Just nu i M3-nätverket
Gå till innehåll

Win32.TrojanDownloader.Small


dusc

Rekommendera Poster

Hej igen :) här kommer logarna[log]GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-12 18:33:12

Windows 5.1.2600 Service Pack 3

 

 

---- Kernel code sections - GMER 1.0.14 ----

 

? pdktvyke.sys Det går inte att hitta filen. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\Program\Windows Live\Messenger\MsnMsgr.Exe[1268] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4483F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 449D179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 449D1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 449D1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 449D16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 449D16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 449D17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3716] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 448616B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

 

---- EOF - GMER 1.0.14 ----

[/log]

 

Länk till kommentar
Dela på andra webbplatser

  • Svars 109
  • Skapad
  • Senaste svar

mban logen[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1387

Windows 5.1.2600 Service Pack 3

 

2008-11-12 06:47:37

mbam-log-2008-11-12 (06-47-25).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 49472

Förfluten tid: 4 minute(s), 3 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 3

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a218a98-be0b-4680-a5d2-7e7462faf63f} (Trojan.BHO.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{1a218a98-be0b-4680-a5d2-7e7462faf63f} (Trojan.BHO.H) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a218a98-be0b-4680-a5d2-7e7462faf63f} (Trojan.BHO) -> No action taken.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\ati4d1ag.dll (Trojan.BHO.H) -> No action taken.

[/log]

 

Länk till kommentar
Dela på andra webbplatser

hijacklog[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:42:31, on 2008-11-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\ehome\medctrro.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Razer\DeathAdder\razertra.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Razer\DeathAdder\razerofa.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: (no name) - {E930C3B3-690C-4B33-9EEC-86DFD29F8971} - C:\WINDOWS\system32\msxml3rd.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

 

--

End of file - 9914 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Kopiera alla rader i rutan (använd markera kod)

RootKit::
C:\WINDOWS\system32\drivers\pdktvyke.sys
C:\WINDOWS\system32\pdktvyke.sys
C:\WINDOWS\\pdktvyke.sys

File::
C:\WINDOWS\system32\msxml3rd.dll

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny Gmer-logg.

 

Länk till kommentar
Dela på andra webbplatser

här är den [log]ComboFix 08-11-09.04 - Stefan 2008-11-12 19:40:22.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1529 [GMT 1:00]

Running from: c:\slask\ComboFix.exe

Command switches used :: c:\documents and settings\Stefan\Skrivbord\CFScript.txt

* Created a new restore point

 

FILE ::

c:\windows\system32\msxml3rd.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\msxml3rd.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))

.

 

2008-11-12 19:44 . 2008-11-12 19:44 14,848 --a------ c:\windows\system32\termsrvd.dll

2008-11-12 11:38 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 11:33 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 06:45 . 2008-11-12 18:26 250 --a------ c:\windows\gmer.ini

2008-11-10 19:06 . 2008-11-10 22:13 3,512 --a------ c:\windows\system32\tmp.reg

2008-11-10 19:05 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-11-10 19:05 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-11-10 19:05 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe

2008-11-10 19:05 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe

2008-11-10 19:05 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe

2008-11-10 19:05 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe

2008-11-10 19:05 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe

2008-11-10 19:05 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe

2008-11-10 19:05 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe

2008-11-10 19:05 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe

2008-11-09 20:11 . 2008-11-09 20:11 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2008-11-09 20:11 . 2008-11-09 20:11 <KAT> d-------- c:\documents and settings\Stefan\Application Data\Malwarebytes

2008-11-09 20:11 . 2008-11-09 20:11 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-09 20:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-09 20:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-09 18:39 . 2008-11-09 20:56 <KAT> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-11-09 18:24 . 2008-11-09 18:24 <KAT> d-------- c:\program\Lavasoft

2008-11-05 23:04 . 2008-11-05 23:04 <KAT> d-------- c:\documents and settings\Stefan\Application Data\OpenOffice.org

2008-11-05 23:02 . 2008-11-05 23:02 <KAT> d-------- c:\program\OpenOffice.org 3

2008-11-05 23:02 . 2008-11-05 23:02 <KAT> d-------- c:\program\JRE

2008-11-03 19:58 . 2008-11-03 21:44 <KAT> d-------- c:\program\Fighters

2008-11-03 19:58 . 2008-11-03 19:58 <KAT> d-------- c:\documents and settings\All Users\Application Data\Fighters

2008-11-03 19:42 . 2008-11-03 19:42 <KAT> d-------- c:\program\Trend Micro

2008-11-01 14:29 . 2008-11-01 14:29 <KAT> d-------- c:\documents and settings\All Users\Application Data\PPLive

2008-11-01 14:28 . 2008-11-01 14:32 <KAT> d-------- c:\program\PPLive

2008-11-01 14:28 . 2008-11-01 14:28 <KAT> d-------- c:\documents and settings\All Users\Application Data\Jlcm

2008-10-31 19:22 . 2008-10-31 19:22 <KAT> d-------- c:\windows\system32\xircom

2008-10-31 19:22 . 2008-10-31 19:22 <KAT> d-------- c:\program\microsoft frontpage

2008-10-31 19:15 . 2008-10-31 19:20 2,979 --a------ c:\windows\system32\spupdsvc.inf

2008-10-31 19:12 . 2008-10-31 19:12 <KAT> d-------- c:\windows\system32\sv

2008-10-31 19:12 . 2008-10-31 19:12 <KAT> d-------- c:\windows\system32\bits

2008-10-31 19:12 . 2008-10-31 19:12 <KAT> d-------- c:\windows\l2schemas

2008-10-31 19:10 . 2008-10-31 19:10 <KAT> d-------- c:\windows\ServicePackFiles

2008-10-31 12:44 . 2008-04-14 17:04 276,992 --------- c:\windows\system32\wmphoto.dll

2008-10-31 12:44 . 2008-04-14 17:04 69,120 --------- c:\windows\system32\wlanapi.dll

2008-10-31 12:42 . 2008-04-14 17:04 1,737,856 --------- c:\windows\system32\mtxparhd.dll

2008-10-31 12:41 . 2008-04-14 17:04 870,784 --------- c:\windows\system32\ati3d1ag.dll

2008-10-24 12:41 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-23 20:00 . 2008-10-23 20:00 <KAT> d--h----- c:\windows\PIF

2008-10-21 19:18 . 2008-10-21 19:18 <KAT> d-------- c:\documents and settings\Stefan\cbt

2008-10-20 21:21 . 2008-10-20 21:21 <KAT> d-------- c:\program\DirectVobSub

2008-10-15 15:40 . 2008-10-15 15:40 <KAT> d-------- c:\documents and settings\All Users\Application Data\Blizzard

2008-10-15 05:39 . 2008-08-14 14:27 2,189,952 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 05:39 . 2008-08-14 14:27 2,146,304 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 05:39 . 2008-08-14 14:27 2,066,816 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 05:39 . 2008-08-14 14:27 2,024,960 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 05:39 . 2008-09-15 16:27 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-15 05:39 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-12 18:44 --------- d-----w c:\program\Steam

2008-11-12 18:34 --------- d-----w c:\documents and settings\Stefan\Application Data\uTorrent

2008-11-12 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 13:23 --------- d-----w c:\program\World of Warcraft

2008-11-10 21:24 --------- d-----w c:\program\Google

2008-11-10 20:17 --------- d-----w c:\documents and settings\Stefan\Application Data\HLSW

2008-11-09 17:24 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

2008-11-05 22:02 --------- d-----w c:\program\Java

2008-11-04 15:50 --------- d-----w c:\documents and settings\Stefan\Application Data\Skype

2008-11-04 15:48 --------- d-----w c:\documents and settings\Stefan\Application Data\skypePM

2008-11-03 19:44 --------- d-----w c:\documents and settings\Stefan\Application Data\dvdcss

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 18:43 --------- d-----w c:\documents and settings\Stefan\Application Data\iid

2008-10-14 14:33 --------- d-----w c:\program\Warcraft III

2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-09-30 17:03 --------- d-----w c:\program\Delade filer\Blizzard Entertainment

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-29 16:53 880,560 ----a-w c:\windows\system32\drivers\vetefile.sys

2008-09-29 16:53 108,368 ----a-w c:\windows\system32\drivers\veteboot.sys

2008-09-19 18:00 --------- d-s---w c:\program\HLSW

2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-13 16:04 --------- d--h--w c:\program\InstallShield Installation Information

2008-09-13 16:02 --------- d-----w c:\program\OLYMPUS

2008-09-13 16:01 --------- d-----w c:\program\PIXELA

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-27 09:27 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-26 08:27 826,368 ------w c:\windows\system32\dllcache\wininet.dll

2008-08-26 08:27 671,232 ------w c:\windows\system32\dllcache\mstime.dll

2008-08-26 08:27 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll

2008-08-26 08:27 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll

2008-08-26 08:27 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

2008-08-26 08:27 193,024 ------w c:\windows\system32\dllcache\msrating.dll

2008-08-26 08:27 105,984 ------w c:\windows\system32\dllcache\url.dll

2008-08-26 08:27 102,912 ------w c:\windows\system32\dllcache\occache.dll

2008-08-26 08:27 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll

2008-08-25 08:43 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,189,952 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,066,816 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

.

 

((((((((((((((((((((((((((((( snapshot@2008-11-10_19.37.31,01 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2008-11-12 05:45:54 884,736 ----a-w c:\windows\gmer.dll

+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe

+ 2008-11-12 18:27:51 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

- 2008-10-15 04:49:08 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-11-12 18:30:55 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2008-10-15 04:49:09 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-11-12 18:30:56 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-10-15 04:49:08 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-11-12 18:30:55 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

- 2008-10-15 04:49:08 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

+ 2008-11-12 18:30:55 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2008-10-15 04:49:09 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2008-11-12 18:30:55 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

- 2008-10-15 04:49:09 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-11-12 18:30:56 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-10-15 04:49:09 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-11-12 18:30:56 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-10-15 04:49:08 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-11-12 18:30:55 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2008-10-15 04:49:08 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-11-12 18:30:55 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2008-10-15 04:49:09 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-11-12 18:30:55 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2008-10-15 04:49:09 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-11-12 18:30:56 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-10-15 04:49:08 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-12 18:30:55 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-11-12 05:45:54 85,969 ----a-w c:\windows\system32\drivers\gmer.sys

- 2008-10-07 19:19:40 16,721,856 ----a-w c:\windows\system32\MRT.exe

+ 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe

- 2007-11-30 12:40:57 18,296 ------w c:\windows\system32\spmsg.dll

+ 2008-07-08 13:21:36 18,296 ------w c:\windows\system32\spmsg.dll

+ 2008-09-30 15:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2008-09-30 15:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C197CF6E-64CD-42EA-8763-07C9E4509EE9}]

2008-11-12 19:44 14848 --a------ c:\windows\system32\termsrvd.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

2008-11-10 22:24 522224 --a------ c:\program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-29 68856]

"MsnMsgr"="c:\program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Steam"="c:\program\steam\steam.exe" [2008-10-18 1410296]

"OM_Monitor"="c:\program\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"NeroFilterCheck"="c:\program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"cctray"="c:\program\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]

"CAVRID"="c:\program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]

"DeathAdder"="c:\program\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program\Multimedia\QuickTime Alternative\QTTask.exe" [2008-05-27 413696]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"OM_Monitor"="c:\program\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\Logi_MwX.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-17 c:\windows\MIDIDEF.EXE]

"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike\\hl.exe"=

"c:\\Program\\HLSW\\hlsw.exe"=

"c:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike source\\hl2.exe"=

"c:\\Program\\SopCast\\SopCast.exe"=

"c:\\Program\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Stefan\\Lokala inställningar\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program\\Steam\\Steam.exe"=

"c:\\Documents and Settings\\Stefan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program\\PPLive\\PPLive.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{E930C3B3-690C-4B33-9EEC-86DFD29F8971} - c:\windows\system32\msxml3rd.dll

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-12 19:44:58

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program\Lavasoft\Ad-Aware\aawservice.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\system32\bgsvcgen.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe

c:\program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\spupdsvc.exe

c:\program\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe

c:\windows\ehome\medctrro.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\scardsvr.exe

c:\program\Razer\DeathAdder\razertra.exe

c:\program\Razer\DeathAdder\razerofa.exe

c:\program\Delade filer\Nero\Lib\NMIndexingService.exe

c:\program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

c:\program\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Completion time: 2008-11-12 19:49:16 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-12 18:48:54

ComboFix2.txt 2008-11-11 18:16:10

ComboFix3.txt 2008-11-11 16:49:15

ComboFix4.txt 2008-11-10 18:37:53

 

Pre-Run: 89 036 730 368 byte ledigt

Post-Run: 89,094,721,536 byte ledigt

 

285 --- E O F --- 2008-11-12 18:30:58

[/log]

 

Länk till kommentar
Dela på andra webbplatser

En Gmer-logg också.

