Spyware&Malware Protection,Error Cleaner och Privacy Protector, hur tar man bort?

[hejjdåå]

Hej!

 

Jag tror att min dator är helt virusinfekterad. Jag kommer varken in på internet(är på ett bibliotek) eller på hårddisken. Allt är i princip borta på datorn, men tre nya ikoner har dykt upp:

 

Spyware&Malware Protection

Error Cleaner

Privacy Protector.

 

Jag såg att någon här (http://answers.yahoo.com/question/index?qid=20080209092207AAd8ykX) har råkat ut för samma problem som jag, men problemet är att jag inte kommer in på internet. Jag tror inte det är något fel på själva internet utan jag måste aktivera den på kontrollpanelen, men problemet är att den inte finns längre.

 

Finns det möjlighet att ladda de produkter i yahoolänken på biblioteket och spara den på ett minneskort och föra över det på min dator? Finns det risk att min mp3(som jag använder som usb minne) infekteras?

 

/tacksam för all hjälp

 

[hejjdåå]

Min nuvarande antivirusprogram, f-secure, syns inte till.

 

[Cecilia]

Jag tror inte att förslagen i länken är särskilt väl underbyggda.

 

Vi kan se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[hejjdåå]

jag kan inte komma in på den sidan

 

[Cecilia]

Försök med denna länk i stället:

http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

 

[hejjdåå]

Nu gick det! Men när jag klickar på den HJTInstall.exe får jag detta meddelandet:

 

C:\Documents and settings\Ägaren\skrivbord\HJTInstall.exe är inte ett giltigt Win32-program

 

[Cecilia]

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

 

Se om HijackThis fungerar bättre nu.

 

[hejjdåå]

tack för ett snabbt svar

 

när jag klickar på SDFix.exe får jag felmeddelandet

 

C:\Documents and settings\Ägaren\skrivbord\SDFix.exe är inte ett giltigt Win32-program

 

[Cecilia]

Gäller det även i felsäkert läge?

 

Kan du ladda ner filer på en annan dator och föra över via CD, USB-minne eller liknande?

 

[hejjdåå]

jag fick hjälp att formatera om datorn, och jag tänkte mig självklart inte för. Nu är min bilder som jag inte har någon backup på borta. Finns dey möjlighet att återskapa dessa?

 

[Cecilia]

Kanske, men de kan ha blivit överskrivna av Windows-filer.

För det första använd inte den hårddisken något mer, för ju mer den används desto större sannolikhet att de filer du vill rädda blir överskrivna och därmed inte går att rädda. Flytta i stället över hårddisken till en annan dator som extra hårddisk.

 

Här är tre program som IDG har testat: http://www.idg.se/2.1085/1.141401

Ibas rekommendation:

http://www.ibas.se/ontrack-datarecovery/easyrecovery/

 

[hejjdåå]

nu fungerar hijack. Ni kan väl ta en titt o säga om det ser ok ut?

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:14:44, on 2008-09-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Registry Clean Expert\RCHelper.exe

C:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\MICROS~3\rapimgr.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program\881903\IETOOLBAR\IEToolBar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.se/s/v/16.35/uploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122993856576

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161348748389

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.aftonbladet.se/it/special/command/cod/cabs/cssweb.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GAREN~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 9370 bytes

[/log]

 

Sen undrar jag om ni har tips på något program som kan rensa gamla registernycklar, en lätt användlig helst. Jag använder ccleaner förrut och misstänker lite att det var den som gjorde att jag fick viruset.

 

[Cecilia]

Kan du förklara för mig hur det kommer sig att datorn är infekterad när den just har formaterats och Windows har nyinstallerats.

Du har ju installerat en massa program men har inte ett fungerande antivirusprogram.

 

[hejjdåå]

jag har formaterat om datorn nu och virusen är förhoppningsvis borta, men jag gjorde för säkerhetsskull en sökning med hijack. Vad menar du att det inte finns ett fungerade antivirusprogram? Jag använder ju f-secure

 

 

[Cecilia]

Jag ser att det finns lite F-secure i loggen, men inte så mycket som en fullständig F-secure-installation ska ge. Det ser inte ut att vara en enda F-secure-process igång.

 

[hejjdåå]

då ska jag genast kolla det! ser det ok ut annars?

