HWIOCTL.SYS [2010-11-10 00:28:34 | 000,004,047 | ---- | C] () -- C:\WINDOWS\System32\drivers\MEMCTL.SYS [2010-11-10 00:28:34 | 000,003,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINFLASH.SYS [2010-11-10 00:28:34 | 000,002,721 | ---- | C] () -- C:\WINDOWS\System32\drivers\AMINTSYS.SYS [2010-11-10 00:20:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010-11-10 00:16:18 | 000,021,700 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat < End of report > Extras.Txt
  3. SystemLook 30.07.11 by jpshortstuff Log created at 15:43 on 19/07/2012 by John Doe Administrator - Elevation successful ========== file ========== c:\windows\system32\fest0r_ot.exe - Unable to find/read file. -= EOF =- Antar att det verkar OK! Jag har ju gjort en sökning via datorns SÖK efter denna fil också. =)
  4. Here we go: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by John Doe at 0:08:46 on 2012-07-19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2559.1351 [GMT 2:00] . AV: Lavasoft Ad-Watch Live! Antivirus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe c:\Program\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\ABIT\ABIT uGuru\uGuru.exe C:\Program\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe C:\Program\Voddler\service\VNetManager.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program\Delade filer\Java\Java Update\jusched.exe C:\Program\DivX\DivX Update\DivXUpdate.exe C:\Program\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spotify\Data\SpotifyWebHelper.exe C:\Program\Skype\Phone\Skype.exe svchost.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program\Jamcast\jamcastsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program\Windows Live\Messenger\msnmsgr.exe C:\Program\Windows Live\Contacts\wlcomm.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nasdaqomxnordic.com/nordic/Nordic.aspx mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre6\bin\ssv.dll BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program\messenger\msmsgs.exe" /background uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe uRun: [spotify Web Helper] "c:\program\spotify\data\SpotifyWebHelper.exe" uRun: [skype] "c:\program\skype\phone\Skype.exe" /minimized /regrun mRun: [Genväg till egenskapssida för High Definition Audio] HDAudPropShortcut.exe mRun: [ABIT uGuru] c:\program\abit\abit uguru\uGuru.exe mRun: [GuruClock] c:\program\abit\abit uguru\GuruClock.exe mRun: [sony Ericsson PC Suite] "c:\program\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe mRun: [ATICustomerCare] "c:\program\ati\aticustomercare\ATICustomerCare.exe" mRun: [soundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [e-kort] c:\program\ekort\ekort.exe /dontopenmycards /Autostart mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe" mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey mRun: [update] c:\windows\system32\fest0r_ot.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bankid~1.lnk - c:\program\personal\bin\Personal.exe IE: E&xportera till Microsoft Excel - c:\program\micros~4\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~4\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289417172515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 81.26.226.3 81.26.228.3 TCP: Interfaces\{07499630-388D-4B08-8B63-3989AE170E7A} : DhcpNameServer = 81.26.226.3 81.26.228.3 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064] R0 uGuru;uGuru;c:\windows\system32\drivers\uGuru.SYS [2010-11-10 10752] R1 MpKslabe98623;MpKslabe98623;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\MpKslabe98623.sys [2012-7-18 29904] R2 Jamcast;Jamcast;c:\program\jamcast\jamcastsvc.exe [2010-12-18 62704] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136] R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2011-2-22 1039640] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-12 100368] S1 auwjjflh;auwjjflh;\??\c:\windows\system32\drivers\auwjjflh.sys --> c:\windows\system32\drivers\auwjjflh.sys [?] S1 bgzrghke;bgzrghke;\??\c:\windows\system32\drivers\bgzrghke.sys --> c:\windows\system32\drivers\bgzrghke.sys [?] S1 chefschp;chefschp;\??\c:\windows\system32\drivers\chefschp.sys --> c:\windows\system32\drivers\chefschp.sys [?] S1 fdvvalym;fdvvalym;\??\c:\windows\system32\drivers\fdvvalym.sys --> c:\windows\system32\drivers\fdvvalym.sys [?] S1 iqzrrhgv;iqzrrhgv;\??\c:\windows\system32\drivers\iqzrrhgv.sys --> c:\windows\system32\drivers\iqzrrhgv.sys [?] S1 kgajuinm;kgajuinm;\??\c:\windows\system32\drivers\kgajuinm.sys --> c:\windows\system32\drivers\kgajuinm.sys [?] S1 ljdgjqcq;ljdgjqcq;\??\c:\windows\system32\drivers\ljdgjqcq.sys --> c:\windows\system32\drivers\ljdgjqcq.sys [?] S1 pbmbpiqp;pbmbpiqp;\??\c:\windows\system32\drivers\pbmbpiqp.sys --> c:\windows\system32\drivers\pbmbpiqp.sys [?] S1 psepawfg;psepawfg;\??\c:\windows\system32\drivers\psepawfg.sys --> c:\windows\system32\drivers\psepawfg.sys [?] S1 raoetaji;raoetaji;\??