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\system32\dllcache\mrxsmb.sys

c:\windows\system32\dllcache\msxml3.dll

 

 

Länk till kommentar
Dela på andra webbplatser

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.11.2 2008.11.12 -

AntiVir 7.9.0.31 2008.11.12 -

Authentium 5.1.0.4 2008.11.12 -

Avast 4.8.1248.0 2008.11.11 -

AVG 8.0.0.161 2008.11.11 -

BitDefender 7.2 2008.11.12 -

CAT-QuickHeal 9.50 2008.11.12 -

ClamAV 0.94.1 2008.11.12 -

DrWeb 4.44.0.09170 2008.11.12 -

eSafe 7.0.17.0 2008.11.11 -

eTrust-Vet 31.6.6203 2008.11.11 -

Ewido 4.0 2008.11.12 -

F-Prot 4.4.4.56 2008.11.11 -

F-Secure 8.0.14332.0 2008.11.12 -

Fortinet 3.117.0.0 2008.11.12 -

GData 19 2008.11.12 -

Ikarus T3.1.1.45.0 2008.11.12 -

K7AntiVirus 7.10.522 2008.11.11 -

Kaspersky 7.0.0.125 2008.11.12 -

McAfee 5431 2008.11.12 -

Microsoft 1.4104 2008.11.12 -

NOD32 3606 2008.11.12 -

Norman 5.80.02 2008.11.12 -

Panda 9.0.0.4 2008.11.11 -

PCTools 4.4.2.0 2008.11.12 -

Prevx1 V2 2008.11.12 -

Rising 21.03.22.00 2008.11.12 -

SecureWeb-Gateway 6.7.6 2008.11.12 -

Sophos 4.35.0 2008.11.12 -

Sunbelt 3.1.1785.2 2008.11.11 -

Symantec 10 2008.11.12 -

TheHacker 6.3.1.1.149 2008.11.12 -

TrendMicro 8.700.0.1004 2008.11.12 -

VBA32 3.12.8.9 2008.11.11 -

ViRobot 2008.11.12.1463 2008.11.12 -

VirusBuster 4.5.11.0

[/log]

 

 

Länk till kommentar
Dela på andra webbplatser

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.13.0 2008.11.12 -

AntiVir 7.9.0.31 2008.11.12 -

Authentium 5.1.0.4 2008.11.12 -

Avast 4.8.1248.0 2008.11.12 -

AVG 8.0.0.199 2008.11.12 -

BitDefender 7.2 2008.11.12 -

CAT-QuickHeal 9.50 2008.11.12 -

ClamAV 0.94.1 2008.11.12 -

DrWeb 4.44.0.09170 2008.11.12 -

eSafe 7.0.17.0 2008.11.12 -

eTrust-Vet 31.6.6204 2008.11.11 -

Ewido 4.0 2008.11.12 -

F-Prot 4.4.4.56 2008.11.11 -

F-Secure 8.0.14332.0 2008.11.12 -

Fortinet 3.117.0.0 2008.11.12 -

GData 19 2008.11.12 -

Ikarus T3.1.1.45.0 2008.11.12 -

K7AntiVirus 7.10.523 2008.11.12 -

Kaspersky 7.0.0.125 2008.11.12 -

McAfee 5431 2008.11.12 -

Microsoft 1.4104 2008.11.12 -

NOD32 3607 2008.11.12 -

Norman 5.80.02 2008.11.12 -

Panda 9.0.0.4 2008.11.12 -

PCTools 4.4.2.0 2008.11.12 -

Prevx1 V2 2008.11.12 -

Rising 21.03.22.00 2008.11.12 -

SecureWeb-Gateway 6.7.6 2008.11.12 -

Sophos 4.35.0 2008.11.12 -

Sunbelt 3.1.1785.2 2008.11.11 Trojan-Clicker.Win32.Agent.AM (vf)

Symantec 10 2008.11.12 -

TheHacker 6.3.1.1.149 2008.11.12 -

TrendMicro 8.700.0.1004 2008.11.12 -

VBA32 3.12.8.9 2008.11.11 -

ViRobot 2008.11.12.1463 2008.11.12 -

VirusBuster 4.5.11.0 2008.11.12

[/log]

 

Länk till kommentar
Dela på andra webbplatser

gmerlogen [log]GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-12 20:47:35

Windows 5.1.2600 Service Pack 3

 

 

---- Kernel code sections - GMER 1.0.14 ----

 

? Combo-Fix.sys Det går inte att hitta filen. !

? C:\ComboFix\catchme.sys Det går inte att hitta sökvägen. !

? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Det går inte att hitta filen. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 4483F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 449D179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 449D1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 449D1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 449D16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 449D16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 449D17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Internet Explorer\IEXPLORE.EXE[3128] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 448616B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program\Windows Live\Messenger\MsnMsgr.Exe[3948] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

 

Device \FileSystem\Fastfat \Fat A962AD20

 

AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

 

---- EOF - GMER 1.0.14 ----

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Kopiera alla rader i rutan (använd markera kod)

File::
c:\windows\system32\termsrvd.dll

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut och en ny HijackThis-logg.

 

Länk till kommentar
Dela på andra webbplatser

här är den[log]ComboFix 08-11-09.04 - Stefan 2008-11-12 21:03:29.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1441 [GMT 1:00]

Running from: c:\slask\ComboFix.exe

Command switches used :: c:\documents and settings\Stefan\Skrivbord\CFScript.txt

* Created a new restore point

 

FILE ::

c:\windows\system32\termsrvd.dll

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\termsrvd.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))

.

 

2008-11-12 11:38 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 11:33 . 2008-09-04 18:17 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 06:45 . 2008-11-12 20:50 250 --a------ c:\windows\gmer.ini

2008-11-10 19:06 . 2008-11-10 22:13 3,512 --a------ c:\windows\system32\tmp.reg

2008-11-10 19:05 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe

2008-11-10 19:05 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe

2008-11-10 19:05 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe

2008-11-10 19:05 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe

2008-11-10 19:05 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe

2008-11-10 19:05 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe

2008-11-10 19:05 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe

2008-11-10 19:05 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe

2008-11-10 19:05 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe

2008-11-10 19:05 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe

2008-11-09 20:11 . 2008-11-09 20:11 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2008-11-09 20:11 . 2008-11-09 20:11 <KAT> d-------- c:\documents and settings\Stefan\Application Data\Malwarebytes

2008-11-09 20:11 . 2008-11-09 20:11 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-09 20:11 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-09 20:11 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-09 18:39 . 2008-11-09 20:56 <KAT> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2008-11-09 18:24 . 2008-11-09 18:24 <KAT> d-------- c:\program\Lavasoft

2008-11-05 23:04 . 2008-11-05 23:04 <KAT> d-------- c:\documents and settings\Stefan\Application Data\OpenOffice.org

2008-11-05 23:02 . 2008-11-05 23:02 <KAT> d-------- c:\program\OpenOffice.org 3

2008-11-05 23:02 . 2008-11-05 23:02 <KAT> d-------- c:\program\JRE

2008-11-03 19:58 . 2008-11-03 21:44 <KAT> d-------- c:\program\Fighters

2008-11-03 19:58 . 2008-11-03 19:58 <KAT> d-------- c:\documents and settings\All Users\Application Data\Fighters

2008-11-03 19:42 . 2008-11-03 19:42 <KAT> d-------- c:\program\Trend Micro

2008-11-01 14:29 . 2008-11-01 14:29 <KAT> d-------- c:\documents and settings\All Users\Application Data\PPLive

2008-11-01 14:28 . 2008-11-01 14:32 <KAT> d-------- c:\program\PPLive

2008-11-01 14:28 . 2008-11-01 14:28 <KAT> d-------- c:\documents and settings\All Users\Application Data\Jlcm

2008-10-31 19:22 . 2008-10-31 19:22 <KAT> d-------- c:\windows\system32\xircom

2008-10-31 19:22 . 2008-10-31 19:22 <KAT> d-------- c:\program\microsoft frontpage

2008-10-31 19:15 . 2008-10-31 19:20 2,979 --a------ c:\windows\system32\spupdsvc.inf

2008-10-31 19:12 . 2008-10-31 19:12 <KAT> d-------- c:\windows\system32\sv

2008-10-31 19:12 . 2008-10-31 19:12 <KAT> d-------- c:\windows\system32\bits

2008-10-31 19:12 . 2008-10-31 19:12 <KAT> d-------- c:\windows\l2schemas

2008-10-31 19:10 . 2008-10-31 19:10 <KAT> d-------- c:\windows\ServicePackFiles

2008-10-31 12:44 . 2008-04-14 17:04 276,992 --------- c:\windows\system32\wmphoto.dll

2008-10-31 12:44 . 2008-04-14 17:04 69,120 --------- c:\windows\system32\wlanapi.dll

2008-10-31 12:42 . 2008-04-14 17:04 1,737,856 --------- c:\windows\system32\mtxparhd.dll

2008-10-31 12:41 . 2008-04-14 17:04 870,784 --------- c:\windows\system32\ati3d1ag.dll

2008-10-24 12:41 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-23 20:00 . 2008-10-23 20:00 <KAT> d--h----- c:\windows\PIF

2008-10-21 19:18 . 2008-10-21 19:18 <KAT> d-------- c:\documents and settings\Stefan\cbt

2008-10-20 21:21 . 2008-10-20 21:21 <KAT> d-------- c:\program\DirectVobSub

2008-10-15 15:40 . 2008-10-15 15:40 <KAT> d-------- c:\documents and settings\All Users\Application Data\Blizzard

2008-10-15 05:39 . 2008-08-14 14:27 2,189,952 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 05:39 . 2008-08-14 14:27 2,146,304 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 05:39 . 2008-08-14 14:27 2,066,816 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 05:39 . 2008-08-14 14:27 2,024,960 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-15 05:39 . 2008-09-15 16:27 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-15 05:39 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-12 19:54 --------- d-----w c:\program\Steam

2008-11-12 19:34 --------- d-----w c:\documents and settings\Stefan\Application Data\uTorrent

2008-11-12 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-11-12 13:23 --------- d-----w c:\program\World of Warcraft

2008-11-10 21:24 --------- d-----w c:\program\Google

2008-11-10 20:17 --------- d-----w c:\documents and settings\Stefan\Application Data\HLSW

2008-11-09 17:24 --------- d-----w c:\program\Delade filer\Wise Installation Wizard

2008-11-05 22:02 --------- d-----w c:\program\Java

2008-11-04 15:50 --------- d-----w c:\documents and settings\Stefan\Application Data\Skype

2008-11-04 15:48 --------- d-----w c:\documents and settings\Stefan\Application Data\skypePM

2008-11-03 19:44 --------- d-----w c:\documents and settings\Stefan\Application Data\dvdcss

2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-21 18:43 --------- d-----w c:\documents and settings\Stefan\Application Data\iid

2008-10-14 14:33 --------- d-----w c:\program\Warcraft III

2008-10-03 17:26 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-09-30 17:03 --------- d-----w c:\program\Delade filer\Blizzard Entertainment

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-29 16:53 880,560 ----a-w c:\windows\system32\drivers\vetefile.sys

2008-09-29 16:53 108,368 ----a-w c:\windows\system32\drivers\veteboot.sys

2008-09-19 18:00 --------- d-s---w c:\program\HLSW

2008-09-15 15:27 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-13 16:04 --------- d--h--w c:\program\InstallShield Installation Information

2008-09-13 16:02 --------- d-----w c:\program\OLYMPUS

2008-09-13 16:01 --------- d-----w c:\program\PIXELA

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll

2008-09-10 01:16 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll

2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll

2008-08-27 09:27 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-08-26 08:27 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-26 08:27 826,368 ------w c:\windows\system32\dllcache\wininet.dll

2008-08-26 08:27 671,232 ------w c:\windows\system32\dllcache\mstime.dll

2008-08-26 08:27 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll

2008-08-26 08:27 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll

2008-08-26 08:27 233,472 ------w c:\windows\system32\dllcache\webcheck.dll

2008-08-26 08:27 193,024 ------w c:\windows\system32\dllcache\msrating.dll

2008-08-26 08:27 105,984 ------w c:\windows\system32\dllcache\url.dll

2008-08-26 08:27 102,912 ------w c:\windows\system32\dllcache\occache.dll

2008-08-26 08:27 1,159,680 ------w c:\windows\system32\dllcache\urlmon.dll

2008-08-25 08:43 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,189,952 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,066,816 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

2008-11-10 22:24 522224 --a------ c:\program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-29 68856]

"MsnMsgr"="c:\program\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Steam"="c:\program\steam\steam.exe" [2008-10-18 1410296]

"OM_Monitor"="c:\program\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

"MSMSGS"="c:\program\Messenger\msmsgs.exe" [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]

"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"NeroFilterCheck"="c:\program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"cctray"="c:\program\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 177416]

"CAVRID"="c:\program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 230664]

"DeathAdder"="c:\program\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"QuickTime Task"="c:\program\Multimedia\QuickTime Alternative\QTTask.exe" [2008-05-27 413696]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"OM_Monitor"="c:\program\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 c:\windows\system32\CTXFIHLP.EXE]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 c:\windows\Logi_MwX.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-17 c:\windows\MIDIDEF.EXE]

"nltide_3"="advpack.dll" [2008-08-26 c:\windows\system32\advpack.dll]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

"VIDC.MJPG"= pvmjpg21.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike\\hl.exe"=

"c:\\Program\\HLSW\\hlsw.exe"=

"c:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike source\\hl2.exe"=

"c:\\Program\\SopCast\\SopCast.exe"=

"c:\\Program\\SopCast\\adv\\SopAdver.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Stefan\\Lokala inställningar\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=

"c:\\Program\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program\\Steam\\Steam.exe"=

"c:\\Documents and Settings\\Stefan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program\\PPLive\\PPLive.exe"=

"c:\\Program\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 22784]

.

Contents of the 'Scheduled Tasks' folder

 

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

- - - - ORPHANS REMOVED - - - -

 

BHO-{C197CF6E-64CD-42EA-8763-07C9E4509EE9} - c:\windows\system32\termsrvd.dll

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-12 21:04:21

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-12 21:04:56

ComboFix-quarantined-files.txt 2008-11-12 20:04:46

ComboFix2.txt 2008-11-12 18:49:18

ComboFix3.txt 2008-11-11 18:16:10

ComboFix4.txt 2008-11-11 16:49:15

ComboFix5.txt 2008-11-12 20:03:08

 

Pre-Run: 89 035 931 648 byte ledigt

Post-Run: 89,044,725,760 byte ledigt

 

217 --- E O F --- 2008-11-12 18:30:58

[/log]

 

Länk till kommentar
Dela på andra webbplatser

hijacklogen[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:11:24, on 2008-11-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\ehome\medctrro.exe

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Razer\DeathAdder\razertra.exe

C:\Program\Razer\DeathAdder\razerofa.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

 

--

End of file - 9865 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

hej

efter en omstart ser hijacklogen ut så hät[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:21:20, on 2008-11-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\ehome\medctrro.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\program\steam\steam.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Razer\DeathAdder\razertra.exe

C:\Program\Razer\DeathAdder\razerofa.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {34E401DB-441B-408E-BF02-9936CEB5AC8D} - C:\WINDOWS\system32\atipelxx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

 

--

End of file - 9893 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

Ledsen, där är den igen.

Gå till mappen C:\QooBox\Quarantine\c\windows och se om du där eller i någon undermapp finns en fil som heter något som börjar på pdktvyke. Skanna den filen på virustotal-sidan.

 

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

[log]Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

Skapa en ny HijackThis-logg också och klistra in här.[/log]

 

Länk till kommentar
Dela på andra webbplatser

hej det finns ingen fil med namnet pdktvyke

[log]

SDFix: Version 1.240

Run by Stefan on 2008-11-12 at 22:37

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-12 22:44:31

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000147

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program\\uTorrent\\uTorrent.exe"="C:\\Program\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike\\hl.exe"="C:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"

"C:\\Program\\HLSW\\hlsw.exe"="C:\\Program\\HLSW\\hlsw.exe:*:Enabled:HLSW Application"

"C:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike source\\hl2.exe"="C:\\Program\\Steam\\steamapps\\stefan.lindqvist@ahlsell.se\\counter-strike source\\hl2.exe:*:Enabled:hl2"

"C:\\Program\\SopCast\\SopCast.exe"="C:\\Program\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"

"C:\\Program\\SopCast\\adv\\SopAdver.exe"="C:\\Program\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program\\iTunes\\iTunes.exe"="C:\\Program\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Documents and Settings\\Stefan\\Lokala inst„llningar\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"="C:\\Documents and Settings\\Stefan\\Lokala inst„llningar\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"

"C:\\Program\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\\Program\\Steam\\Steam.exe"="C:\\Program\\Steam\\Steam.exe:*:Enabled:Steam"

"C:\\Documents and Settings\\Stefan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"="C:\\Documents and Settings\\Stefan\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program\\PPLive\\PPLive.exe"="C:\\Program\\PPLive\\PPLive.exe:*:Enabled:PPLive"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

 

Files with Hidden Attributes :

 

Sat 9 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\523d056929e13eacf8392044f602e53e\BIT5.tmp"

Sat 9 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\afa5528a2269b5106016bdbc1ea3037f\BIT4.tmp"

Sat 9 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f1d01f188c8132c12d35c3222b7723a4\BIT3.tmp"

Sat 9 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2.tmp"

 

Finished!