 

[Cecilia]

Avinstallera Hong Kong Toolbar

 

Vad är det här för något:

O4 - HKUS\.DEFAULT\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')

 

Är det du som har satt restriktioner på Internet Explorer och disablat registereditorn?

 

[hejjdåå]

förstår inte vad du menar..

 

Jag har ominstallerat F-secure nu, men den går inte att öppna, vf?

 

[hejjdåå]

jag får felmeddelandet: (när jag förösker öppna f-secure)

 

redigering av registret inaktiverats av din administratören?

 

Hur aktiverar jag den?

 

[Cecilia]

Det hänger ihop med min tidigare fråga.

"Är det du som har satt restriktioner på Internet Explorer och disablat registereditorn?"

Det är något som en del skadliga program brukar ägna sig åt och det är därför som jag misstänker att det finns skadliga program i datorn och undrar hur det kan ha blivit det redan.

 

Får väl se om det här hjälper. Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

[log]Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

Skapa en ny HijackThis-logg också och klistra in här.[/log]

 

[hejjdåå]

SDfix:

 

[log]

SDFix: Version 1.220

Run by Žgaren on 2008-09-03 at 09:39

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

Folder C:\Documents and Settings\Žgaren\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-03 10:20:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:2df9c43f

"s2"=dword:110480d0

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:40,49,e8,e7,87,be,be,4a,e0,52,1c,a6,00,21,0a,95,74,50,b5,74,82,..

"p0"="C:\Program\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:3b,3c,7b,f0,c3,b3,53,c6,2d,8e,bb,55,5e,77,a9,a8,b4,a0,16,68,68,..

"a0"=hex:20,01,00,00,85,9c,4c,26,32,0c,86,53,8d,8f,0c,3e,83,11,76,7e,7b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e2,e0,cd,57,e5,6f,31,18,e0,77,29,09,81,48,57,33,53,bb,7b,3f,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv]

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:40,49,e8,e7,87,be,be,4a,e0,52,1c,a6,00,21,0a,95,74,50,b5,74,82,..

"p0"="C:\Program\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:3b,3c,7b,f0,c3,b3,53,c6,2d,8e,bb,55,5e,77,a9,a8,b4,a0,16,68,68,..

"a0"=hex:20,01,00,00,85,9c,4c,26,32,0c,86,53,8d,8f,0c,3e,83,11,76,7e,7b,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:e2,e0,cd,57,e5,6f,31,18,e0,77,29,09,81,48,57,33,53,bb,7b,3f,0a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]

"start"=dword:00000001

"type"=dword:00000001

"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"

 

scanning hidden registry entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\DC++\\DCPlusPlus.exe"="C:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"

"C:\\Program\\Mozilla Firefox\\firefox.exe"="C:\\Program\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"

"C:\\Program\\Opera\\Opera.exe"="C:\\Program\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"

"C:\\Program\\881903\\IETOOLBAR\\AudioUpdMgr.exe"="C:\\Program\\881903\\IETOOLBAR\\AudioUpdMgr.exe:*:Enabled:HongKong Toolbar Manager Module"

"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE:*:Disabled:Microsoft Office Groove"

"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote"

"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"

"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\Program\\SwarmPlayer\\swarmplayer.exe"="C:\\Program\\SwarmPlayer\\swarmplayer.exe:*:Enabled:swarmplayer"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\\Program\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Fri 4 Jun 2004 30,720 ...HR --- "C:\WINDOWS\CdaC13BA.EXE"

Fri 4 Jun 2004 112,128 ...HR --- "C:\WINDOWS\CdaC14BA.DLL"

Mon 21 Jan 2008 6,219,320 A..H. --- "C:\Program\Picasa2\setup.exe"

Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"

Sun 19 Mar 2006 848 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

Sat 19 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Tue 28 Jan 2003 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"

Tue 28 Jan 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.key.bak"

Sat 22 Feb 2003 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"

Sat 22 Feb 2003 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"

Sat 22 Feb 2003 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"

Sun 29 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sat 3 Nov 2007 444 ...HR --- "C:\Documents and Settings\Žgaren\Application Data\SecuROM\UserData\securom_v7_01.bak"

Mon 26 Jul 2004 7,155 A..H. --- "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\BITF33.tmp"

Mon 26 Jul 2004 7,155 A..H. --- "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\BITF82.tmp"

Mon 26 Jul 2004 7,155 A..H. --- "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\BITF87.tmp"

 

Finished!

