Win32.TrojanDownloader.Small

[dusc]

C:\Documents and Settings\Stefan\desktop\suspectfile\report.txt

 

[Cecilia]

Det går ju inte för någon annan att komma åt en fil på din dator utan surfa till

http://fuskbugg.se/fuskbugg/?p=upload

bläddra fram report.txt och tryck på Skicka. När uppladdningen är klar så får du fram en länk och den klistrar du in i ditt svar.

 

[dusc]

http://data.fuskbugg.se/skalman01/---report.txt

 

 

är det den här ?

 

[927]

den loggen är gammal. du måste göra en ny scan med programmet så det skapas en ny logg. har du inte kvar en fil som heter nåt som liknar sys12345.exe

 

[dusc]

Hej

Jag skapa en ny log men när jag laddar upp filen i fuskbugg markerar rutan ang.avtal och trycker på skicka så kommer det upp "Error okänt fel"

här är logen[log]SystemScan - www.suspectfile.com - ver. 3.6.0 (code: holifay & bReAkdOWn)

 

Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1)

System directory: C:\WINDOWS

SystemScan file: C:\Documents and Settings\Stefan\Skrivbord\sys33840.exe

Running in: User mode

Date: 2008-11-15

Time: 12:38:44

 

Output limited to:

-Recent files

 

===================== RECENT FILES =====================

Listing files newer than 60 days

 

---- recent files in C:09/08/2008 20:17:31 -- 15/11/2008 12:09:16 (DIR) ---- 0 days old -- C:\WINDOWS

10/08/2008 17:50:03 -- 15/11/2008 00:49:10 (DIR) ---- 0 days old -- C:\SLASK

14/11/2008 22:06:53 -- 14/11/2008 22:06:53 (DIR) HS-- 0 days old -- C:\RECYCLER

10/11/2008 19:11:39 -- 14/11/2008 20:56:06 (DIR) ---- 0 days old -- C:\Qoobox

09/08/2008 20:32:07 -- 13/11/2008 19:32:00 (DIR) --R- 1 days old -- C:\Program

13/11/2008 18:13:16 -- 13/11/2008 18:13:24 (DIR) ---- 1 days old -- C:\rsit

12/11/2008 22:31:13 -- 06/11/2008 02:03:27 (DIR) ---- 2 days old -- C:\SDFix

10/11/2008 19:31:18 -- 10/11/2008 19:31:25 (DIR) HSRA 4 days old -- C:\cmdcons

20/09/2008 16:45:54 -- 20/09/2008 16:46:48 (DIR) ---- 55 days old -- C:\Netgear

15/11/2008 00:20:52 -- 15/11/2008 12:03:372145554432 HS-A 0 days old -- C:\hiberfil.sys

09/08/2008 20:17:31 -- 15/11/2008 12:03:362145484800 HS-A 0 days old -- C:\pagefile.sys

10/11/2008 19:06:10 -- 15/11/2008 00:19:07 2534 ---A 0 days old -- C:\rapport.txt

14/11/2008 20:55:59 -- 14/11/2008 20:55:59 15653 ---A 0 days old -- C:\ComboFix.txt

27/08/2008 21:47:27 -- 14/11/2008 13:28:23 244 H--A 0 days old -- C:\sqmnoopt13.sqm

27/08/2008 21:47:27 -- 14/11/2008 13:28:23 232 H--A 0 days old -- C:\sqmdata13.sqm

27/08/2008 19:24:31 -- 14/11/2008 13:00:23 232 H--A 0 days old -- C:\sqmdata12.sqm

27/08/2008 19:24:31 -- 14/11/2008 13:00:22 244 H--A 0 days old -- C:\sqmnoopt12.sqm

27/08/2008 19:12:08 -- 14/11/2008 08:02:49 232 H--A 1 days old -- C:\sqmdata11.sqm

27/08/2008 19:12:08 -- 14/11/2008 08:02:48 244 H--A 1 days old -- C:\sqmnoopt11.sqm

27/08/2008 19:08:58 -- 14/11/2008 06:53:40 232 H--A 1 days old -- C:\sqmdata10.sqm

27/08/2008 19:08:58 -- 14/11/2008 06:53:39 244 H--A 1 days old -- C:\sqmnoopt10.sqm

27/08/2008 13:27:58 -- 13/11/2008 23:04:58 232 H--A 1 days old -- C:\sqmdata09.sqm

27/08/2008 13:27:58 -- 13/11/2008 23:04:57 244 H--A 1 days old -- C:\sqmnoopt09.sqm