 

[/log]

 

Länk till kommentar
Dela på andra webbplatser

hijacklogen[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:49:39, on 2008-11-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\ehome\medctrro.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\iid.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\program\steam\steam.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Razer\DeathAdder\razertra.exe

C:\Program\Razer\DeathAdder\razerofa.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Outlook Express\msimn.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {509E4961-BFFC-4F89-AF48-E1844791564D} - C:\WINDOWS\system32\xmlpsovi.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

 

--

End of file - 9975 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

det finns ingen fil med namnet pdktvyke
Finns det någon annan fil än alla de .dll-filer som ComboFix har tagit bort?

 

Länk till kommentar
Dela på andra webbplatser

Prövar lite olika verktyg för att se om någon av dem kan avslöja något mer. Gör ett inlägg för varje verktyg för annars så blir inläggen för långa.

[log]Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt.

Bocka för Scan all Users.

Välj 30 dagar för File Age om det redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).[/log]

 

[log]Ladda ner SuspectFiles Systemscan till Skrivbordet

http://www.suspectfile.com/systemscan

 

Starta programmet och tryck på Unselect all

Bocka sedan för Recent files och välj days old 30

Bocka också för:

Registry run keys

Services and drivers

Loaded modules

Hidden objects

Suspicious files

 

Tryck på Scan Now och klistra in loggen som kommer ut.[/log]

 

[log]Ladda ner RSIT (random's system information tool) till Skrivbordet

http://images.malwareremoval.com/random/RSIT.exe

Starta programmet och klistra in båda loggarna som kommer ut. Om de inte kommer upp automatiskt så finns de i mappen C:\rsit som log.txt och info.txt.[/log]

 

Länk till kommentar
Dela på andra webbplatser

[log]OTViewIt logfile created on: 2008-11-13 06:42:59 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Stefan\Skrivbord

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,51% Memory free

3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,34% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 149,00 Gb Total Space | 82,45 Gb Free Space | 55,33% Space Free | Partition Type: NTFS

Drive D: | 149,00 Gb Total Space | 144,31 Gb Free Space | 96,85% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STEFAN

Current User Name: Stefan

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-07-04 04:12:02 | 00,561,152 | | M] (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

[2008-07-04 04:12:02 | 00,561,152 | | M] (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe

[2008-09-10 13:01:28 | 00,611,664 | | M] (Lavasoft) C:\Program\Lavasoft\Ad-Aware\aawservice.exe

[2008-07-22 19:42:12 | 00,116,040 | | M] (Apple Inc.) C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2005-04-30 16:02:26 | 00,086,016 | | M] (B.H.A Corporation) C:\WINDOWS\system32\bgsvcgen.exe

[2007-07-24 14:17:08 | 00,229,376 | | M] (Apple Inc.) C:\Program\Bonjour\mDNSResponder.exe

[2007-08-20 12:42:56 | 00,144,960 | | M] (Computer Associates International, Inc.) C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe

[2006-10-26 12:40:34 | 00,335,872 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

[2007-09-20 07:51:46 | 00,853,288 | | M] (Nero AG) C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

[2007-08-10 20:54:46 | 00,026,488 | | M] (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe

[2007-08-20 12:42:54 | 00,242,952 | | M] (CA, Inc.) C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe

[2004-08-10 02:43:26 | 00,062,976 | | M] (Microsoft Corporation) C:\WINDOWS\ehome\medctrro.exe

[2006-08-11 14:56:02 | 00,017,920 | | M] (Creative Technology Ltd) C:\WINDOWS\CTHELPER.EXE

[2003-12-11 09:50:00 | 00,020,992 | | M] (Logitech Inc.) C:\WINDOWS\Logi_MwX.Exe

[2006-10-05 19:56:28 | 00,280,779 | | M] () C:\WINDOWS\VistaDrive\vistadrive.exe

[2004-08-10 03:04:42 | 00,059,392 | | M] (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe

[2007-05-11 08:06:32 | 00,040,048 | | M] (Adobe Systems Incorporated) C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe

[2007-08-16 21:25:10 | 00,177,416 | | M] (CA, Inc.) C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

[2007-08-20 12:42:56 | 00,230,664 | | M] (CA, Inc.) C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe

[2007-09-07 14:54:54 | 00,159,744 | | M] () C:\Program\Razer\DeathAdder\razerhid.exe

[2004-10-14 13:42:54 | 01,404,928 | | M] (Analog Devices, Inc.) C:\Program\Analog Devices\Core\smax4pnp.exe

[2007-07-17 10:13:56 | 00,049,152 | | M] (Advanced Micro Devices Inc.) C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

[2008-07-30 09:47:56 | 00,289,064 | | M] (Apple Inc.) C:\Program\iTunes\iTunesHelper.exe

[2008-02-22 15:52:06 | 00,074,992 | | M] (SecMaker AB) C:\WINDOWS\system32\iid.exe

[2008-06-10 04:27:04 | 00,144,784 | | M] (Sun Microsystems, Inc.) C:\Program\Java\jre1.6.0_07\bin\jusched.exe

[2007-10-23 13:18:46 | 00,202,024 | | M] (Nero AG) C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

[2008-08-29 21:33:54 | 00,068,856 | | M] (Google Inc.) C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[2007-10-18 10:35:08 | 05,724,184 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msnmsgr.exe

[2008-10-18 21:43:07 | 01,410,296 | | M] (Valve Corporation) C:\Program\Steam\steam.exe

[2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation) C:\Program\Messenger\msmsgs.exe

[2006-11-24 14:24:16 | 00,143,360 | | M] () C:\Program\Razer\DeathAdder\razertra.exe

[2007-05-07 14:35:14 | 00,163,840 | | M] (Razer Inc.) C:\Program\Razer\DeathAdder\razerofa.exe

[2007-07-17 10:13:34 | 00,049,152 | | M] (ATI Technologies Inc.) C:\Program\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[2007-10-23 13:19:06 | 00,382,248 | | M] (Nero AG) C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

[2008-07-30 09:47:48 | 00,532,264 | | M] (Apple Inc.) C:\Program\iPod\bin\iPodService.exe

[2007-10-23 13:19:06 | 01,410,344 | | M] (Nero AG) C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

[2008-07-18 21:10:42 | 00,053,448 | | M] (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

[2008-04-14 17:05:13 | 00,060,416 | | M] (Microsoft Corporation) C:\Program\Outlook Express\msimn.exe

[2008-11-13 06:42:28 | 00,422,400 | | M] (OldTimer Tools) C:\Documents and Settings\Stefan\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-09-10 13:01:28 | 00,611,664 | | M] (Lavasoft) C:\Program\Lavasoft\Ad-Aware\aawservice.exe (aawservice [Auto | Running])

[2008-07-22 19:42:12 | 00,116,040 | | M] (Apple Inc.) C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device [Auto | Running])

[2005-09-23 13:28:32 | 00,029,896 | | M] (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (aspnet_state [On_Demand | Stopped])

[2008-07-04 04:12:02 | 00,561,152 | | M] (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Ati HotKey Poller [Auto | Running])

[2008-07-03 20:05:00 | 00,593,920 | | M] () C:\WINDOWS\system32\ati2sgag.exe (ATI Smart [Auto | Stopped])

[2005-04-30 16:02:26 | 00,086,016 | | M] (B.H.A Corporation) C:\WINDOWS\system32\bgsvcgen.exe (bgsvcgen [Auto | Running])

[2007-07-24 14:17:08 | 00,229,376 | | M] (Apple Inc.) C:\Program\Bonjour\mDNSResponder.exe (Bonjour Service [Auto | Running])

[2007-08-16 21:25:12 | 00,214,280 | | M] (CA, Inc.) C:\Program\CA\CA Internet Security Suite\ccprovsp.exe (CaCCProvSP [On_Demand | Stopped])

[2007-08-20 12:42:56 | 00,144,960 | | M] (Computer Associates International, Inc.) C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe (CAISafe [Auto | Running])

[2005-09-23 13:28:56 | 00,066,240 | | M] (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008-11-10 22:24:56 | 00,137,200 | | M] (Google) C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc [On_Demand | Stopped])

[2005-11-14 07:06:04 | 00,069,632 | | M] (Macrovision Corporation) C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe (IDriverT [On_Demand | Stopped])

[2008-07-30 09:47:48 | 00,532,264 | | M] (Apple Inc.) C:\Program\iPod\bin\iPodService.exe (iPod Service [On_Demand | Running])

[2006-10-26 12:40:34 | 00,335,872 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe (MDM [Auto | Running])

[2007-09-20 07:51:46 | 00,853,288 | | M] (Nero AG) C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe (Nero BackItUp Scheduler 3 [Auto | Running])

[2007-10-23 13:19:06 | 00,382,248 | | M] (Nero AG) C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe (NMIndexingService [On_Demand | Running])

[2007-08-24 02:19:12 | 00,443,776 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (odserv [On_Demand | Stopped])

[2006-10-26 12:03:08 | 00,145,184 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (ose [On_Demand | Stopped])

[2007-08-10 20:54:46 | 00,026,488 | | M] (Microsoft Corporation) C:\WINDOWS\system32\spupdsvc.exe (spupdsvc [Auto | Running])

[2007-10-18 10:31:54 | 00,098,328 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\usnsvc.exe (usnjsvc [On_Demand | Stopped])

[2007-08-20 12:42:54 | 00,242,952 | | M] (CA, Inc.) C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe (VETMSGNT [Auto | Running])

[2007-10-25 14:27:54 | 00,266,240 | | M] (Microsoft Corporation) C:\Program\Windows Live\installer\WLSetupSvc.exe (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 09:49:34 | 00,912,384 | | M] (Microsoft Corporation) C:\Program\Windows Media Player\wmpnetwk.exe (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2008-07-04 07:33:33 | 03,230,720 | | M] (ATI Technologies Inc.) C:\WINDOWS\system32\drivers\ati2mtag.sys (ati2mtag [On_Demand | Running])

[2008-09-10 12:39:08 | 00,176,640 | | M] (Broadcom Corporation) C:\WINDOWS\system32\drivers\b57xp32.sys (b57w2k [On_Demand | Running])

[2005-11-10 03:54:56 | 00,402,944 | R- | M] (Belkin Corporation) C:\WINDOWS\system32\drivers\BLKWGU.sys (BLKWGU(Belkin) [On_Demand | Stopped])

[2005-05-10 23:33:12 | 00,032,256 | | M] (B.H.A Corporation) C:\WINDOWS\System32\drivers\cdrbsdrv.sys (cdrbsdrv [system | Running])

[2006-08-11 14:45:14 | 00,502,272 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\ctac32k.sys (ctac32k [On_Demand | Running])

[2006-08-11 14:45:38 | 00,499,584 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\ctaud2k.sys (ctaud2k [On_Demand | Running])

[2005-11-10 17:06:04 | 00,340,704 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\ctdvda2k.sys (ctdvda2k [On_Demand | Stopped])

[2006-08-11 14:45:40 | 00,007,168 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\ctprxy2k.sys (ctprxy2k [On_Demand | Running])

[2006-08-11 14:45:18 | 00,143,872 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\ctsfm2k.sys (ctsfm2k [On_Demand | Running])

[2007-08-02 16:32:26 | 00,022,784 | | M] (Razer (Asia-Pacific) Pte Ltd) C:\WINDOWS\system32\drivers\dadder.sys (DAdderFltr [On_Demand | Running])

[2006-08-11 14:45:18 | 00,078,336 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\emupia2k.sys (emupia [On_Demand | Running])

[2008-04-13 19:45:29 | 00,010,624 | | M] (Microsoft Corporation) C:\WINDOWS\system32\drivers\gameenum.sys (gameenum [On_Demand | Running])

[2008-01-29 11:01:28 | 00,016,168 | | M] (GEAR Software Inc.) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEARAspiWDM [On_Demand | Running])

[2008-11-12 06:45:54 | 00,085,969 | | M] (GMER) C:\WINDOWS\system32\drivers\gmer.sys (gmer [On_Demand | Stopped])

[2006-08-11 14:45:26 | 00,766,976 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\ha10kx2k.sys (ha10kx2k [On_Demand | Running])

[2006-08-11 14:45:26 | 00,154,112 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\haP16v2k.sys (hap16v2k [On_Demand | Running])

[2006-08-11 14:45:28 | 00,180,224 | | M] (Creative Technology Ltd) C:\WINDOWS\system32\drivers\haP17v2k.sys (hap17v2k [On_Demand | Stopped])

[2008-04-14 16:41:34 | 00,014,720 | | M] (Microsoft Corporation) C:\WINDOWS\system32\drivers\kbdhid.sys (kbdhid [system | Running])

[2006-07-19 12:27:26 | 00,013,568 | | M] (Logitech Inc.) C:\WINDOWS\system32\drivers\L8042Kbd.sys (L8042Kbd [On_Demand | Stopped])

[2003-12-11 09:50:00 | 00,025,630 | | M] (Logitech, Inc.) C:\WINDOWS\system32\drivers\LHidFlt2.Sys (LHidFlt2 [On_Demand | Stopped])

[2003-12-11 09:50:00 | 00,037,916 | | M] (Logitech, Inc.) C:\WINDOWS\system32\drivers\LHidUsb.sys (LHidUsb [On_Demand | Stopped])

[2003-12-11 09:50:00 | 00,070,894 | | M] (Logitech, Inc.) C:\WINDOWS\system32\drivers\LMouFlt2.Sys (LMouFlt2 [On_Demand | Stopped])

[2001-08-22 07:42:58 | 00,013,632 | | M] (Dell Computer Corporation) C:\WINDOWS\system32\drivers\omci.sys (OMCI [system | Running])

[2006-08-11 14:45:24 | 00,116,224 | | M] (Creative Technology Ltd.) C:\WINDOWS\system32\drivers\ctoss2k.sys (ossrv [On_Demand | Running])

[2001-09-28 21:00:00 | 00,017,792 | | M] (Parallel Technologies, Inc.) C:\WINDOWS\system32\drivers\ptilink.sys (Ptilink [On_Demand | Running])

[2008-04-13 17:39:17 | 00,020,480 | | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv [On_Demand | Stopped])

[2004-09-17 08:02:54 | 00,732,928 | | M] (Creative Technology Ltd.) C:\WINDOWS\system32\drivers\senfilt.sys (senfilt [On_Demand | Running])

[2005-01-27 14:31:06 | 00,260,352 | | M] (Analog Devices, Inc.) C:\WINDOWS\system32\drivers\smwdm.sys (smwdm [On_Demand | Running])

[2006-01-13 13:00:52 | 00,015,872 | | M] (Flint Incorporation) C:\WINDOWS\System32\drivers\vd_filedisk.sys (VD_FileDisk [system | Running])

[2007-08-20 12:42:56 | 00,026,376 | | M] (Computer Associates International, Inc.) C:\WINDOWS\System32\drivers\vet-filt.sys (VET-FILT [system | Running])

[2007-08-20 12:42:58 | 00,021,128 | | M] (Computer Associates International, Inc.) C:\WINDOWS\System32\drivers\vet-rec.sys (VET-REC [system | Running])

[2008-09-29 17:53:34 | 00,108,368 | | M] (Computer Associates International, Inc.) C:\WINDOWS\System32\drivers\veteboot.sys (VETEBOOT [On_Demand | Running])

[2008-09-29 17:53:34 | 00,880,560 | | M] (Computer Associates International, Inc.) C:\WINDOWS\System32\drivers\vetefile.sys (VETEFILE [system | Running])

[2007-08-20 12:42:58 | 00,021,512 | | M] (Computer Associates International, Inc.) C:\WINDOWS\System32\drivers\vetfddnt.sys (VETFDDNT [system | Running])

[2007-08-20 12:42:56 | 00,032,264 | | M] (Computer Associates International, Inc.) C:\WINDOWS\System32\drivers\vetmonnt.sys (VETMONNT [system | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=C:\windows\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Local Page"=C:\windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.aftonbladet.se/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{509E4961-BFFC-4F89-AF48-E1844791564D} (HKLM) C:\WINDOWS\system32\xmlpsovi.dll ()

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) C:\Program\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"CAVRID"="C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" (CA, Inc.)