 

[/log]

 

Och log filen

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:13:11, on 2008-09-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\windows\system\hpsysdrv.exe

C:\HP\KBD\KBD.EXE

C:\Program\VERITAS Software\Update Manager\sgtray.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE

C:\Program\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Registry Clean Expert\RCHelper.exe

C:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\MICROS~3\rapimgr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program\881903\IETOOLBAR\IEToolBar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [storageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program\Registry Clean Expert\RCHelper.exe" /startup

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit ... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Informationshanteraren - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {1538D4E0-B2C4-402D-B71A-BA6A04BC7A5D} (PictureChooser.picChooser) - http://direct.fotomenyn.com/direct/PictureChooser.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.se/s/v/16.35/uploader2.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122993856576

O16 - DPF: {65F77758-B822-45FB-8F0C-08E85705EC4A} (Upload.ctlUpload) - http://direct.fotomenyn.com/direct/upload.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161348748389

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.aftonbladet.se/it/special/command/cod/cabs/cssweb.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Bredbandsbolaget Security Services\FWES\Program\fsdfwd.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/GAREN~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 9623 bytes

[/log]

 

[Cecilia]

"C:\\Program\\881903\\IETOOLBAR\\AudioUpdMgr.exe"="C:\\Progr

am\\881903\\IETOOLBAR\\AudioUpdMgr.exe:*:Enabled:HongKong Toolbar Manager Module"

Tas bort ur listan av tillåtna program i Windows-brandväggen.

 

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg, alternativt starta om datorn i felsäkert läge.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

[/log]

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

[hejjdåå]

vad menar du jag ska göra med denna? förlåt att jag är lite trög..

 

"C:\\Program\\881903\\IETOOLBAR\\AudioUpdMgr.exe"="C:\\Progr

am\\881903\\IETOOLBAR\\AudioUpdMgr.exe:*:Enabled:HongKong Toolbar Manager Module"

Tas bort ur listan av tillåtna program i Windows-brandväggen.

 

[Cecilia]

Fortsätt med resten.

 

[hejjdåå]

så här blev det:

 

[log]

ComboFix 08-09-01.05 - Ägaren 2008-09-04 0:23:58.4 - NTFSx86 MINIMAL

Running from: C:\Documents and Settings\Ägaren\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\interclick.com

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\interclick.com\ud.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v\swf\qplayer.swf\youku.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v1.0.0236\v\swf\qplayer.swf\youku.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v1.0.0270\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v1.0.0281\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v1.0.0291\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v1.0.0296\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\#SharedObjects\MKNSB74Y\static.youku.com\v1.0.0312\v\swf\qplayer.swf\qplayer.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com

C:\Documents and Settings\Ägaren\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol

C:\WINDOWS\cdmxtras

C:\WINDOWS\system32\mx24474.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_TDSSSERV

-------\Service_TDSSserv

 

 

((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))

.

 

2008-09-03 13:59 . 2008-09-03 13:59 <KAT> d-------- C:\Documents and Settings\Ägaren\Application Data\F-Secure

2008-09-03 13:47 . 2007-04-26 19:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys

2008-09-03 13:47 . 2007-04-26 19:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys

2008-09-03 13:46 . 2008-09-03 13:46 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure

2008-09-03 13:44 . 2008-09-03 14:37 <KAT> d-------- C:\Program\Bredbandsbolaget Security Services

2008-09-02 21:10 . 2008-09-02 21:10 <KAT> d-------- C:\WINDOWS\ERUNT

2008-09-02 19:47 . 2008-09-02 21:46 <KAT> d-------- C:\SDFix

2008-09-02 18:14 . 2008-09-02 18:14 <KAT> d-------- C:\Program\Trend Micro

2008-09-01 22:14 . 2008-09-01 22:14 <KAT> d-------- C:\Documents and Settings\Ägaren\Application Data\Malwarebytes

2008-09-01 21:53 . 2008-09-01 21:53 <KAT> d-------- C:\Program\Malwarebytes' Anti-Malware