26/08/2008 22:14:49 -- 13/11/2008 21:19:30 232 H--A 1 days old -- C:\sqmdata08.sqm

26/08/2008 22:14:49 -- 13/11/2008 21:19:30 244 H--A 1 days old -- C:\sqmnoopt08.sqm

13/11/2008 20:35:14 -- 13/11/2008 20:35:14 1202 ---A 1 days old -- C:\FileLook.txt

26/08/2008 09:54:15 -- 13/11/2008 20:26:39 232 H--A 1 days old -- C:\sqmdata07.sqm

26/08/2008 09:54:15 -- 13/11/2008 20:26:39 244 H--A 1 days old -- C:\sqmnoopt07.sqm

25/08/2008 22:10:38 -- 13/11/2008 18:16:11 232 H--A 1 days old -- C:\sqmdata06.sqm

25/08/2008 22:10:38 -- 13/11/2008 18:16:11 244 H--A 1 days old -- C:\sqmnoopt06.sqm

10/08/2008 18:21:59 -- 13/11/2008 17:38:17 2189 ---A 1 days old -- C:\caisslog.txt

25/08/2008 22:00:55 -- 13/11/2008 13:05:47 232 H--A 1 days old -- C:\sqmdata05.sqm

25/08/2008 22:00:55 -- 13/11/2008 13:05:47 244 H--A 1 days old -- C:\sqmnoopt05.sqm

25/08/2008 21:00:43 -- 13/11/2008 06:51:58 232 H--A 2 days old -- C:\sqmdata04.sqm

25/08/2008 21:00:43 -- 13/11/2008 06:51:58 244 H--A 2 days old -- C:\sqmnoopt04.sqm

25/08/2008 18:53:44 -- 13/11/2008 00:28:36 232 H--A 2 days old -- C:\sqmdata03.sqm

25/08/2008 18:53:44 -- 13/11/2008 00:28:36 244 H--A 2 days old -- C:\sqmnoopt03.sqm

25/08/2008 11:31:24 -- 12/11/2008 23:07:41 232 H--A 2 days old -- C:\sqmdata02.sqm

25/08/2008 11:31:24 -- 12/11/2008 23:07:41 244 H--A 2 days old -- C:\sqmnoopt02.sqm

25/08/2008 07:12:04 -- 12/11/2008 22:32:25 232 H--A 2 days old -- C:\sqmdata01.sqm

25/08/2008 07:12:04 -- 12/11/2008 22:32:25 244 H--A 2 days old -- C:\sqmnoopt01.sqm

25/08/2008 05:58:45 -- 12/11/2008 21:57:10 232 H--A 2 days old -- C:\sqmdata00.sqm

25/08/2008 05:58:45 -- 12/11/2008 21:57:10 244 H--A 2 days old -- C:\sqmnoopt00.sqm

30/08/2008 14:22:19 -- 12/11/2008 21:38:51 232 H--A 2 days old -- C:\sqmdata19.sqm

30/08/2008 14:22:18 -- 12/11/2008 21:38:51 244 H--A 2 days old -- C:\sqmnoopt19.sqm

29/08/2008 22:56:06 -- 12/11/2008 19:34:12 232 H--A 2 days old -- C:\sqmdata18.sqm

29/08/2008 22:56:06 -- 12/11/2008 19:34:12 244 H--A 2 days old -- C:\sqmnoopt18.sqm

29/08/2008 17:17:52 -- 12/11/2008 06:48:39 244 H--A 3 days old -- C:\sqmnoopt17.sqm

29/08/2008 17:17:52 -- 12/11/2008 06:48:39 232 H--A 3 days old -- C:\sqmdata17.sqm

29/08/2008 15:52:19 -- 11/11/2008 23:34:19 244 H--A 3 days old -- C:\sqmnoopt16.sqm

29/08/2008 15:52:20 -- 11/11/2008 23:34:19 232 H--A 3 days old -- C:\sqmdata16.sqm

28/08/2008 21:46:53 -- 11/11/2008 20:56:47 232 H--A 3 days old -- C:\sqmdata15.sqm

28/08/2008 21:46:53 -- 11/11/2008 20:56:46 244 H--A 3 days old -- C:\sqmnoopt15.sqm

28/08/2008 19:06:02 -- 11/11/2008 19:07:34 244 H--A 3 days old -- C:\sqmnoopt14.sqm

28/08/2008 19:06:02 -- 11/11/2008 19:07:34 232 H--A 3 days old -- C:\sqmdata14.sqm