"cctray"="C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe" (CA, Inc.)

"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)

"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)

"DeathAdder"=C:\Program\Razer\DeathAdder\razerhid.exe ()

"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)

"NeroFilterCheck"=C:\Program\Delade filer\Nero\Lib\NeroCheck.exe (Nero AG)

"Net iD"=C:\WINDOWS\system32\iid.exe (SecMaker AB)

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)

"QuickTime Task"="C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime (Apple Inc.)

"SoundMAXPnP"=C:\Program\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

"StartCCC"="C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"VistaDrive"=C:\WINDOWS\VistaDrive\VistaDrive.exe ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" (Nero AG)

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart (OLYMPUS IMAGING CORP.)

"Steam"="c:\program\steam\steam.exe" -silent (Valve Corporation)

"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

 

========== (O4) Startup Folders ==========

 

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=227

"NoDrives"=0

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss File not found

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the File not found

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

"HideStartupScripts"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDrives"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"HideLegacyLogonScripts"=0

"HideLogoffScripts"=0

"HideStartupScripts"=0

"RunLogonScriptSync"=1

"RunStartupScriptSync"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 04:27:02 | 00,132,496 | | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 19:12:22 | 00,040,424 | | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab Java Plug-in 1.6.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Java Plug-in 1.6.0_07

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Shockwave Flash Object

{EF0D1A14-1033-41A2-A589-240C01EDC078}: http://dl.pplive.com/PluginSetup.cab PPLive Lite Class

 

========== (O17) DNS Name Servers ==========

 

{B86605A7-3F41-4E2D-AEBB-0FCDF865F064} (Servers: | Description: Belkin Wireless G USB Network Adapter)

{BF01147B-C263-4E17-B5E0-A905CF6EF89F} (Servers: | Description: 1394 Net Adapter)

{CDC10F34-2097-410E-832B-97B4FDE72FA0} (Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2008-08-09 18:54:10 | 00,000,000 | | M] () C:\AUTOEXEC.BAT [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[3 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2008-11-13 06:42:26 | 00,422,400 | | C] (OldTimer Tools) C:\Documents and Settings\Stefan\Skrivbord\OTViewIt.exe

[2008-11-12 22:41:45 | 00,014,848 | | C] () C:\WINDOWS\System32\xmlpsovi.dll

[2008-11-12 22:40:27 | 21,455,54432 | -HS- | C] () C:\hiberfil.sys

[2008-11-12 22:36:41 | 00,578,560 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\user32.dll

[2008-11-12 22:34:59 | 00,000,000 | -D | C] C:\WINDOWS\ERUNT

[2008-11-12 22:31:13 | 00,000,000 | -D | C] C:\SDFix

[2008-11-12 22:30:16 | 01,529,241 | | C] () C:\Documents and Settings\Stefan\Skrivbord\SDFix.exe

[2008-11-12 21:12:35 | 00,000,000 | -HSD | C] C:\RECYCLER

[2008-11-12 21:05:04 | 00,000,000 | -D | C] C:\WINDOWS\temp

[2008-11-12 11:38:14 | 00,455,296 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008-11-12 11:33:04 | 01,106,944 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\msxml3.dll

[2008-11-12 06:45:57 | 00,000,250 | | C] () C:\WINDOWS\gmer.ini

[2008-11-12 06:45:54 | 00,884,736 | | C] () C:\WINDOWS\gmer.dll

[2008-11-12 06:45:54 | 00,811,008 | | C] () C:\WINDOWS\gmer.exe

[2008-11-12 06:45:54 | 00,085,969 | | C] (GMER) C:\WINDOWS\System32\drivers\gmer.sys

[2008-11-12 06:45:54 | 00,000,080 | | C] () C:\WINDOWS\gmer_uninstall.cmd

[2008-11-12 06:45:25 | 00,000,000 | -D | C] C:\Documents and Settings\Stefan\Skrivbord\gmer

[2008-11-10 19:35:50 | 00,028,672 | | C] (NirSoft) C:\WINDOWS\NIRCMD.exe

[2008-11-10 19:31:25 | 00,000,325 | | C] () C:\Boot.bak

[2008-11-10 19:31:23 | 00,260,272 | | C] () C:\cmldr

[2008-11-10 19:31:18 | 00,000,000 | RHSD | C] C:\cmdcons

[2008-11-10 19:11:53 | 00,212,480 | | C] (SteelWerX) C:\WINDOWS\SWXCACLS.exe

[2008-11-10 19:11:53 | 00,161,792 | | C] (SteelWerX) C:\WINDOWS\SWREG.exe

[2008-11-10 19:11:53 | 00,136,704 | | C] (SteelWerX) C:\WINDOWS\SWSC.exe

[2008-11-10 19:11:53 | 00,098,816 | | C] () C:\WINDOWS\sed.exe

[2008-11-10 19:11:53 | 00,089,504 | | C] (Smallfrogs Studio) C:\WINDOWS\fdsv.exe

[2008-11-10 19:11:53 | 00,080,412 | | C] () C:\WINDOWS\grep.exe

[2008-11-10 19:11:53 | 00,068,096 | | C] () C:\WINDOWS\zip.exe

[2008-11-10 19:11:53 | 00,049,152 | | C] () C:\WINDOWS\VFIND.exe

[2008-11-10 19:11:39 | 00,000,000 | -D | C] C:\WINDOWS\ERDNT

[2008-11-10 19:11:39 | 00,000,000 | -D | C] C:\Qoobox

[2008-11-10 19:06:19 | 00,003,512 | | C] () C:\WINDOWS\System32\tmp.reg

[2008-11-10 19:05:43 | 00,289,144 | | C] (S!Ri) C:\WINDOWS\System32\VCCLSID.exe

[2008-11-10 19:05:43 | 00,087,552 | | C] (S!Ri.URZ) C:\WINDOWS\System32\VACFix.exe

[2008-11-10 19:05:43 | 00,082,944 | | C] (S!Ri.URZ) C:\WINDOWS\System32\o4Patch.exe

[2008-11-10 19:05:43 | 00,082,944 | | C] (S!Ri.URZ) C:\WINDOWS\System32\IEDFix.exe

[2008-11-10 19:05:43 | 00,082,944 | | C] (S!Ri.URZ) C:\WINDOWS\System32\IEDFix.C.exe

[2008-11-10 19:05:43 | 00,082,432 | | C] (S!Ri.URZ) C:\WINDOWS\System32\404Fix.exe

[2008-11-10 19:05:43 | 00,025,600 | | C] () C:\WINDOWS\System32\WS2Fix.exe

[2008-11-10 19:05:42 | 00,288,417 | | C] (S!Ri) C:\WINDOWS\System32\SrchSTS.exe

[2008-11-10 19:05:42 | 00,053,248 | | C] (http://www.beyondlogic.org) C:\WINDOWS\System32\Process.exe

[2008-11-10 19:05:42 | 00,051,200 | | C] () C:\WINDOWS\System32\dumphive.exe

[2008-11-09 20:11:16 | 00,000,000 | -D | C] C:\Documents and Settings\Stefan\Application Data\Malwarebytes

[2008-11-09 20:11:13 | 00,015,504 | | C] (Malwarebytes Corporation) C:\WINDOWS\System32\drivers\mbam.sys

[2008-11-09 20:11:13 | 00,000,673 | | C] () C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-11-09 20:11:10 | 00,038,496 | | C] (Malwarebytes Corporation) C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-11-09 20:11:09 | 00,000,000 | -D | C] C:\Program\Malwarebytes' Anti-Malware

[2008-11-09 20:11:09 | 00,000,000 | -D | C] C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008-11-09 19:47:05 | 00,001,687 | | C] () C:\Documents and Settings\Stefan\Skrivbord\HijackThis.lnk

[2008-11-09 18:39:26 | 00,000,000 | -D | C] C:\Documents and Settings\All Users\Application Data\TEMP

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

[2008-11-09 18:24:58 | 00,000,758 | | C] () C:\Documents and Settings\All Users\Skrivbord\Ad-Aware.lnk

[2008-11-09 18:24:57 | 00,000,000 | -D | C] C:\Program\Lavasoft

[2008-11-05 23:04:16 | 00,000,000 | -D | C] C:\Documents and Settings\Stefan\Application Data\OpenOffice.org

[2008-11-05 23:02:59 | 00,000,000 | -D | C] C:\Program\JRE

[2008-11-05 23:02:55 | 00,000,000 | -D | C] C:\Program\OpenOffice.org 3

 

[2008-11-03 19:58:47 | 00,000,000 | -D | C] C:\Program\Fighters

[2008-11-03 19:58:47 | 00,000,000 | -D | C] C:\Documents and Settings\All Users\Application Data\Fighters

[2008-11-03 19:42:00 | 00,000,000 | -D | C] C:\Program\Trend Micro

[2008-11-01 14:29:18 | 00,000,000 | -D | C] C:\Documents and Settings\All Users\Application Data\PPLive

[2008-11-01 14:28:42 | 00,000,000 | -D | C] C:\Program\PPLive

[2008-11-01 14:28:42 | 00,000,000 | -D | C] C:\Documents and Settings\All Users\Application Data\Jlcm

[2008-10-31 19:22:55 | 00,000,000 | -D | C] C:\Program\xerox

[2008-10-31 19:22:54 | 00,000,000 | -D | C] C:\WINDOWS\System32\xircom

[2008-10-31 19:22:53 | 00,000,000 | -D | C] C:\Program\msn gaming zone

[2008-10-31 19:22:50 | 00,000,000 | -D | C] C:\Program\microsoft frontpage

[2008-10-31 19:22:48 | 00,000,000 | -D | C] C:\WINDOWS\Prefetch

[2008-10-31 19:15:40 | 00,002,979 | | C] () C:\WINDOWS\System32\spupdsvc.inf

[2008-10-31 19:12:41 | 00,000,000 | -D | C] C:\WINDOWS\l2schemas

[2008-10-31 19:12:40 | 00,000,000 | -D | C] C:\WINDOWS\System32\sv

[2008-10-31 19:12:40 | 00,000,000 | -D | C] C:\WINDOWS\System32\bits

[2008-10-31 19:10:19 | 00,000,000 | -D | C] C:\WINDOWS\ServicePackFiles

[2008-10-31 19:04:56 | 00,000,000 | -H-D | C] C:\WINDOWS\$NtServicePackUninstall$

[2008-10-31 12:44:04 | 00,276,992 | | C] (Microsoft Corporation) C:\WINDOWS\System32\wmphoto.dll

[2008-10-31 12:44:01 | 00,069,120 | | C] (Microsoft Corporation) C:\WINDOWS\System32\wlanapi.dll

[2008-10-31 12:43:59 | 00,712,704 | | C] (Microsoft Corporation) C:\WINDOWS\System32\windowscodecs.dll

[2008-10-31 12:43:59 | 00,346,112 | | C] (Microsoft Corporation) C:\WINDOWS\System32\windowscodecsext.dll

[2008-10-31 12:43:56 | 00,014,208 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\wacompen.sys

[2008-10-31 12:43:54 | 00,042,240 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\viaagp.sys

[2008-10-31 12:43:54 | 00,028,672 | | C] (Microsoft Corporation) C:\WINDOWS\System32\vidcap.ax

[2008-10-31 12:43:51 | 00,121,984 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\usbvideo.sys

[2008-10-31 12:43:50 | 00,012,800 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\usb8023x.sys

[2008-10-31 12:43:47 | 00,044,672 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\uagp35.sys

[2008-10-31 12:43:46 | 00,050,688 | | C] (Microsoft Corporation) C:\WINDOWS\System32\tspkg.dll

[2008-10-31 12:43:33 | 00,020,992 | | C] (Microsoft Corporation) C:\WINDOWS\System32\spupdwxp.exe

[2008-10-31 12:43:31 | 00,007,680 | | C] (Microsoft Corporation) C:\WINDOWS\System32\spdwnwxp.exe

[2008-10-31 12:43:29 | 00,005,888 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\smbali.sys

[2008-10-31 12:43:25 | 00,032,768 | | C] (Microsoft Corporation) C:\WINDOWS\System32\setupn.exe

[2008-10-31 12:43:25 | 00,010,240 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\sffp_mmc.sys

[2008-10-31 12:43:17 | 00,059,136 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\rfcomm.sys

[2008-10-31 12:43:17 | 00,030,592 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\rndismpx.sys

[2008-10-31 12:43:14 | 00,076,800 | | C] (Microsoft Corporation) C:\WINDOWS\System32\qutil.dll

[2008-10-31 12:43:14 | 00,061,952 | | C] (Microsoft Corporation) C:\WINDOWS\System32\rasqec.dll

[2008-10-31 12:43:13 | 00,291,328 | | C] (Microsoft Corporation) C:\WINDOWS\System32\qagentrt.dll

[2008-10-31 12:43:13 | 00,150,528 | | C] (Microsoft Corporation) C:\WINDOWS\System32\qagent.dll