2008-09-01 21:53 . 2008-09-01 21:53 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-09-01 21:53 . 2008-09-01 21:53 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Malwarebytes

2008-09-01 21:53 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-01 21:53 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-01 21:51 . 2002-08-08 09:52 <KAT> d-------- C:\Documents and Settings\Administratör\WINDOWS

2008-09-01 21:51 . 2002-08-08 09:52 <KAT> d-------- C:\Documents and Settings\Administratör\WINDOWS

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> dr------- C:\Documents and Settings\Administratör\Start-meny

2008-09-01 21:51 . 2008-09-02 10:25 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-09-01 21:51 . 2008-09-02 10:25 <KAT> d-------- C:\Documents and Settings\Administratör\Skrivbord

2008-09-01 21:51 . 2002-08-08 10:14 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-09-01 21:51 . 2002-08-08 10:14 <KAT> d--h----- C:\Documents and Settings\Administratör\Skrivare

2008-09-01 21:51 . 2002-08-08 10:14 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-09-01 21:51 . 2002-08-08 10:14 <KAT> d--h----- C:\Documents and Settings\Administratör\Nätverket

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> dr------- C:\Documents and Settings\Administratör\Mina dokument

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> d--h----- C:\Documents and Settings\Administratör\Mallar

2008-09-01 21:51 . 2008-09-04 00:31 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-09-01 21:51 . 2008-09-04 00:31 <KAT> d--h----- C:\Documents and Settings\Administratör\Lokala inställningar

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-09-01 21:51 . 2005-03-12 03:14 <KAT> dr------- C:\Documents and Settings\Administratör\Favoriter

2008-09-01 21:51 . 2002-08-08 09:18 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\VERITAS

2008-09-01 21:51 . 2008-03-12 14:37 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Teleca

2008-09-01 21:51 . 2002-08-09 06:06 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Symantec

2008-09-01 21:51 . 2008-03-12 14:37 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\Sony Ericsson

2008-09-01 21:51 . 2002-08-08 09:37 <KAT> d-------- C:\Documents and Settings\Administratör\Application Data\InterTrust

2008-09-01 21:51 . 2008-09-01 21:51 <KAT> d-------- C:\Documents and Settings\Administratör

2008-09-01 20:27 . 2008-09-01 20:28 <KAT> d-------- C:\WINDOWS\system32\NtmsData

2008-08-30 19:00 . 2008-09-02 18:11 <KAT> d-------- C:\Program\Resco

2008-08-30 19:00 . 2006-09-13 13:52 90,112 --a------ C:\WINDOWS\RSetupCE.exe

2008-08-26 12:17 . 2008-08-26 12:17 <KAT> d-------- C:\Documents and Settings\Ägaren\Desktop

2008-08-26 12:17 . 2008-08-26 12:17 <KAT> d-------- C:\Documents and Settings\Ägaren\Desktop

2008-08-26 12:17 . 2008-08-26 12:17 <KAT> d-------- C:\Documents and Settings\Ägaren\Application Data\.Tribler

2008-08-26 12:17 . 2008-08-26 12:18 <KAT> d-------- C:\Documents and Settings\Ägaren\Application Data\.SwarmPlayer

2008-08-26 12:15 . 2008-08-26 12:34 <KAT> d-------- C:\Program\SwarmPlayer

2008-08-25 22:27 . 2008-08-25 22:27 <KAT> d-------- C:\Program\uTorrent

2008-08-25 22:26 . 2008-09-04 00:12 <KAT> d-------- C:\Documents and Settings\Ägaren\Application Data\uTorrent

2008-08-24 15:25 . 2008-01-25 20:13 344,064 --a------ C:\WINDOWS\ctpu.exe

2008-08-24 15:24 . 2008-08-24 15:24 <KAT> d-------- C:\Program\BEIKS

2008-08-24 15:24 . 2007-12-24 21:31 204,800 --a------ C:\WINDOWS\ResEnu.PPC.dll

2008-08-22 23:30 . 2008-08-22 23:30 <KAT> d-------- C:\Program\Microsoft Silverlight

2008-08-22 22:13 . 2003-07-12 19:35 231,936 --a------ C:\WINDOWS\epsuninst.exe

2008-08-18 02:53 . 2008-09-03 23:47 <KAT> dr-h----- C:\Documents and Settings\Ägaren\Recent