30/10/2008 23:00:51 -- 10/11/2008 20:50:17 3315 ---A 4 days old -- C:\aaw7boot.log

10/11/2008 19:31:25 -- 30/10/2008 23:44:31 325 ---A 4 days old -- C:\Boot.bak

09/08/2008 20:22:52 -- 10/11/2008 19:31:25 396 HSRA 4 days old -- C:\boot.ini

10/11/2008 19:31:23 -- 03/08/2004 23:00:00 260272 ---A 4 days old -- C:\cmldr

04/08/2004 03:59:58 -- 31/10/2008 19:08:00 250560 HSRA 14 days old -- C:\ntldr

10/08/2008 18:22:51 -- 29/09/2008 17:53:01 32787 ---A 46 days old -- C:\caavsetupLog.txt

 

---- recent files in C:\DOCUME~1\Stefan\LOKALA~1\Temp15/11/2008 12:38:31 -- 15/11/2008 12:38:31 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\nsj11.tmp

15/11/2008 12:04:02 -- 15/11/2008 12:04:02 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\WPDNSE

15/11/2008 01:07:25 -- 15/11/2008 01:07:29 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\MessengerCache

14/11/2008 20:59:56 -- 14/11/2008 20:59:56 (DIR) ---- 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\Google Toolbar

15/11/2008 00:54:10 -- 15/11/2008 12:38:31 55 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\systemscan.ini

15/11/2008 12:38:31 -- 15/11/2008 12:38:31 16384 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF5E00.tmp

15/11/2008 00:26:36 -- 15/11/2008 12:09:05 519 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\jusched.log

15/11/2008 12:04:02 -- 15/11/2008 12:04:12 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF4BC6.tmp

15/11/2008 12:04:02 -- 15/11/2008 12:04:03 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF4BC4.tmp

15/11/2008 01:54:31 -- 15/11/2008 01:54:31 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFF0FD.tmp

15/11/2008 01:54:22 -- 15/11/2008 01:54:26 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF8F73.tmp

15/11/2008 01:54:18 -- 15/11/2008 01:54:19 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF273A.tmp

15/11/2008 01:49:26 -- 15/11/2008 01:49:26 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFE6BF.tmp

15/11/2008 00:46:58 -- 15/11/2008 00:46:58 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DF171E.tmp

15/11/2008 00:21:28 -- 15/11/2008 00:21:35 540672 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFDD18.tmp

15/11/2008 00:21:28 -- 15/11/2008 00:21:28 147456 ---A 0 days old -- C:\DOCUME~1\Stefan\LOKALA~1\Temp\~DFDF06.tmp

 

---- recent files in C:\WINDOWS09/08/2008 20:17:31 -- 15/11/2008 12:09:16 (DIR) ---- 0 days old -- C:\WINDOWS\system32

14/11/2008 20:56:02 -- 15/11/2008 12:05:02 (DIR) ---- 0 days old -- C:\WINDOWS\temp

10/08/2008 19:31:37 -- 15/11/2008 12:03:57 (DIR) ---- 0 days old -- C:\WINDOWS\CAVTemp

31/10/2008 19:22:48 -- 15/11/2008 01:16:55 (DIR) ---- 0 days old -- C:\WINDOWS\Prefetch

09/08/2008 20:17:31 -- 14/11/2008 20:51:20 (DIR) ---- 0 days old -- C:\WINDOWS\AppPatch

09/08/2008 20:17:31 -- 13/11/2008 19:33:59 (DIR) HS-- 1 days old -- C:\WINDOWS\Installer

12/11/2008 22:34:59 -- 12/11/2008 22:35:12 (DIR) ---- 2 days old -- C:\WINDOWS\ERUNT

09/08/2008 18:52:05 -- 12/11/2008 22:15:50 (DIR) -S-- 2 days old -- C:\WINDOWS\Tasks

10/11/2008 19:11:39 -- 12/11/2008 19:48:40 (DIR) ---- 2 days old -- C:\WINDOWS\ERDNT

09/08/2008 20:17:31 -- 12/11/2008 19:28:21 (DIR) H--- 2 days old -- C:\WINDOWS\inf

12/11/2008 19:28:18 -- 12/11/2008 19:28:18 (DIR) H--- 2 days old -- C:\WINDOWS\$NtUninstallKB957097$

09/08/2008 18:54:21 -- 12/11/2008 19:28:17 (DIR) H--- 2 days old -- C:\WINDOWS\$hf_mig$