[2008-10-31 12:43:13 | 00,062,464 | | C] (Microsoft Corporation) C:\WINDOWS\System32\qcliprov.dll

[2008-10-31 12:43:11 | 00,412,160 | | C] (Microsoft Corporation) C:\WINDOWS\System32\photometadatahandler.dll

[2008-10-31 12:43:08 | 00,144,384 | | C] (Microsoft Corporation) C:\WINDOWS\System32\onex.dll

[2008-10-31 12:43:02 | 00,067,866 | | C] () C:\WINDOWS\System32\drivers\netwlan5.img

[2008-10-31 12:42:59 | 00,194,048 | | C] (Microsoft Corporation) C:\WINDOWS\System32\napmontr.dll

[2008-10-31 12:42:59 | 00,176,128 | | C] (Microsoft Corporation) C:\WINDOWS\System32\napstat.exe

[2008-10-31 12:42:59 | 00,030,208 | | C] (Microsoft Corporation) C:\WINDOWS\System32\napipsec.dll

[2008-10-31 12:42:58 | 01,307,648 | | C] (Microsoft Corporation) C:\WINDOWS\System32\msxml6.dll

[2008-10-31 12:42:58 | 01,307,648 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\msxml6.dll

[2008-10-31 12:42:58 | 00,079,872 | | C] (Microsoft Corporation) C:\WINDOWS\System32\msxml6r.dll

[2008-10-31 12:42:58 | 00,079,872 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\msxml6r.dll

[2008-10-31 12:42:56 | 00,155,136 | | C] (Microsoft Corporation) C:\WINDOWS\System32\mssha.dll

[2008-10-31 12:42:56 | 00,077,312 | | C] (Microsoft Corporation) C:\WINDOWS\System32\msshavmsg.dll

[2008-10-31 12:42:45 | 00,033,792 | | C] (Microsoft Corporation) C:\WINDOWS\System32\mmcperf.exe

[2008-10-31 12:42:44 | 00,397,312 | | C] (Microsoft Corporation) C:\WINDOWS\System32\mmcex.dll

[2008-10-31 12:42:44 | 00,184,320 | | C] (Microsoft Corporation) C:\WINDOWS\System32\microsoft.managementconsole.dll

[2008-10-31 12:42:44 | 00,106,496 | | C] (Microsoft Corporation) C:\WINDOWS\System32\mmcfxcommon.dll

[2008-10-31 12:42:33 | 00,061,440 | | C] (Microsoft Corporation) C:\WINDOWS\System32\kmsvc.dll

[2008-10-31 12:42:33 | 00,037,376 | | C] (Microsoft Corporation) C:\WINDOWS\System32\l2gpstore.dll

[2008-10-31 12:42:29 | 00,102,912 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\dpcdll.dll

[2008-10-31 12:42:29 | 00,024,064 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\pidgen.dll

[2008-10-31 12:42:26 | 00,010,752 | | C] (Microsoft Corporation) C:\WINDOWS\System32\smtpapi.dll

[2008-10-31 12:42:26 | 00,009,728 | | C] (Microsoft Corporation) C:\WINDOWS\System32\rwnh.dll

[2008-10-31 12:42:26 | 00,001,950 | | C] () C:\WINDOWS\System32\pid.inf

[2008-10-31 12:42:24 | 00,046,592 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\irbus.sys

[2008-10-31 12:42:23 | 00,009,728 | | C] (Microsoft Corporation) C:\WINDOWS\System32\comsdupd.exe

[2008-10-31 12:42:18 | 00,025,600 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\hidbth.sys

[2008-10-31 12:42:18 | 00,019,200 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\hidir.sys

[2008-10-31 12:42:16 | 00,046,464 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\gagp30kx.sys

[2008-10-31 12:42:12 | 00,020,992 | | C] (Microsoft Corporation) C:\WINDOWS\System32\faxpatch.exe

[2008-10-31 12:42:10 | 00,184,832 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eapp3hst.dll

[2008-10-31 12:42:10 | 00,180,224 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eapphost.dll

[2008-10-31 12:42:10 | 00,126,976 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eappcfg.dll

[2008-10-31 12:42:10 | 00,094,208 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eappgnui.dll

[2008-10-31 12:42:10 | 00,058,880 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eapqec.dll

[2008-10-31 12:42:10 | 00,040,960 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eappprxy.dll

[2008-10-31 12:42:10 | 00,033,280 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eapsvc.dll

[2008-10-31 12:42:10 | 00,030,720 | | C] (Microsoft Corporation) C:\WINDOWS\System32\eapolqec.dll

[2008-10-31 12:42:08 | 00,651,264 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3ui.dll

[2008-10-31 12:42:08 | 00,132,608 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3svc.dll

[2008-10-31 12:42:08 | 00,059,392 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3cfg.dll

[2008-10-31 12:42:08 | 00,056,320 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3msm.dll

[2008-10-31 12:42:08 | 00,039,936 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3gpclnt.dll

[2008-10-31 12:42:08 | 00,026,112 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3api.dll

[2008-10-31 12:42:08 | 00,009,216 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dot3dlg.dll

[2008-10-31 12:42:06 | 00,048,640 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dhcpqec.dll

[2008-10-31 12:42:06 | 00,039,936 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dimsroam.dll

[2008-10-31 12:42:06 | 00,019,456 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dimsntfy.dll

[2008-10-31 12:42:05 | 00,129,045 | | C] () C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2008-10-31 12:42:04 | 00,012,800 | | C] (Microsoft Corporation) C:\WINDOWS\System32\credssp.dll

[2008-10-31 12:42:01 | 00,037,888 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\bthmodem.sys

[2008-10-31 12:42:01 | 00,018,944 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\bthusb.sys

[2008-10-31 12:42:01 | 00,017,024 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\bthenum.sys

[2008-10-31 12:42:01 | 00,007,168 | | C] (Microsoft Corporation) C:\WINDOWS\System32\bitsprx4.dll

[2008-10-31 12:42:00 | 00,233,472 | | C] (Microsoft Corporation) C:\WINDOWS\System32\azroles.dll

[2008-10-31 12:41:59 | 00,064,352 | | C] () C:\WINDOWS\System32\drivers\ativmc20.cod

[2008-10-31 12:41:54 | 00,042,752 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\alim1541.sys

[2008-10-31 12:41:52 | 00,044,928 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\agpcpq.sys

[2008-10-31 12:41:52 | 00,042,368 | | C] (Microsoft Corporation) C:\WINDOWS\System32\drivers\agp440.sys

[2008-10-24 12:41:00 | 00,337,408 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-23 20:00:09 | 00,000,000 | -H-D | C] C:\WINDOWS\PIF

[2008-10-21 19:52:25 | 00,151,856 | | C] () C:\WINDOWS\System32\iidxcard.bmp

[2008-10-21 19:52:25 | 00,114,056 | | C] () C:\WINDOWS\System32\iidxtel.bmp

[2008-10-21 19:52:25 | 00,114,054 | | C] () C:\WINDOWS\System32\iidxts.bmp

[2008-10-21 19:52:25 | 00,114,054 | | C] () C:\WINDOWS\System32\iidxsith.bmp

[2008-10-21 19:52:25 | 00,114,054 | | C] () C:\WINDOWS\System32\iidxpos.bmp

[2008-10-21 19:52:25 | 00,054,512 | | C] (SecMaker AB) C:\WINDOWS\System32\iidxcmt.exe

[2008-10-21 19:52:24 | 00,724,992 | | C] (SecMaker AB) C:\WINDOWS\System32\iid.dll

[2008-10-21 19:52:24 | 00,509,168 | | C] (SecMaker AB) C:\WINDOWS\System32\iidxadm.exe

[2008-10-21 19:52:24 | 00,487,424 | | C] (SecMaker AB) C:\WINDOWS\System32\iidp11.dll

[2008-10-21 19:52:24 | 00,147,456 | | C] (SecMaker AB) C:\WINDOWS\System32\iidcsp.dll

[2008-10-21 19:52:24 | 00,107,760 | | C] (SecMaker AB) C:\WINDOWS\System32\iidplg.dll

[2008-10-21 19:52:24 | 00,074,992 | | C] (SecMaker AB) C:\WINDOWS\System32\iid.exe

[2008-10-21 19:52:24 | 00,021,983 | | C] () C:\WINDOWS\iid.ini

[2008-10-20 21:21:00 | 00,000,000 | -D | C] C:\Program\DirectVobSub

[2008-10-15 15:40:30 | 00,000,000 | -D | C] C:\Documents and Settings\All Users\Application Data\Blizzard

[2008-10-15 05:39:42 | 00,333,824 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\srv.sys

[2008-10-15 05:39:25 | 01,846,400 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\win32k.sys

[2008-10-15 05:39:23 | 02,189,952 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008-10-15 05:39:23 | 02,146,304 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008-10-15 05:39:23 | 02,066,816 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2008-10-15 05:39:23 | 02,024,960 | | C] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\ntkrpamp.exe

 

========== Files - Modified Within 30 Days ==========

 

[3 C:\WINDOWS\System32\*.tmp files]

[5 C:\WINDOWS\*.tmp files]

[2008-11-13 06:42:28 | 00,422,400 | | M] (OldTimer Tools) C:\Documents and Settings\Stefan\Skrivbord\OTViewIt.exe

[2008-11-13 06:38:05 | 00,000,006 | -H | M] () C:\WINDOWS\tasks\SA.DAT

[2008-11-13 06:37:52 | 00,002,048 | S- | M] () C:\WINDOWS\bootstat.dat

[2008-11-13 06:37:45 | 21,455,54432 | -HS- | M] () C:\hiberfil.sys

[2008-11-13 00:29:05 | 00,030,888 | | M] () C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

[2008-11-13 00:29:05 | 00,030,888 | | M] () C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

[2008-11-13 00:29:05 | 00,030,528 | | M] () C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

[2008-11-13 00:29:05 | 00,030,528 | | M] () C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

[2008-11-13 00:29:05 | 00,011,564 | | M] () C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

[2008-11-13 00:29:05 | 00,001,080 | | M] () C:\WINDOWS\System32\settingsbkup.sfm

[2008-11-13 00:29:05 | 00,001,080 | | M] () C:\WINDOWS\System32\settings.sfm

[2008-11-13 00:28:36 | 00,000,244 | -H | M] () C:\sqmnoopt03.sqm

[2008-11-13 00:28:36 | 00,000,232 | -H | M] () C:\sqmdata03.sqm

[2008-11-13 00:28:35 | 04,958,588 | | M] () C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF

[2008-11-13 00:28:35 | 04,958,588 | | M] () C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK

[2008-11-12 23:39:29 | 00,018,944 | | M] () C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-11-12 23:07:41 | 00,000,244 | -H | M] () C:\sqmnoopt02.sqm

[2008-11-12 23:07:41 | 00,000,232 | -H | M] () C:\sqmdata02.sqm

[2008-11-12 22:41:45 | 00,014,848 | | M] () C:\WINDOWS\System32\xmlpsovi.dll

[2008-11-12 22:37:33 | 00,000,686 | | M] () C:\WINDOWS\System32\drivers\etc\HOSTS

[2008-11-12 22:36:41 | 00,578,560 | | M] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\user32.dll

[2008-11-12 22:32:25 | 00,000,244 | -H | M] () C:\sqmnoopt01.sqm

[2008-11-12 22:32:25 | 00,000,232 | -H | M] () C:\sqmdata01.sqm

[2008-11-12 22:30:26 | 01,529,241 | | M] () C:\Documents and Settings\Stefan\Skrivbord\SDFix.exe

[2008-11-12 21:57:10 | 00,000,244 | -H | M] () C:\sqmnoopt00.sqm

[2008-11-12 21:57:10 | 00,000,232 | -H | M] () C:\sqmdata00.sqm

[2008-11-12 21:38:51 | 00,000,244 | -H | M] () C:\sqmnoopt19.sqm

[2008-11-12 21:38:51 | 00,000,232 | -H | M] () C:\sqmdata19.sqm

[2008-11-12 21:14:59 | 00,002,155 | | M] () C:\Documents and Settings\All Users\Skrivbord\Steam.lnk

[2008-11-12 21:04:20 | 00,000,264 | | M] () C:\WINDOWS\system.ini

[2008-11-12 20:50:01 | 00,000,250 | | M] () C:\WINDOWS\gmer.ini

[2008-11-12 20:08:08 | 00,000,272 | | M] () C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-11-12 19:34:12 | 00,000,244 | -H | M] () C:\sqmnoopt18.sqm

[2008-11-12 19:34:12 | 00,000,232 | -H | M] () C:\sqmdata18.sqm

[2008-11-12 19:28:15 | 00,000,593 | | M] () C:\WINDOWS\imsins.BAK

[2008-11-12 06:48:39 | 00,000,244 | -H | M] () C:\sqmnoopt17.sqm

[2008-11-12 06:48:39 | 00,000,232 | -H | M] () C:\sqmdata17.sqm

[2008-11-12 06:45:54 | 00,884,736 | | M] () C:\WINDOWS\gmer.dll

[2008-11-12 06:45:54 | 00,085,969 | | M] (GMER) C:\WINDOWS\System32\drivers\gmer.sys

[2008-11-12 06:45:54 | 00,000,080 | | M] () C:\WINDOWS\gmer_uninstall.cmd

[2008-11-11 23:34:19 | 00,000,244 | -H | M] () C:\sqmnoopt16.sqm

[2008-11-11 23:34:19 | 00,000,232 | -H | M] () C:\sqmdata16.sqm

[2008-11-11 20:56:47 | 00,000,232 | -H | M] () C:\sqmdata15.sqm

[2008-11-11 20:56:46 | 00,000,244 | -H | M] () C:\sqmnoopt15.sqm

[2008-11-11 19:07:34 | 00,000,244 | -H | M] () C:\sqmnoopt14.sqm

[2008-11-11 19:07:34 | 00,000,232 | -H | M] () C:\sqmdata14.sqm

[2008-11-11 12:31:57 | 00,000,244 | -H | M] () C:\sqmnoopt13.sqm

[2008-11-11 12:31:57 | 00,000,232 | -H | M] () C:\sqmdata13.sqm

[2008-11-11 00:25:41 | 00,000,244 | -H | M] () C:\sqmnoopt12.sqm

[2008-11-11 00:25:41 | 00,000,232 | -H | M] () C:\sqmdata12.sqm

[2008-11-10 22:35:39 | 00,000,244 | -H | M] () C:\sqmnoopt11.sqm

[2008-11-10 22:35:39 | 00,000,232 | -H | M] () C:\sqmdata11.sqm

[2008-11-10 22:19:05 | 00,000,244 | -H | M] () C:\sqmnoopt10.sqm

[2008-11-10 22:19:05 | 00,000,232 | -H | M] () C:\sqmdata10.sqm

[2008-11-10 22:13:04 | 00,003,512 | | M] () C:\WINDOWS\System32\tmp.reg

[2008-11-10 22:04:54 | 00,000,244 | -H | M] () C:\sqmnoopt09.sqm

[2008-11-10 22:04:54 | 00,000,232 | -H | M] () C:\sqmdata09.sqm

[2008-11-10 20:58:04 | 00,000,244 | -H | M] () C:\sqmnoopt08.sqm

[2008-11-10 20:58:04 | 00,000,232 | -H | M] () C:\sqmdata08.sqm

[2008-11-10 20:49:03 | 00,000,244 | -H | M] () C:\sqmnoopt07.sqm

[2008-11-10 20:49:03 | 00,000,232 | -H | M] () C:\sqmdata07.sqm

[2008-11-10 20:36:55 | 00,000,244 | -H | M] () C:\sqmnoopt06.sqm

[2008-11-10 20:36:55 | 00,000,232 | -H | M] () C:\sqmdata06.sqm

[2008-11-10 20:32:10 | 00,000,244 | -H | M] () C:\sqmnoopt05.sqm

[2008-11-10 20:32:10 | 00,000,232 | -H | M] () C:\sqmdata05.sqm

[2008-11-10 20:11:19 | 00,000,244 | -H | M] () C:\sqmnoopt04.sqm

[2008-11-10 20:11:19 | 00,000,232 | -H | M] () C:\sqmdata04.sqm

[2008-11-10 19:31:25 | 00,000,396 | RHS- | M] () C:\boot.ini

[2008-11-09 20:11:13 | 00,000,673 | | M] () C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-11-09 19:47:05 | 00,001,687 | | M] () C:\Documents and Settings\Stefan\Skrivbord\HijackThis.lnk