2008-08-18 02:53 . 2008-09-03 23:47 <KAT> dr-h----- C:\Documents and Settings\Ägaren\Recent

2008-08-13 19:38 . 2008-08-13 19:42 <KAT> d-------- C:\totalcmd

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\UC.PIF

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\RAR.PIF

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKZIP.PIF

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\LHA.PIF

2008-08-13 19:38 . 2008-08-08 07:04 545 --a------ C:\WINDOWS\ARJ.PIF

2008-08-07 16:22 . 2008-08-07 16:22 <KAT> d-------- C:\Program\Windows Mobile Resources

2008-08-07 16:22 . 2008-08-30 19:00 <KAT> d-------- C:\Program\Microsoft ActiveSync

2008-08-03 20:16 . 2008-08-03 20:30 <KAT> d-------- C:\Program\QuickTime

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-03 19:55 --------- d-----w C:\Documents and Settings\Ägaren\Application Data\.purple

2008-09-03 12:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\fssg

2008-09-02 16:59 --------- d-----w C:\Program\Windows Live

2008-09-01 09:45 --------- d-----w C:\Program\ImTOO

2008-08-26 09:20 --------- d-----w C:\Program\Registry Clean Expert

2008-08-25 20:24 --------- d-----w C:\Program\Pidgin

2008-08-25 20:23 --------- d-----w C:\Program\Delade filer\GTK

2008-08-20 14:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-08-13 20:59 --------- d-----w C:\Documents and Settings\Ägaren\Application Data\dvdcss

2008-08-07 14:28 --------- d--h--w C:\Program\InstallShield Installation Information

2008-08-03 18:48 --------- d-----w C:\Program\iTunes

2008-08-03 18:45 --------- d-----w C:\Program\iPod

2008-08-01 11:56 --------- d-----w C:\Program\Bonjour

2008-08-01 11:52 --------- d-----w C:\Program\Apple Software Update

2008-07-27 11:51 --------- d-----w C:\Program\Vokabula

2008-07-26 09:06 --------- d-----w C:\Documents and Settings\Ägaren\Application Data\gtk-2.0

2008-07-18 10:02 --------- d-----w C:\Documents and Settings\Ägaren\Application Data\881903

2008-07-18 10:01 --------- d-----w C:\Program\881903

2008-07-10 14:59 --------- d-----w C:\Program\Sun

2008-07-10 14:57 --------- d-----w C:\Program\Java

2008-03-01 17:30 0 ----a-w C:\Program\temp01

2007-11-10 21:51 67,376 -c--a-w C:\Documents and Settings\Ägaren\Application Data\GDIPFONTCACHEV1.DAT

2004-03-13 13:21 104 ----a-w C:\Program\Papperskorgen.lnk

2003-10-28 16:42 32 -c--a-w C:\Documents and Settings\Ägaren\config.dat

2003-10-28 16:42 32 -c--a-w C:\Documents and Settings\Ägaren\config.dat

2003-05-21 16:26 460 ----a-w C:\Program\INSTALL.LOG

2003-04-29 15:36 560 ----a-w C:\Program\Global.sw

2002-06-17 02:08 2,402,687 -c--a-w C:\Documents and Settings\Ägaren\Setup.exe

2002-06-17 02:08 2,402,687 -c--a-w C:\Documents and Settings\Ägaren\Setup.exe

2000-11-30 21:48 58 -c--a-w C:\Documents and Settings\Ägaren\English.bat

2000-11-30 21:48 58 -c--a-w C:\Documents and Settings\Ägaren\English.bat

1998-10-16 21:20 493 -c--a-w C:\Documents and Settings\Ägaren\C.REG

1998-10-16 21:20 493 -c--a-w C:\Documents and Settings\Ägaren\C.REG

1998-10-16 21:08 131,584 -c--a-w C:\Documents and Settings\Ägaren\COMBATFS.EXE

1998-10-16 21:08 131,584 -c--a-w C:\Documents and Settings\Ägaren\COMBATFS.EXE

1998-09-11 14:05 168,960 -c----w C:\Documents and Settings\Ägaren\SIMSUI.DLL

1998-09-11 14:05 168,960 -c----w C:\Documents and Settings\Ägaren\SIMSUI.DLL

1998-09-11 14:05 12,467,200 -c----w C:\Documents and Settings\Ägaren\setupenu.dll