12/11/2008 19:28:11 -- 12/11/2008 19:28:11 (DIR) H--- 2 days old -- C:\WINDOWS\$NtUninstallKB954459$

12/11/2008 19:28:02 -- 12/11/2008 19:28:02 (DIR) H--- 2 days old -- C:\WINDOWS\$NtUninstallKB955069$

09/08/2008 20:17:31 -- 12/11/2008 19:27:51 (DIR) ---- 2 days old -- C:\WINDOWS\WinSxS

09/08/2008 18:55:40 -- 05/11/2008 23:03:48 (DIR) -SR- 9 days old -- C:\WINDOWS\assembly

09/08/2008 20:17:31 -- 05/11/2008 23:03:07 (DIR) -SR- 9 days old -- C:\WINDOWS\Fonts

09/08/2008 20:17:31 -- 05/11/2008 19:03:14 (DIR) -S-- 9 days old -- C:\WINDOWS\Downloaded Program Files

01/11/2008 16:09:46 -- 01/11/2008 16:09:46 (DIR) H--- 13 days old -- C:\WINDOWS\$NtUninstallKB946648$

01/11/2008 16:09:37 -- 01/11/2008 16:09:38 (DIR) H--- 13 days old -- C:\WINDOWS\$NtUninstallKB951978$

09/08/2008 20:17:31 -- 31/10/2008 19:22:55 (DIR) ---- 14 days old -- C:\WINDOWS\ime

31/10/2008 19:20:32 -- 31/10/2008 19:20:33 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB958644$

31/10/2008 19:20:10 -- 31/10/2008 19:20:11 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB957095$

31/10/2008 19:19:48 -- 31/10/2008 19:19:49 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB956841$

31/10/2008 19:19:27 -- 31/10/2008 19:19:28 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB956803$

31/10/2008 19:19:02 -- 31/10/2008 19:19:03 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB954211$

31/10/2008 19:18:41 -- 31/10/2008 19:18:42 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB952954$

31/10/2008 19:18:21 -- 31/10/2008 19:18:22 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB952287$

31/10/2008 19:18:00 -- 31/10/2008 19:18:02 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB951748$

31/10/2008 19:17:40 -- 31/10/2008 19:17:41 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB951698$

31/10/2008 19:17:20 -- 31/10/2008 19:17:21 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB951376-v2$

31/10/2008 19:16:58 -- 31/10/2008 19:16:59 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB951066$

31/10/2008 19:16:38 -- 31/10/2008 19:16:39 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB950974$

31/10/2008 19:16:19 -- 31/10/2008 19:16:20 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB950762$

31/10/2008 19:15:54 -- 31/10/2008 19:15:54 (DIR) H--- 14 days old -- C:\WINDOWS\$NtUninstallKB938464$

09/08/2008 20:17:31 -- 31/10/2008 19:15:37 (DIR) ---- 14 days old -- C:\WINDOWS\security

09/08/2008 20:17:31 -- 31/10/2008 19:12:54 (DIR) ---- 14 days old -- C:\WINDOWS\Network Diagnostic

09/08/2008 20:17:31 -- 31/10/2008 19:12:53 (DIR) ---- 14 days old -- C:\WINDOWS\Help

31/10/2008 19:12:41 -- 31/10/2008 19:12:41 (DIR) ---- 14 days old -- C:\WINDOWS\l2schemas

09/08/2008 20:17:31 -- 31/10/2008 19:12:40 (DIR) ---- 14 days old -- C:\WINDOWS\PeerNet

31/10/2008 19:10:19 -- 31/10/2008 19:10:19 (DIR) ---- 14 days old -- C:\WINDOWS\ServicePackFiles

09/08/2008 20:17:31 -- 31/10/2008 19:10:07 (DIR) ---- 14 days old -- C:\WINDOWS\msagent

09/08/2008 18:52:01 -- 31/10/2008 19:10:05 (DIR) ---- 14 days old -- C:\WINDOWS\srchasst

09/08/2008 20:17:31 -- 31/10/2008 19:09:43 (DIR) ---- 14 days old -- C:\WINDOWS\system

31/10/2008 19:04:56 -- 31/10/2008 19:07:20 (DIR) H--- 14 days old -- C:\WINDOWS\$NtServicePackUninstall$

09/08/2008 20:17:31 -- 31/10/2008 19:04:55 (DIR) ---- 14 days old -- C:\WINDOWS\ehome