[2008-11-09 18:40:45 | 00,953,580 | | M] () C:\WINDOWS\System32\PerfStringBackup.INI

[2008-11-09 18:40:45 | 00,404,004 | | M] () C:\WINDOWS\System32\perfh01D.dat

[2008-11-09 18:40:45 | 00,401,064 | | M] () C:\WINDOWS\System32\perfh009.dat

[2008-11-09 18:40:45 | 00,073,728 | | M] () C:\WINDOWS\System32\perfc01D.dat

[2008-11-09 18:40:45 | 00,062,344 | | M] () C:\WINDOWS\System32\perfc009.dat

[2008-11-09 18:24:58 | 00,000,758 | | M] () C:\Documents and Settings\All Users\Skrivbord\Ad-Aware.lnk

[2008-11-09 17:40:33 | 00,003,905 | | M] () C:\Documents and Settings\Stefan\Skrivbord\config trin.cfg

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stefan\Skrivbord\config trin.cfg:SummaryInformation

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Stefan\Skrivbord\config trin.cfg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2008-11-09 16:53:35 | 00,000,069 | | M] () C:\WINDOWS\NeroDigital.ini

[2008-11-07 18:16:36 | 00,000,602 | | M] () C:\Documents and Settings\Stefan\Mina dokument\Mina delade mappar.lnk

[2008-11-05 23:08:37 | 00,074,696 | | M] () C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2008-11-05 23:07:23 | 00,292,480 | | M] () C:\WINDOWS\System32\FNTCACHE.DAT

[2008-11-04 16:48:12 | 00,002,219 | | M] () C:\Documents and Settings\All Users\Skrivbord\Skype.lnk

[2008-11-04 01:10:25 | 17,318,336 | | M] (Microsoft Corporation) C:\WINDOWS\System32\MRT.exe

[2008-10-31 19:22:51 | 00,002,206 | | M] () C:\WINDOWS\System32\wpa.dbl

[2008-10-31 19:20:47 | 00,002,979 | | M] () C:\WINDOWS\System32\spupdsvc.inf

[2008-10-31 19:08:00 | 00,250,560 | RHS- | M] () C:\ntldr

[2008-10-30 23:44:31 | 00,000,325 | | M] () C:\Boot.bak

[2008-10-24 12:21:09 | 00,455,296 | | M] (Microsoft Corporation) C:\WINDOWS\System32\drivers\mrxsmb.sys

[2008-10-24 12:21:09 | 00,455,296 | | M] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2008-10-22 16:10:38 | 00,038,496 | | M] (Malwarebytes Corporation) C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-10-22 16:10:22 | 00,015,504 | | M] (Malwarebytes Corporation) C:\WINDOWS\System32\drivers\mbam.sys

[2008-10-21 19:52:40 | 00,001,424 | | M] () C:\WINDOWS\mozver.dat

[2008-10-21 19:52:25 | 00,021,983 | | M] () C:\WINDOWS\iid.ini

[2008-10-15 17:38:27 | 00,337,408 | | M] (Microsoft Corporation) C:\WINDOWS\System32\netapi32.dll

[2008-10-15 17:38:27 | 00,337,408 | | M] (Microsoft Corporation) C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-15 16:01:47 | 00,000,830 | | M] () C:\Documents and Settings\All Users\Skrivbord\World of Warcraft.lnk

[2008-10-14 22:03:03 | 02,109,404 | -H | M] () C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\IconCache.db

< End of report >

[/log]

[log]

OTViewIt Extras logfile created on: 2008-11-13 06:42:59 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Stefan\Skrivbord

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 74,51% Memory free

3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,34% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 149,00 Gb Total Space | 82,45 Gb Free Space | 55,33% Space Free | Partition Type: NTFS

Drive D: | 149,00 Gb Total Space | 144,31 Gb Free Space | 96,85% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STEFAN

Current User Name: Stefan

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-13 19:53:32 | 00,558,080 | | M] (Microsoft Corporation) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-04-14 17:05:18 | 00,141,312 | | M] (Microsoft Corporation) %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-10-18 10:35:08 | 05,724,184 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-13 19:53:32 | 00,558,080 | | M] (Microsoft Corporation) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-04-14 17:05:18 | 00,141,312 | | M] (Microsoft Corporation) %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-05-21 03:37:24 | 12,844,576 | | M] (Microsoft Corporation) C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2008-10-08 17:05:02 | 00,270,128 | | M] (BitTorrent, Inc.) C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-04-14 17:05:04 | 00,083,456 | | M] (Microsoft Corporation) C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test

[2008-11-12 20:54:21 | 00,086,077 | | M] (Valve) C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike\hl.exe:*:Enabled:Half-Life Launcher

[2008-09-17 23:44:02 | 09,277,440 | | M] (Stripf Software) C:\Program\HLSW\hlsw.exe:*:Enabled:HLSW Application

[2008-08-11 23:08:46 | 00,106,496 | | M] () C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike source\hl2.exe:*:Enabled:hl2

[2008-04-30 09:32:48 | 01,892,352 | | M] (www.sopcast.com) C:\Program\SopCast\SopCast.exe:*:Enabled:SopCast Main Application

[2007-03-07 11:27:12 | 00,567,384 | | M] (www.sopcast.com) C:\Program\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver

[2007-07-24 14:17:08 | 00,229,376 | | M] (Apple Inc.) C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-07-30 09:47:50 | 20,252,968 | | M] (Apple Inc.) C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2008-05-22 14:59:46 | 00,156,944 | | M] (Octoshape ApS) C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client

[2008-10-15 16:00:52 | 01,077,904 | | M] (Blizzard Entertainment) C:\Program\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader

[2008-10-18 21:43:07 | 01,410,296 | | M] (Valve Corporation) C:\Program\Steam\Steam.exe:*:Enabled:Steam

[2008-10-03 19:23:48 | 00,318,976 | | M] (Octoshape ApS) C:\Documents and Settings\Stefan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player

[2007-10-18 10:35:08 | 05,724,184 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-09-26 11:13:10 | 00,152,880 | | M] () C:\Program\PPLive\PPLive.exe:*:Enabled:PPLive

[2008-07-23 13:11:34 | 21,738,792 | R- | M] (Skype Technologies S.A.) C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

Protocol_Catalog9\Catalog_Entries\000000000001 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000002 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000003 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000004 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000005 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000006 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000007 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000008 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000009 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000010 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000011 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000012 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000013 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000014 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000015 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000016 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000017 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000018 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000019 C:\WINDOWS\system32\vetredir.dll (Computer Associates International, Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

[2007-08-28 22:55:14 | 01,014,128 | | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2007-10-18 11:31:54 | 00,066,072 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

msdaipp: [HKLM - No CLSID value]

[2007-08-28 22:55:14 | 01,014,128 | | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2007-08-28 22:55:14 | 01,014,128 | | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[2006-10-26 12:45:02 | 00,873,216 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[2007-10-18 11:31:54 | 00,066,072 | | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[2008-07-23 13:11:34 | 01,942,864 | R- | M] (Skype Technologies) C:\Program\Delade filer\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class])

[2007-10-23 11:14:52 | 00,858,136 | | M] (Microsoft Corporation) C:\Program\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 20:41:48 | 00,044,344 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0004D4C8-7F6C-BA20-32B2-5C861FA340CB}"=Catalyst Control Center Graphics Full Existing

"{02EBDBB9-4600-41D3-B566-40CB861511D2}"=World of Warcraft FREE Trial

"{04302E9D-9EF9-70AC-BB4B-F38C6BC87F47}"=Catalyst Control Center Localization Thai

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam

"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center

"{088C9BEE-CB92-5879-5E38-174426D1F8E6}"=ccc-core-preinstall

"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime

"{10053F59-0765-163D-F759-155E6DA35AB6}"=CCC Help English

"{101E4225-8983-7850-3E8C-00C5E0A13B40}"=ccc-core-static

"{10B23720-AB24-D8B0-F881-27C85243A1F5}"=CCC Help Korean

"{161B3AC6-593F-4AC7-BBBF-88B72012A94E}"=OpenOffice.org 3.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Toolbar for Internet Explorer

"{1A15507A-8551-4626-915D-3D5FA095CC1B}"=Corel Paint Shop Pro X

"{1D44C5C7-FCB6-8732-A960-3E3486661B02}"=Catalyst Control Center Graphics Full Existing

"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}"=ImageMixer VCD/DVD2 for OLYMPUS

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{212B3742-5B29-B7C3-3973-69EE036E574E}"=Catalyst Control Center Graphics Previews Common

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{2DBB8878-9A6C-D992-E9A1-F83B8B110CCF}"=ccc-core-static

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{35279851-031F-67BB-FAF0-D75783BDE296}"=Catalyst Control Center Localization Japanese

"{3921A67A-5AB1-4E48-9444-C71814CF3027}"=VCRedistSetup

"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes

"{3F555374-449A-0734-73EA-5FF6207FA30F}"=Skins

"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour

"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}"=Apple Mobile Device Support

"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}"=ACDSee Pro 2

"{5141D667-6FE0-DFD6-FDC8-C981DC06520C}"=Catalyst Control Center Graphics Full New

"{51C9B6D6-BF0F-3BA5-1EA4-17C6190DBE07}"=ccc-core-preinstall

"{54E6AC92-E270-5FA1-22AC-A43650098986}"=Skins

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8

"{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6D724AAC-2B52-4AEC-A9CA-C38D8951F722}"=QuickTime Alternative

"{6FDD0A02-A328-BEF2-E2B4-A62965620D09}"=ccc-utility

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0 with Security Updates

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{7664A2EF-34F5-42D2-8FD8-4FEF0047A929}"=Windows Live Mail

"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client

"{81DE8DC2-5B40-4FA9-9142-52F97E6B04C6}"=Real Alternative

"{86F68693-A637-1F4D-5D4F-4D58486A4601}"=ccc-utility

"{90120000-0010-041D-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Swedish) 12

"{90120000-0015-041D-0000-0000000FF1CE}"=Microsoft Office Access MUI (Swedish) 2007

"{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-0019-041D-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Swedish) 2007

"{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-001A-041D-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Swedish) 2007

"{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-0044-041D-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Swedish) 2007

"{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{90120000-00BA-041D-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Swedish) 2007

"{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{F65CD3E6-755B-48F0-99BD-06BE14985E2B}"=

"{919635D1-5C0D-4B64-B724-BDDB31D11053}"=Nero 8

"{971EB438-C938-BD97-7AE7-CB0164E8E2E6}"=Catalyst Control Center Localization Chinese Standard

"{97ECD9CC-E6EC-996C-03B9-6B44CF2AEFA7}"=Catalyst Control Center Localization Chinese Traditional

"{989EC86B-6D10-F330-54C6-352322D8D077}"=Catalyst Control Center Core Implementation

"{98F394A4-DC7F-1156-DBD6-3220390AAAAA}"=CCC Help Japanese

"{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}"=Microsoft .NET Framework 3.0

"{9DF0D039-BAD2-254D-F54D-99537E86115B}"=CCC Help English

"{A1E345E8-C3EA-F1BC-1F56-9E79C575E2F8}"=CCC Help Chinese Traditional

"{A9F265E1-7804-FEE2-0A91-29BFB6CC9D1C}"=CCC Help Thai

"{AC1635BC-63CC-DF13-63BD-3C11B78EC40C}"=Catalyst Control Center Graphics Light

"{AC76BA86-7AD7-1053-7B44-A81000000003}"=Adobe Reader 8.1.0 - Svenska

"{AE888E0F-6727-0045-A966-CFB975AC15BA}"=Catalyst Control Center Graphics Previews Common

"{AEB7318D-A79D-4C66-9085-4FF48329268C}"=Macromedia Shockwave Player

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B8035D53-49FB-D8D1-1604-7CD016FE81B5}"=Catalyst Control Center Graphics Full New

"{BA820A24-704B-428D-9904-71A10DAC1372}"=OLYMPUS Master

"{C952BD03-9AC6-F898-B17F-9352638EC93C}"=Catalyst Control Center Core Implementation

"{CADF1911-C4FB-8651-36E0-FF06DAA75F28}"=Catalyst Control Center Graphics Light

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix

"{D3B2A44C-C17A-9112-059E-39A7163B7177}"=CCC Help Chinese Standard

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}"=Dell ResourceCD

"{D91E5373-8D42-9182-01D5-C7C5758DF4D3}"=Catalyst Control Center Localization Korean

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware

"{E1230694-33DA-4E74-82E1-06CC9D545E9B}"=Windows Vista Sounds Pack

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}"=Razer DeathAdder Mouse

"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX

"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"All ATI Software"=ATI - Software Uninstall Utility

"ATI Display Driver"=ATI Display Driver

"DirectVobSub"=DirectVobSub (remove only)

"ENTERPRISE"=Microsoft Office Enterprise 2007

"HijackThis"=HijackThis 2.0.2

"HLSW_is1"=HLSW v1.3.0

"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}"=Driver Detective

"InstallShield_{BA820A24-704B-428D-9904-71A10DAC1372}"=OLYMPUS Master

"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.5.0

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 with Security Updates"=Microsoft .NET Framework 2.0 with Security Updates

"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0

"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)

"Net iD"=Net iD 4.8

"NVIDIADVD"=NVIDIA PureVideo Decoder 1.02-223

"SopCast"=SopCast 3.0.3

"Steam App 10"=Counter-Strike

"Steam App 240"=Counter-Strike: Source

"TC Power Pack Reloaded 3.5.7_is1"=TC Power Pack Reloaded

"TPTEST5_is1"=TPTEST 5.0.2

"tt2_is1"=Terrorist Takedown 2 (1.01)

"Warcraft III"=Warcraft III

"VentriloMIX"=VentriloMIX

"VETWIN32Vp5"=CA Anti-Virus

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=WinRAR

"VLC media player"=VideoLAN VLC media player 0.8.6i

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"World of Warcraft"=World of Warcraft

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player"=Octoshape add-in for Adobe Flash Player

"Octoshape Streaming Services"=Octoshape Streaming Services

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-09-29 12:56:01 | Computer Name = STEFAN | Source = EventSystem | ID = 4609

Description = COM+ Event System upptäckte en felaktig returneringskod under den

interna bearbetningen. HRESULT var 8001010D från rad 44 av d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.