1998-09-11 14:05 12,467,200 -c----w C:\Documents and Settings\Ägaren\setupenu.dll

1998-09-11 14:04 565,760 -c----w C:\Documents and Settings\Ägaren\msvcp50.dll

1998-09-11 14:04 565,760 -c----w C:\Documents and Settings\Ägaren\msvcp50.dll

1998-09-11 14:03 16,249,344 -c----w C:\Documents and Settings\Ägaren\DIALOG.DLL

1998-09-11 14:03 16,249,344 -c----w C:\Documents and Settings\Ägaren\DIALOG.DLL

1998-09-11 14:03 141,312 -c----w C:\Documents and Settings\Ägaren\CFSCONV.exe

1998-09-11 14:03 141,312 -c----w C:\Documents and Settings\Ägaren\CFSCONV.exe

1997-10-16 22:33 28,672 -c--a-w C:\Documents and Settings\Ägaren\SETREG.EXE

1997-10-16 22:33 28,672 -c--a-w C:\Documents and Settings\Ägaren\SETREG.EXE

2006-03-19 13:57 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-07-10_15.54.51.81 )))))))))))))))))))))))))))))))))))))))))

.

+ 2005-10-21 01:47:04 30,592 ------w C:\WINDOWS\Driver Cache\i386\rndismpx.sys

+ 2005-10-21 01:47:05 12,800 ------w C:\WINDOWS\Driver Cache\i386\usb8023x.sys

+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE

+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-09-03 07:29:19 8,863,744 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat

+ 2008-09-03 07:29:19 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 14:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-09-02 19:10:29 8,863,744 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat

+ 2008-09-02 19:10:29 180,224 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-08-01 11:52:49 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe

+ 2008-08-03 18:52:00 102,400 ----a-r C:\WINDOWS\Installer\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}\iTunesIco.exe

+ 2008-08-01 11:57:01 86,016 ----a-r C:\WINDOWS\Installer\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}\PrntWzrdIco.exe

- 2008-05-24 10:48:44 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2008-08-05 17:25:43 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe

+ 2008-08-08 15:19:57 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe

+ 2008-08-08 15:19:57 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe

+ 2008-06-17 14:12:42 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

+ 2008-06-17 14:23:02 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll

+ 2008-06-17 14:13:22 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll

+ 2008-06-17 13:36:00 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll

+ 2008-06-17 14:13:26 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll

+ 2008-06-17 13:25:58 697,344 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll

+ 2008-06-17 13:26:00 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe

+ 2008-06-17 13:25:58 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll

+ 2008-06-17 13:32:18 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll

+ 2008-06-17 14:11:56 253,952 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll

+ 2008-06-17 14:15:00 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll

+ 2008-06-17 14:22:46 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100458.exe

+ 2008-06-17 14:15:44 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe

+ 2008-06-17 14:11:44 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll

+ 2008-06-17 13:25:58 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL

+ 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE

+ 2006-11-13 13:40:26 23,336 ----a-w C:\WINDOWS\system32\ceutil.dll

- 2008-03-12 12:02:37 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2008-09-01 19:50:46 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

- 2008-03-12 12:02:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

+ 2008-09-01 19:50:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

- 2008-03-12 12:02:37 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2008-09-01 19:50:46 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