\c:\windows\system32\drivers\raoetaji.sys --> c:\windows\system32\drivers\raoetaji.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152] S2 SkypeUpdate;Skype Updater;c:\program\skype\updater\Updater.exe [2012-7-3 160944] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2011-2-25 49904] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-10-9 13224] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2011-10-9 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2011-10-9 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2011-10-9 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2011-10-9 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2011-10-9 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2011-10-9 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2011-10-9 115752] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2010-11-16 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2010-11-16 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2010-11-16 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2010-11-16 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2010-11-16 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2010-11-16 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2010-11-16 90800] S3 Sony PC Companion;Sony PC Companion;c:\program\sony\sony pc companion\PCCService.exe [2011-10-9 155320] . =============== Created Last 30 ================ . 2012-07-18 16:25:37 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\offreg.dll 2012-07-18 16:25:37 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\MpKslabe98623.sys 2012-07-18 14:15:34 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3df800c8-cba9-4bf2-a70d-2dc9ade62ac0}\mpengine.dll 2012-07-17 19:30:55 6891424 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-07-15 11:14:00 -------- d-----w- c:\documents and settings\kristofer\application data\Malwarebytes 2012-07-14 20:16:10 -------- d-----w- c:\program\HitmanPro 2012-07-14 20:16:08 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro 2012-07-14 18:02:46 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes . ==================== Find3M ==================== . 2012-06-13 13:55:19 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 17:46:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 17:46:43 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.VER 2012-06-06 20:41:25 81920 ----a-w- c:\windows\ALCFDRTM.EXE 2012-06-05 15:49:58 1372672 ------w- c:\windows\system32\msxml6.dll 2012-06-05 15:49:58 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32:34 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19:24 23064 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 13:18:58 17648 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22:03 602112 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09:37 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-11 14:44:07 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44:07 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:39:29 385024 ----a-w- c:\windows\system32\html.iec 2012-05-05 03:14:59 2149376 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14:57 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:47:14 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 0:09:30,89 ===============
  5. Haha jadu det kan man undra! Jag bifogade dem ju! Är det OK att klistra in dem här istället?
  6. Här kommer mitt resultat av DDS Kan man förresten se här om det är något som gör datorn onödigt slö? Jag tycker att IE är extremt slö på vissa sidor, t.ex. GP.se.
  7. Hej! Jag har också råkat ut för denna trojan (ransomware). Jag har dock en kompis som är rätt kunnig på datorer. Genom att vid uppstarten, när skrivbordet syns d.v.s. precis före meddelandet om polisen kommer, så uppmanade han mig att trycka ctrl+shift+esc. På så sätt lyckades jag (turligt nog) direkt avsluta autostarten av programmet i aktivitetshanteraren före det att programmet startades! Jag kom därför in i datorn! Därefter letade vi efter mystiska filer i autostart (fest0r_ot.exe) Vi raderade detta programmet och efter det gjorde jag en sökning i datorn efter filer med samma begynnelse d.v.s. fest* Två filer hittades i mappen C:Windows/Prefetch med samma namn som ovan nämnt. Desa raderades. Mina frågor till er är om jag behöver installera om Windows XP (så att det inte har blivit fel i registret som inte är åtgärdade) samt hur jag kan veta att jag fått bort allt? Vågar jag surfa? Behöver jag byta lösenord? Skapa egen inlogg och inte surfa via administratörsinloggningen? Datorn förefaller fungera normalt nu, men man vet ju aldrig! Jag kan säga att jag före testet med ctrl+shift+esc genomsökte datorn i felsäkert läge med antivirusprogram som t.ex. Malwarebytes utan att det hittade något som helst fel! Inte heller nu efter att jag manuellt försökt åtgärda problemet, hittar något av virusprogrammen filer som kan vara skadliga... lurig trojan detta! mvh Kristofer
×
×
  • Skapa nytt...