24/10/2008 13:16:51 -- 24/10/2008 13:16:51 (DIR) H--- 21 days old -- C:\WINDOWS\$NtUninstallKB958644_0$

23/10/2008 20:00:09 -- 23/10/2008 20:00:09 (DIR) H--- 22 days old -- C:\WINDOWS\PIF

15/10/2008 05:48:39 -- 15/10/2008 05:48:39 (DIR) H--- 31 days old -- C:\WINDOWS\$NtUninstallKB956803_0$

15/10/2008 05:48:32 -- 15/10/2008 05:48:32 (DIR) H--- 31 days old -- C:\WINDOWS\$NtUninstallKB956391$

15/10/2008 05:48:26 -- 15/10/2008 05:48:26 (DIR) H--- 31 days old -- C:\WINDOWS\$NtUninstallKB957095_0$

15/10/2008 05:47:55 -- 15/10/2008 05:47:55 (DIR) H--- 31 days old -- C:\WINDOWS\$NtUninstallKB954211_0$

15/10/2008 05:47:42 -- 15/10/2008 05:47:43 (DIR) H--- 31 days old -- C:\WINDOWS\$NtUninstallKB956841_0$

02/10/2008 15:21:07 -- 02/10/2008 15:21:07 (DIR) ---- 43 days old -- C:\WINDOWS\Sun

20/09/2008 19:33:29 -- 20/09/2008 19:33:29 (DIR) ---- 55 days old -- C:\WINDOWS\Minidump

09/08/2008 18:52:50 -- 15/11/2008 12:05:44 1494720 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log

09/08/2008 20:32:16 -- 15/11/2008 12:05:10 1696816 ---A 0 days old -- C:\WINDOWS\MedCtrOC.log

09/08/2008 19:14:40 -- 15/11/2008 12:04:40 0 ---A 0 days old -- C:\WINDOWS\0.log

09/08/2008 18:57:27 -- 15/11/2008 12:03:43 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat

09/08/2008 18:58:35 -- 15/11/2008 02:07:35 32590 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt

09/08/2008 19:17:16 -- 15/11/2008 02:07:26 4958588 ---A 0 days old -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.BAK

09/08/2008 19:16:18 -- 15/11/2008 02:07:26 4958588 ---A 0 days old -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF

09/08/2008 20:30:00 -- 15/11/2008 00:20:07 212949 ---A 0 days old -- C:\WINDOWS\setupact.log

10/08/2008 22:58:49 -- 15/11/2008 00:16:16 476910 ---A 0 days old -- C:\WINDOWS\ntbtlog.txt

28/09/2001 21:00:00 -- 14/11/2008 20:53:44 264 ---A 0 days old -- C:\WINDOWS\system.ini

09/08/2008 20:37:22 -- 13/11/2008 23:05:10 50 ---A 1 days old -- C:\WINDOWS\wiaservc.log

09/08/2008 20:37:22 -- 13/11/2008 23:05:09 216 ---A 1 days old -- C:\WINDOWS\wiadebug.log

12/11/2008 06:45:57 -- 12/11/2008 20:50:01 250 ---A 2 days old -- C:\WINDOWS\gmer.ini

09/08/2008 20:32:13 -- 12/11/2008 19:28:22 345272 ---A 2 days old -- C:\WINDOWS\FaxSetup.log

09/08/2008 20:32:16 -- 12/11/2008 19:28:21 20223 ---A 2 days old -- C:\WINDOWS\tabletoc.log

09/08/2008 20:32:13 -- 12/11/2008 19:28:21 208306 ---A 2 days old -- C:\WINDOWS\ocgen.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 19120 ---A 2 days old -- C:\WINDOWS\msgsocm.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 136072 ---A 2 days old -- C:\WINDOWS\msmqinst.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 178382 ---A 2 days old -- C:\WINDOWS\tsoc.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 114962 ---A 2 days old -- C:\WINDOWS\comsetup.log

12/11/2008 19:28:17 -- 12/11/2008 19:28:21 7334 ---A 2 days old -- C:\WINDOWS\KB957097.log

09/08/2008 20:32:13 -- 12/11/2008 19:28:21 387404 ---A 2 days old -- C:\WINDOWS\iis6.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 71400 ---A 2 days old -- C:\WINDOWS\ntdtcsetup.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:21 593 ---A 2 days old -- C:\WINDOWS\imsins.log

09/08/2008 20:32:14 -- 12/11/2008 19:28:15 593 ---A 2 days old -- C:\WINDOWS\imsins.BAK