- 2004-08-04 06:04:31 30,080 -c--a-w C:\WINDOWS\system32\dllcache\rndismp.sys

+ 2005-10-21 01:47:04 30,592 -c--a-w C:\WINDOWS\system32\dllcache\rndismp.sys

- 2004-08-04 06:04:31 30,080 -c--a-w C:\WINDOWS\system32\dllcache\rndismpx.sys

+ 2005-10-21 01:47:04 30,592 -c--a-w C:\WINDOWS\system32\dllcache\rndismpx.sys

- 2004-08-04 06:04:32 12,672 -c--a-w C:\WINDOWS\system32\dllcache\usb8023.sys

+ 2005-10-21 01:47:05 12,800 -c--a-w C:\WINDOWS\system32\dllcache\usb8023.sys

- 2004-08-04 06:04:33 12,672 -c--a-w C:\WINDOWS\system32\dllcache\usb8023x.sys

+ 2005-10-21 01:47:05 12,800 -c--a-w C:\WINDOWS\system32\dllcache\usb8023x.sys

+ 2006-11-06 16:04:56 28,672 -c--a-w C:\WINDOWS\system32\dllcache\wceusbsh.sys

+ 2007-07-24 13:17:08 81,920 ----a-w C:\WINDOWS\system32\dns-sd.exe

+ 2007-07-24 13:17:08 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

- 2006-09-19 12:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

+ 2008-01-29 10:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

- 2004-08-04 06:04:31 30,080 -c--a-w C:\WINDOWS\system32\drivers\rndismp.sys

+ 2005-10-21 01:47:04 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

- 2004-08-04 06:04:31 30,080 -c----w C:\WINDOWS\system32\drivers\rndismpx.sys

+ 2005-10-21 01:47:04 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

- 2004-08-04 06:04:32 12,672 -c--a-w C:\WINDOWS\system32\drivers\usb8023.sys

+ 2005-10-21 01:47:05 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

- 2004-08-04 06:04:33 12,672 -c----w C:\WINDOWS\system32\drivers\usb8023x.sys

+ 2005-10-21 01:47:05 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

+ 2006-11-06 16:04:56 28,672 ----a-w C:\WINDOWS\system32\drivers\wceusbsh.sys

+ 2008-07-22 18:32:44 32,000 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_97B931EF204A3188AFFD15A9A5337268E8B6F312\usbaapl.sys

- 2006-10-03 17:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll

+ 2008-01-29 10:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll

- 2007-06-14 13:51:50 135,168 ----a-w C:\WINDOWS\system32\java.exe

+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe

- 2007-06-14 13:51:54 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe

- 2007-06-14 14:53:24 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe

- 2008-04-10 21:26:32 68,786 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-09-03 11:47:39 70,844 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-04-10 21:26:32 80,806 ----a-w C:\WINDOWS\system32\perfc01D.dat

+ 2008-09-03 11:47:39 83,140 ----a-w C:\WINDOWS\system32\perfc01D.dat

- 2008-04-10 21:26:32 417,556 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-09-03 11:47:39 423,076 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-04-10 21:26:32 420,516 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2008-09-03 11:47:40 425,952 ----a-w C:\WINDOWS\system32\perfh01D.dat

+ 2001-12-19 21:03:26 36,864 ----a-w C:\WINDOWS\system32\psvince.dll

+ 2006-11-13 13:41:02 138,024 ----a-w C:\WINDOWS\system32\rapi.dll

- 2005-09-23 05:29:16 479,232 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2005-09-22 21:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

- 2005-09-23 05:29:16 548,864 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-22 21:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

- 2005-09-23 05:29:16 626,688 -c--a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2005-09-22 21:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

- 2006-10-26 12:40:36 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll

+ 2005-09-22 23:16:02 1,093,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll

- 2006-10-26 12:40:36 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll

+ 2005-09-22 23:16:06 1,079,808 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll

- 2006-10-26 12:40:36 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll

+ 2005-09-22 23:16:08 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll

- 2006-10-26 12:40:36 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll

+ 2005-09-22 23:16:10 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{481EE3EC-C026-4F9A-BA22-FD07654ADFC0}"= "C:\Program\881903\IETOOLBAR\IEToolBar.dll" [2008-06-24 258048]

 

[HKEY_CLASSES_ROOT\clsid\{481ee3ec-c026-4f9a-ba22-fd07654adfc0}]

[HKEY_CLASSES_ROOT\IEToolBar.ToolBarObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{2C490CC6-2056-40D3-A6CF-466AE0DC0826}]

[HKEY_CLASSES_ROOT\IEToolBar.ToolBarObj]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{481EE3EC-C026-4F9A-BA22-FD07654ADFC0}"= "C:\Program\881903\IETOOLBAR\IEToolBar.dll" [2008-06-24 258048]

 

[HKEY_CLASSES_ROOT\clsid\{481ee3ec-c026-4f9a-ba22-fd07654adfc0}]