Kontakta Microsoft Support och rapportera det här fele

 

Error - 2008-10-06 14:30:30 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program Steam.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-23 13:26:04 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program hl.exe, version 1.1.1.1, stoppad modul hungapp, version

0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-23 13:29:51 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program hl.exe, version 1.1.1.1, stoppad modul hungapp, version

0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-31 13:34:19 | Computer Name = STEFAN | Source = Application Error | ID = 1000

Description = Felaktigt program isafe.exe, version 8.0.8.0, felaktig modul isafserv.dll,

version 8.0.8.0, felaktig adress 0x00011790.

 

Error - 2008-11-03 15:51:16 | Computer Name = STEFAN | Source = Application Error | ID = 1000

Description = Felaktigt program iexplore.exe, version 7.0.6000.16735, felaktig modul

ieui.dll, version 7.0.5730.11, felaktig adress 0x00005f8c.

 

Error - 2008-11-07 16:51:07 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-07 19:22:59 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program steam.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-08 17:24:21 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-09 11:48:41 | Computer Name = STEFAN | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-11-12 16:40:07 | Computer Name = STEFAN | Source = sr | ID = 1

Description = Systemåterställningsfiltret påträffade det oväntade felet 0xC0000001

när filen på volymen HarddiskVolume1 behandlades. Volymen övervakas inte längre.

 

Error - 2008-11-12 17:34:14 | Computer Name = STEFAN | Source = DCOM | ID = 10005

Description = DCOM fick felet %1084 vid försök att starta tjänsten netman med argumenten

för att köra servern: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 2008-11-12 17:34:19 | Computer Name = STEFAN | Source = DCOM | ID = 10005

Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med

argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7001

Description = Tjänsten DHCP Client är beroende av tjänsten NetBios over Tcpip. Den

sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7001

Description = Tjänsten DNS Client är beroende av tjänsten TCP/IP Protocol Driver.

Den sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7001

Description = Tjänsten TCP/IP NetBIOS Helper är beroende av tjänsten AFD. Den sistnämnda

kunde inte starta på grund av följande fel: %%31

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7001

Description = Tjänsten Apple Mobile Device är beroende av tjänsten TCP/IP Protocol

Driver. Den sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7001

Description = Tjänsten Bonjour-tjänst är beroende av tjänsten TCP/IP Protocol Driver.

Den sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7001

Description = Tjänsten IPSEC Services är beroende av tjänsten IPSEC driver. Den

sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2008-11-12 17:35:23 | Computer Name = STEFAN | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip VD_FileDisk

VET-FILT

VET-REC

VETEFILE

VETMONNT

 

 

< End of report >

 

[/log]

Lagt till LOG-taggar

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2008-11-13 08:40:02 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

[log]Hur fungerar CA Internet Security Suite? Vad är det för årsmodell?

Har du kontroll på vad som är tillåtet i dess brandvägg?

 

Avinstallera Java™ 6 Update 2, det är en gammal version med säkerhetshål.

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\System32\dllcache\user32.dll

C:\Documents and Settings\Stefan\Skrivbord\config trin.cfg

 

Vet du vad config trin.cfg på ditt Skrivbord är? Är det en fil som brukar användas? Är det en fil som skapades samtidigt med infektionen? Den verkar skum.

 

[2008-11-01 14:28:42 | 00,000,000 | -D | C] C:\Program\PPLive

Verkar inte vara ett bra program enligt

http://www.siteadvisor.com/sites/pplive.com

Avinstallera[/log]

 

Kopiera alla rader i rutan (använd markera kod)

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Documents and Settings\All Users\Application Data
File::
C:\WINDOWS\System32\xmlpsovi.dll

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut

 

Länk till kommentar
Dela på andra webbplatser

Hej Cecilia

RSITlogLogfile of random's system information tool 1.04 (written by random/random)

Run by Stefan at 2008-11-13 18:13:16

Microsoft Windows XP Professional Service Pack 3

System drive C: has 84 GB (55%) free of 153 GB

Total RAM: 2046 MB (69% free)

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:13:22, on 2008-11-13

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\iid.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\program\steam\steam.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Razer\DeathAdder\razertra.exe

C:\Program\Razer\DeathAdder\razerofa.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\ehome\medctrro.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\Outlook Express\msimn.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\Stefan\Skrivbord\RSIT.exe

C:\Program\Trend Micro\HijackThis\Stefan.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {509E4961-BFFC-4F89-AF48-E1844791564D} - C:\WINDOWS\system32\xmlpsovi.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [DeathAdder] C:\Program\Razer\DeathAdder\razerhid.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program\steam\steam.exe" -silent

O4 - HKCU\..\Run: [OM_Monitor] C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

 

--

End of file - 10091 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Länkhjälp till Adobe PDF Reader - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{509E4961-BFFC-4F89-AF48-E1844791564D}]

C:\WINDOWS\system32\xmlpsovi.dll [2008-11-12 14848]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live inloggningshjälpen - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program\Google\Google Toolbar\GoogleToolbar.dll [2008-11-10 251504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-10 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-11-10 522224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program\Google\Google Toolbar\GoogleToolbar.dll [2008-11-10 251504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]

"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-17 18944]

"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]

"VistaDrive"=C:\WINDOWS\VistaDrive\VistaDrive.exe [2006-10-05 280779]

"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]

"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

"NeroFilterCheck"=C:\Program\Delade filer\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

"cctray"=C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe [2007-08-16 177416]

"CAVRID"=C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]

"DeathAdder"=C:\Program\Razer\DeathAdder\razerhid.exe [2007-09-07 159744]

"StartCCC"=C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

"SoundMAXPnP"=C:\Program\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

"QuickTime Task"=C:\Program\Multimedia\QuickTime Alternative\QTTask.exe [2008-05-27 413696]

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

"iTunesHelper"=C:\Program\iTunes\iTunesHelper.exe [2008-07-30 289064]

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe [2006-05-16 40960]

"Net iD"=C:\WINDOWS\system32\iid.exe [2008-02-22 74992]

"SunJavaUpdateSched"=C:\Program\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"swg"=C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-08-29 68856]

"MsnMsgr"=C:\Program\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

"Steam"=c:\program\steam\steam.exe [2008-10-18 1410296]

"OM_Monitor"=C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe [2006-05-16 57344]

"MSMSGS"=C:\Program\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-07-04 139264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 200064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike\hl.exe"="C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

"C:\Program\HLSW\hlsw.exe"="C:\Program\HLSW\hlsw.exe:*:Enabled:HLSW Application"

"C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike source\hl2.exe"="C:\Program\Steam\steamapps\stefan.lindqvist@ahlsell.se\counter-strike source\hl2.exe:*:Enabled:hl2"

"C:\Program\SopCast\SopCast.exe"="C:\Program\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"

"C:\Program\SopCast\adv\SopAdver.exe"="C:\Program\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\Program\Bonjour\mDNSResponder.exe"="C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program\iTunes\iTunes.exe"="C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"

"C:\Program\World of Warcraft\BackgroundDownloader.exe"="C:\Program\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program\Steam\Steam.exe"="C:\Program\Steam\Steam.exe:*:Enabled:Steam"

"C:\Documents and Settings\Stefan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Stefan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"

"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program\Windows Live\Messenger\livecall.exe"="C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program\PPLive\PPLive.exe"="C:\Program\PPLive\PPLive.exe:*:Enabled:PPLive"

"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program\Windows Live\Messenger\livecall.exe"="C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======List of files/folders created in the last 1 months======

 

2008-11-13 18:13:16 ----D---- C:\rsit

2008-11-12 22:41:45 ----A---- C:\WINDOWS\system32\xmlpsovi.dll

2008-11-12 22:34:59 ----D---- C:\WINDOWS\ERUNT

2008-11-12 22:31:13 ----D---- C:\SDFix

2008-11-12 21:12:35 ----SHD---- C:\RECYCLER

2008-11-12 21:05:04 ----D---- C:\WINDOWS\temp

2008-11-12 21:04:58 ----A---- C:\ComboFix.txt

2008-11-12 19:28:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-11-12 19:28:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-11-12 19:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-11-12 06:45:57 ----A---- C:\WINDOWS\gmer.ini

2008-11-12 06:45:54 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-11-12 06:45:54 ----A---- C:\WINDOWS\gmer.exe

2008-11-12 06:45:54 ----A---- C:\WINDOWS\gmer.dll

2008-11-10 19:35:50 ----A---- C:\WINDOWS\NIRCMD.exe

2008-11-10 19:31:25 ----A---- C:\Boot.bak

2008-11-10 19:31:18 ----RASHD---- C:\cmdcons

2008-11-10 19:11:53 ----A---- C:\WINDOWS\zip.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\VFIND.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\SWSC.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\SWREG.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\sed.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\grep.exe

2008-11-10 19:11:53 ----A---- C:\WINDOWS\fdsv.exe

2008-11-10 19:11:39 ----D---- C:\WINDOWS\ERDNT

2008-11-10 19:11:39 ----D---- C:\Qoobox

2008-11-10 19:06:19 ----A---- C:\WINDOWS\system32\tmp.txt

2008-11-10 19:06:10 ----A---- C:\rapport.txt

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\WS2Fix.exe

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\VCCLSID.exe

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\VACFix.exe

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\o4Patch.exe

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\IEDFix.exe

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\IEDFix.C.exe

2008-11-10 19:05:43 ----A---- C:\WINDOWS\system32\404Fix.exe

2008-11-10 19:05:42 ----A---- C:\WINDOWS\system32\SrchSTS.exe

2008-11-10 19:05:42 ----A---- C:\WINDOWS\system32\Process.exe

2008-11-10 19:05:42 ----A---- C:\WINDOWS\system32\dumphive.exe

2008-11-09 20:11:16 ----D---- C:\Documents and Settings\Stefan\Application Data\Malwarebytes

2008-11-09 20:11:09 ----D---- C:\Program\Malwarebytes' Anti-Malware

2008-11-09 20:11:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-11-09 18:39:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2008-11-09 18:24:57 ----D---- C:\Program\Lavasoft

2008-11-05 23:04:16 ----D---- C:\Documents and Settings\Stefan\Application Data\OpenOffice.org

2008-11-05 23:02:59 ----D---- C:\Program\JRE

2008-11-05 23:02:55 ----D---- C:\Program\OpenOffice.org 3

2008-11-05 23:02:43 ----A---- C:\WINDOWS\system32\javaws.exe

2008-11-05 23:02:43 ----A---- C:\WINDOWS\system32\javaw.exe

2008-11-05 23:02:43 ----A---- C:\WINDOWS\system32\java.exe

2008-11-03 19:58:47 ----D---- C:\Program\Fighters

2008-11-03 19:58:47 ----D---- C:\Documents and Settings\All Users\Application Data\Fighters

2008-11-03 19:57:56 ----A---- C:\Documents and Settings\Stefan\Application Data\install.txt

2008-11-03 19:42:00 ----D---- C:\Program\Trend Micro

2008-11-01 16:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2008-11-01 16:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2008-11-01 14:29:18 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive

2008-11-01 14:28:42 ----D---- C:\Program\PPLive

2008-11-01 14:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm

2008-10-31 19:22:55 ----D---- C:\Program\xerox

2008-10-31 19:22:54 ----D---- C:\WINDOWS\system32\xircom

2008-10-31 19:22:53 ----D---- C:\Program\msn gaming zone

2008-10-31 19:22:50 ----D---- C:\Program\microsoft frontpage

2008-10-31 19:22:48 ----D---- C:\WINDOWS\Prefetch

2008-10-31 19:20:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-10-31 19:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-10-31 19:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-10-31 19:19:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-10-31 19:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-10-31 19:18:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-10-31 19:18:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-10-31 19:18:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2008-10-31 19:17:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-10-31 19:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-10-31 19:16:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-10-31 19:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-10-31 19:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-10-31 19:15:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-10-31 19:12:41 ----D---- C:\WINDOWS\l2schemas

2008-10-31 19:12:40 ----D---- C:\WINDOWS\system32\sv

2008-10-31 19:12:40 ----D---- C:\WINDOWS\system32\bits

2008-10-31 19:10:19 ----D---- C:\WINDOWS\ServicePackFiles

2008-10-31 19:04:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-10-31 12:44:04 ----N---- C:\WINDOWS\system32\wmphoto.dll