[HKEY_CLASSES_ROOT\IEToolBar.ToolBarObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{2C490CC6-2056-40D3-A6CF-466AE0DC0826}]

[HKEY_CLASSES_ROOT\IEToolBar.ToolBarObj]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-07-28 49152]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"RegClean Expert Scheduler"="C:\Program\Registry Clean Expert\RCHelper.exe" [2008-01-31 604920]

"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 114688]

"KBD"="C:\HP\KBD\KBD.EXE" [2001-07-06 61440]

"StorageGuard"="C:\Program\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 155648]

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 106549]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-18 212992]

"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 4841472]

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-05-27 413696]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"F-Secure Manager"="C:\Program\Bredbandsbolaget Security Services\Common\FSM32.EXE" [2007-04-26 183208]

"F-Secure TNB"="C:\Program\Bredbandsbolaget Security Services\FSGUI\TNBUtil.exe" [2007-04-26 740208]

"nwiz"="nwiz.exe" [2003-07-28 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 15360]

"Picasa Media Detector"="C:\Program\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Suite"="regedit -s" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.iv41"= IR41_32.dll

"VIDC.MJPG"= pvmjpg20.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Keyboard Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ulead Service]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-10-23 23:18 443968 C:\Program\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WLSetupSvc"=3 (0x3)

"usnjsvc"=3 (0x3)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"NVSvc"=2 (0x2)

"Microsoft Office Groove Audit Service"=3 (0x3)

"iPod Service"=3 (0x3)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"FSMA"=2 (0x2)

"FSDFWD"=2 (0x2)

"F-Secure Gatekeeper Handler Starter"=2 (0x2)

"F-Secure BlackLight Sensor"=3 (0x3)

"Apple Mobile Device"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program\\Mozilla Firefox\\firefox.exe"=

"C:\\Program\\Opera\\Opera.exe"=

"C:\\Program\\881903\\IETOOLBAR\\AudioUpdMgr.exe"=

"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program\\Bonjour\\mDNSResponder.exe"=

"C:\\Program\\iTunes\\iTunes.exe"=

"C:\Program\Microsoft ActiveSync\rapimgr.exe"= C:\Program\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"C:\Program\Microsoft ActiveSync\wcescomm.exe"= C:\Program\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"C:\Program\Microsoft ActiveSync\WCESMgr.exe"= C:\Program\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"C:\\Program\\uTorrent\\uTorrent.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 58128]

S1 F-Secure HIPS;F-Secure HIPS;C:\Program\Bredbandsbolaget Security Services\HIPS\fshs.sys [2007-04-26 48176]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program\Bredbandsbolaget Security Services\Anti-Virus\minifilter\fsgk.sys [2007-04-26 59760]

S3 kwwalpgr;kwwalpgr;C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\kwwalpgr.sys [ ]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

S3 SPOTIGOSp50;SPOTIGOSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\SPOTIGOSp50.sys [ ]

S4 F-Secure Filter;F-Secure File System Filter;C:\Program\Bredbandsbolaget Security Services\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 40048]

S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program\Bredbandsbolaget Security Services\Anti-Virus\Win2K\FSrec.sys [2007-04-26 25456]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\lbh29fac.defaultFireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.se/ig?hl=sv&source=iglk

FF -: plugin - C:\Documents and Settings\Ägaren\Application Data\Mozilla\Firefox\Profiles\lbh29fac.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07073001.dll

FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF -: plugin - C:\Program\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\Program\Microsoft Silverlight\2.0.30523.8\npctrl.dll

FF -: plugin - C:\Program\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll

FF -: plugin - C:\Program\Mozilla Firefox\plugins\npmozax.dll

FF -: plugin - C:\Program\Mozilla Firefox\plugins\npqtplugin8.dll

FF -: plugin - C:\Program\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF -: plugin - C:\Program\Yahoo!\Common\npyaxmpb.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-04 00:33:12

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-04 0:51:16

ComboFix-quarantined-files.txt 2008-09-03 22:50:47

ComboFix2.txt 2008-07-10 13:58:15

 

Pre-Run: 23,298,281,472 byte ledigt

Post-Run: 23,282,372,608 byte ledigt

 

392 --- E O F --- 2008-05-28 06:52:01

[/log]