2008-10-31 12:44:01 ----N---- C:\WINDOWS\system32\wlanapi.dll

2008-10-31 12:43:59 ----N---- C:\WINDOWS\system32\windowscodecsext.dll

2008-10-31 12:43:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll

2008-10-31 12:43:46 ----N---- C:\WINDOWS\system32\tspkg.dll

2008-10-31 12:43:33 ----N---- C:\WINDOWS\system32\spupdwxp.exe

2008-10-31 12:43:31 ----A---- C:\WINDOWS\system32\spdwnwxp.exe

2008-10-31 12:43:28 ----N---- C:\WINDOWS\system32\slserv.exe

2008-10-31 12:43:28 ----N---- C:\WINDOWS\system32\slrundll.exe

2008-10-31 12:43:28 ----N---- C:\WINDOWS\system32\slgen.dll

2008-10-31 12:43:28 ----N---- C:\WINDOWS\system32\slextspk.dll

2008-10-31 12:43:28 ----N---- C:\WINDOWS\system32\slcoinst.dll

2008-10-31 12:43:28 ----N---- C:\WINDOWS\slrundll.exe

2008-10-31 12:43:25 ----N---- C:\WINDOWS\system32\setupn.exe

2008-10-31 12:43:20 ----N---- C:\WINDOWS\system32\s3gnb.dll

2008-10-31 12:43:14 ----N---- C:\WINDOWS\system32\rasqec.dll

2008-10-31 12:43:14 ----N---- C:\WINDOWS\system32\qutil.dll

2008-10-31 12:43:13 ----N---- C:\WINDOWS\system32\qcliprov.dll

2008-10-31 12:43:13 ----N---- C:\WINDOWS\system32\qagentrt.dll

2008-10-31 12:43:13 ----N---- C:\WINDOWS\system32\qagent.dll

2008-10-31 12:43:11 ----N---- C:\WINDOWS\system32\photometadatahandler.dll

2008-10-31 12:43:08 ----N---- C:\WINDOWS\system32\onex.dll

2008-10-31 12:43:06 ----N---- C:\WINDOWS\system32\nv4_disp.dll

2008-10-31 12:42:59 ----N---- C:\WINDOWS\system32\napstat.exe

2008-10-31 12:42:59 ----N---- C:\WINDOWS\system32\napmontr.dll

2008-10-31 12:42:59 ----N---- C:\WINDOWS\system32\napipsec.dll

2008-10-31 12:42:59 ----N---- C:\WINDOWS\system32\mtxparhd.dll

2008-10-31 12:42:58 ----N---- C:\WINDOWS\system32\msxml6r.dll

2008-10-31 12:42:58 ----N---- C:\WINDOWS\system32\msxml6.dll

2008-10-31 12:42:56 ----N---- C:\WINDOWS\system32\msshavmsg.dll

2008-10-31 12:42:56 ----N---- C:\WINDOWS\system32\mssha.dll

2008-10-31 12:42:45 ----N---- C:\WINDOWS\system32\mmcperf.exe

2008-10-31 12:42:44 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll

2008-10-31 12:42:44 ----N---- C:\WINDOWS\system32\mmcex.dll

2008-10-31 12:42:44 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll

2008-10-31 12:42:42 ----N---- C:\WINDOWS\system32\mdmxsdk.dll

2008-10-31 12:42:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll

2008-10-31 12:42:33 ----N---- C:\WINDOWS\system32\kmsvc.dll

2008-10-31 12:42:26 ----N---- C:\WINDOWS\system32\smtpapi.dll

2008-10-31 12:42:26 ----N---- C:\WINDOWS\system32\rwnh.dll

2008-10-31 12:42:23 ----N---- C:\WINDOWS\system32\comsdupd.exe

2008-10-31 12:42:19 ----N---- C:\WINDOWS\system32\hsfcisp2.dll

2008-10-31 12:42:12 ----N---- C:\WINDOWS\system32\faxpatch.exe

2008-10-31 12:42:12 ----A---- C:\WINDOWS\002899_.tmp

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eapsvc.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eapqec.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eappprxy.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eapphost.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eappgnui.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eappcfg.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eapp3hst.dll

2008-10-31 12:42:10 ----N---- C:\WINDOWS\system32\eapolqec.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3ui.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3svc.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3msm.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3dlg.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3cfg.dll

2008-10-31 12:42:08 ----N---- C:\WINDOWS\system32\dot3api.dll

2008-10-31 12:42:06 ----N---- C:\WINDOWS\system32\dimsroam.dll

2008-10-31 12:42:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll

2008-10-31 12:42:06 ----N---- C:\WINDOWS\system32\dhcpqec.dll

2008-10-31 12:42:04 ----N---- C:\WINDOWS\system32\credssp.dll

2008-10-31 12:42:01 ----N---- C:\WINDOWS\system32\bitsprx4.dll

2008-10-31 12:42:00 ----N---- C:\WINDOWS\system32\azroles.dll

2008-10-31 12:41:59 ----N---- C:\WINDOWS\system32\ativtmxx.dll

2008-10-31 12:41:58 ----N---- C:\WINDOWS\system32\ati3d1ag.dll

2008-10-31 12:41:58 ----N---- C:\WINDOWS\system32\ati2dvaa.dll

2008-10-24 13:16:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$

2008-10-23 20:00:09 ----HD---- C:\WINDOWS\PIF

2008-10-21 19:52:25 ----A---- C:\WINDOWS\system32\iidxcmt.exe

2008-10-21 19:52:24 ----A---- C:\WINDOWS\system32\iidxadm.exe

2008-10-21 19:52:24 ----A---- C:\WINDOWS\system32\iidplg.dll

2008-10-21 19:52:24 ----A---- C:\WINDOWS\system32\iidp11.dll

2008-10-21 19:52:24 ----A---- C:\WINDOWS\system32\iidcsp.dll

2008-10-21 19:52:24 ----A---- C:\WINDOWS\system32\iid.exe

2008-10-21 19:52:24 ----A---- C:\WINDOWS\system32\iid.dll

2008-10-21 19:52:24 ----A---- C:\WINDOWS\iid.ini

2008-10-20 21:21:00 ----D---- C:\Program\DirectVobSub

2008-10-15 15:40:30 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard

2008-10-15 05:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$

2008-10-15 05:48:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2008-10-15 05:48:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$

2008-10-15 05:47:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$

2008-10-15 05:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$

 

======List of files/folders modified in the last 1 months======

 

2008-11-13 17:43:47 ----D---- C:\SLASK

2008-11-13 17:38:17 ----A---- C:\caisslog.txt

2008-11-13 17:38:12 ----D---- C:\WINDOWS\system32\drivers

2008-11-13 17:38:12 ----D---- C:\WINDOWS\system32

2008-11-13 17:38:12 ----D---- C:\WINDOWS

2008-11-13 17:36:42 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-13 17:36:41 ----D---- C:\WINDOWS\CAVTemp

2008-11-13 16:30:52 ----D---- C:\Program\Steam

2008-11-13 15:47:02 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-13 15:46:51 ----A---- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK

2008-11-13 13:16:57 ----D---- C:\Program\World of Warcraft

2008-11-12 23:15:11 ----D---- C:\Program\Mozilla Firefox

2008-11-12 23:06:37 ----D---- C:\Documents and Settings\Stefan\Application Data\uTorrent

2008-11-12 22:36:57 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-12 22:36:41 ----D---- C:\WINDOWS\system32\dllcache

2008-11-12 22:15:50 ----SD---- C:\WINDOWS\Tasks

2008-11-12 21:58:09 ----RD---- C:\Program

2008-11-12 21:04:20 ----A---- C:\WINDOWS\system.ini

2008-11-12 21:03:56 ----D---- C:\WINDOWS\AppPatch

2008-11-12 21:03:56 ----D---- C:\Program\Delade filer

2008-11-12 19:30:58 ----SHD---- C:\WINDOWS\Installer

2008-11-12 19:30:50 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-11-12 19:28:21 ----HD---- C:\WINDOWS\inf

2008-11-12 19:28:17 ----HD---- C:\WINDOWS\$hf_mig$

2008-11-12 19:28:15 ----A---- C:\WINDOWS\imsins.BAK

2008-11-12 19:27:51 ----D---- C:\WINDOWS\WinSxS

2008-11-10 22:24:54 ----D---- C:\Program\Google

2008-11-10 22:24:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2008-11-10 21:17:17 ----D---- C:\Documents and Settings\Stefan\Application Data\HLSW

2008-11-10 19:31:25 ----RASH---- C:\boot.ini

2008-11-09 18:40:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-11-09 18:24:37 ----D---- C:\Program\Delade filer\Wise Installation Wizard

2008-11-09 16:53:35 ----A---- C:\WINDOWS\NeroDigital.ini

2008-11-07 16:25:27 ----D---- C:\WINDOWS\system32\config

2008-11-05 23:03:48 ----RSD---- C:\WINDOWS\assembly

2008-11-05 23:03:07 ----RSD---- C:\WINDOWS\Fonts

2008-11-05 23:02:43 ----D---- C:\Program\Java

2008-11-05 19:03:14 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-04 16:50:09 ----D---- C:\Documents and Settings\Stefan\Application Data\Skype

2008-11-04 16:48:55 ----D---- C:\Documents and Settings\Stefan\Application Data\skypePM

2008-11-04 01:10:25 ----A---- C:\WINDOWS\system32\MRT.exe

2008-11-03 20:44:53 ----D---- C:\Documents and Settings\Stefan\Application Data\dvdcss

2008-11-01 16:09:48 ----D---- C:\Program\Messenger

2008-10-31 19:23:16 ----A---- C:\WINDOWS\OEWABLog.txt

2008-10-31 19:22:55 ----D---- C:\WINDOWS\system32\wbem

2008-10-31 19:22:55 ----D---- C:\WINDOWS\ime

2008-10-31 19:22:49 ----A---- C:\WINDOWS\setuplog.txt

2008-10-31 19:22:09 ----D---- C:\WINDOWS\system32\Setup

2008-10-31 19:20:35 ----D---- C:\WINDOWS\system32\CatRoot

2008-10-31 19:15:37 ----D---- C:\WINDOWS\security

2008-10-31 19:12:54 ----D---- C:\WINDOWS\system32\inetsrv

2008-10-31 19:12:54 ----D---- C:\WINDOWS\Network Diagnostic

2008-10-31 19:12:53 ----D---- C:\WINDOWS\Help

2008-10-31 19:12:42 ----D---- C:\WINDOWS\system32\usmt

2008-10-31 19:12:42 ----D---- C:\WINDOWS\system32\sv-se

2008-10-31 19:12:40 ----D---- C:\WINDOWS\PeerNet

2008-10-31 19:12:40 ----D---- C:\Program\Movie Maker

2008-10-31 19:10:08 ----D---- C:\WINDOWS\system32\Restore

2008-10-31 19:10:08 ----D---- C:\WINDOWS\system32\npp

2008-10-31 19:10:07 ----D---- C:\WINDOWS\msagent

2008-10-31 19:10:05 ----D---- C:\WINDOWS\srchasst

2008-10-31 19:10:05 ----D---- C:\Program\NetMeeting

2008-10-31 19:10:03 ----D---- C:\WINDOWS\system32\Com

2008-10-31 19:10:01 ----D---- C:\Program\Windows NT

2008-10-31 19:10:01 ----D---- C:\Program\Windows Media Player

2008-10-31 19:10:00 ----D---- C:\Program\Outlook Express

2008-10-31 19:09:57 ----D---- C:\Program\Delade filer\System

2008-10-31 19:09:45 ----D---- C:\WINDOWS\system32\oobe

2008-10-31 19:09:43 ----D---- C:\WINDOWS\system

2008-10-31 19:04:55 ----D---- C:\WINDOWS\ehome

2008-10-21 19:43:14 ----D---- C:\Documents and Settings\Stefan\Application Data\iid

2008-10-15 17:38:27 ----A---- C:\WINDOWS\system32\netapi32.dll

2008-10-15 05:48:15 ----D---- C:\Program\Internet Explorer

2008-10-14 15:33:35 ----D---- C:\Program\Warcraft III

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-10 32256]

R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]

R1 kbdhid;HID-drivrutin för tangentbord; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]

R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]

R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2008-09-29 880560]

R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]

R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]

R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]

R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]

R2 hidusb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-07-04 3230720]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-09-10 176640]

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]

R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]

R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]

R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]

R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]

R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2008-09-29 108368]

S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944]

S3 catchme;catchme; \??\C:\DOCUME~1\Stefan\LOKALA~1\Temp\catchme.sys []

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-12 85969]

S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]

S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]

S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]

S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]

S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]

S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-07-04 561152]

R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]

R2 Bonjour Service;Bonjour-tjänst; C:\Program\Bonjour\mDNSResponder.exe [2007-07-24 229376]

R2 CAISafe;CAISafe; C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]

R2 MDM;Machine Debug Manager; C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]

R2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-08-10 26488]

R2 VETMSGNT;VET Message Service; C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 CaCCProvSP;CaCCProvSP; C:\Program\CA\CA Internet Security Suite\ccprovsp.exe [2007-08-16 214280]

R3 iPod Service;iPod Service; C:\Program\iPod\bin\iPodService.exe [2008-07-30 532264]

R3 NMIndexingService;NMIndexingService; C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]

[/log]S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-07-03 593920]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-10 137200]

S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader Service; C:\Program\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]

 

-----------------EOF-----------------

 

 

Länk till kommentar
Dela på andra webbplatser

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.14.0 2008.11.13 -

AntiVir 7.9.0.31 2008.11.13 -

Authentium 5.1.0.4 2008.11.13 -

Avast 4.8.1248.0 2008.11.13 -

AVG 8.0.0.199 2008.11.13 -

BitDefender 7.2 2008.11.13 -

CAT-QuickHeal 9.50 2008.11.12 -

ClamAV 0.94.1 2008.11.13 -

DrWeb 4.44.0.09170 2008.11.13 -

eSafe 7.0.17.0 2008.11.13 -

eTrust-Vet 31.6.6204 2008.11.11 -

Ewido 4.0 2008.11.13 -

F-Prot 4.4.4.56 2008.11.12 -

F-Secure 8.0.14332.0 2008.11.13 -

Fortinet 3.117.0.0 2008.11.13 -

GData 19 2008.11.13 -

Ikarus T3.1.1.45.0 2008.11.13 -

K7AntiVirus 7.10.524 2008.11.13 -

Kaspersky 7.0.0.125 2008.11.13 -

McAfee 5432 2008.11.13 -

Microsoft 1.4104 2008.11.13 -

NOD32 3610 2008.11.13 -

Norman 5.80.02 2008.11.13 -

Panda 9.0.0.4 2008.11.13 -

PCTools 4.4.2.0 2008.11.13 -

Prevx1 V2 2008.11.13 -

Rising 21.03.31.00 2008.11.13 -

SecureWeb-Gateway 6.7.6 2008.11.13 -

Sophos 4.35.0 2008.11.13 -

Sunbelt 3.1.1785.2 2008.11.11 -

Symantec 10 2008.11.13 -

TheHacker 6.3.1.1.151 2008.11.13 -

TrendMicro 8.700.0.1004 2008.11.13 -

VBA32 3.12.8.9 2008.11.13 -

ViRobot 2008.11.13.1466 2008.11.13 -

VirusBuster 4.5.11.0 2008.11.13 -

[/log]

 

Länk till kommentar
Dela på andra webbplatser

[log]Skanna med HijackThis och bocka för:

 

O16 - DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} (PPLive Lite Class) - http://dl.pplive.com/PluginSetup.cab

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn[/log]

 

[log]Har du avinstallerat PPLive än? I så fall ta bort mapparna:

2008-11-01 14:29:18 ----D---- C:\Documents and Settings\All Users\Application Data\PPLive

2008-11-01 14:28:42 ----D---- C:\Program\PPLive

2008-11-01 14:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Jlcm[/log]

 

Ladda ner FileLook från en av dessa länkar:

http://jpshortstuff.247fixes.com/FileLook.exe

http://images.malwareremoval.com/jpshortstuff/FileLook.exe

 

Dubbelklicka på filen för att köra den.

 

Kopiera alla rader i rutan (använd markera kod)

C:\Documents and Settings\Stefan\Application Data\install.txt

och klistra in i det stora textfältet i FileLook. Se till att det bara är en rad och inga radbrytningar.

Tryck på knappen FileLook för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som C:\FileLook.txt.

 

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...