12/11/2008 11:15:33 -- 12/11/2008 19:28:15 11291 ---A 2 days old -- C:\WINDOWS\KB954459.log

12/11/2008 19:27:54 -- 12/11/2008 19:28:08 7668 ---A 2 days old -- C:\WINDOWS\KB955069.log

09/08/2008 20:49:59 -- 12/11/2008 19:28:04 122752 ---A 2 days old -- C:\WINDOWS\updspapi.log

12/11/2008 19:27:46 -- 12/11/2008 19:27:52 308112 ---A 2 days old -- C:\WINDOWS\msxml4-KB954430-enu.LOG

12/11/2008 06:45:54 -- 12/11/2008 06:45:54 884736 ---A 3 days old -- C:\WINDOWS\gmer.dll

12/11/2008 06:45:54 -- 17/04/2008 21:13:02 811008 ---A 3 days old -- C:\WINDOWS\gmer.exe

12/11/2008 06:45:54 -- 12/11/2008 06:45:54 80 ---A 3 days old -- C:\WINDOWS\gmer_uninstall.cmd

10/11/2008 19:35:50 -- 31/08/2000 08:00:00 28672 ---A 4 days old -- C:\WINDOWS\NIRCMD.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 80412 ---A 4 days old -- C:\WINDOWS\grep.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 212480 ---A 4 days old -- C:\WINDOWS\SWXCACLS.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 161792 ---A 4 days old -- C:\WINDOWS\SWREG.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 89504 ---A 4 days old -- C:\WINDOWS\fdsv.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 98816 ---A 4 days old -- C:\WINDOWS\sed.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 49152 ---A 4 days old -- C:\WINDOWS\VFIND.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 136704 ---A 4 days old -- C:\WINDOWS\SWSC.exe

10/11/2008 19:11:53 -- 31/08/2000 08:00:00 68096 ---A 4 days old -- C:\WINDOWS\zip.exe

10/08/2008 23:37:12 -- 09/11/2008 16:53:35 69 ---A 5 days old -- C:\WINDOWS\NeroDigital.ini

09/08/2008 21:06:56 -- 07/11/2008 14:50:34 306299 ---A 7 days old -- C:\WINDOWS\setupapi.log

01/11/2008 16:09:46 -- 01/11/2008 16:09:49 6664 ---A 13 days old -- C:\WINDOWS\KB946648.log

01/11/2008 12:23:50 -- 01/11/2008 16:09:44 12260 ---A 13 days old -- C:\WINDOWS\KB951978.log

10/08/2008 18:43:13 -- 31/10/2008 19:27:05 11644 ---A 14 days old -- C:\WINDOWS\DPINST.LOG

09/08/2008 18:53:55 -- 31/10/2008 19:23:16 1172 ---A 14 days old -- C:\WINDOWS\OEWABLog.txt

09/08/2008 20:29:58 -- 31/10/2008 19:22:49 918587 ---A 14 days old -- C:\WINDOWS\setuplog.txt

09/08/2008 20:32:16 -- 31/10/2008 19:20:48 18177 ---A 14 days old -- C:\WINDOWS\ocmsn.log

19/08/2008 09:59:01 -- 31/10/2008 19:20:48 604969 ---A 14 days old -- C:\WINDOWS\svcpack.log

24/10/2008 13:16:42 -- 31/10/2008 19:20:47 198566 ---A 14 days old -- C:\WINDOWS\KB958644.log

15/10/2008 05:48:24 -- 31/10/2008 19:20:22 203013 ---A 14 days old -- C:\WINDOWS\KB957095.log

15/10/2008 05:47:35 -- 31/10/2008 19:19:59 201519 ---A 14 days old -- C:\WINDOWS\KB956841.log

15/10/2008 05:48:38 -- 31/10/2008 19:19:38 203274 ---A 14 days old -- C:\WINDOWS\KB956803.log

15/10/2008 05:47:54 -- 31/10/2008 19:19:13 197805 ---A 14 days old -- C:\WINDOWS\KB954211.log

14/08/2008 08:47:59 -- 31/10/2008 19:18:51 210135 ---A 14 days old -- C:\WINDOWS\KB952954.log

14/08/2008 09:58:25 -- 31/10/2008 19:18:31 201815 ---A 14 days old -- C:\WINDOWS\KB952287.log

09/08/2008 20:39:16 -- 31/10/2008 19:18:12 215575 ---A 14 days old -- C:\WINDOWS\KB951748.log

09/08/2008 20:41:23 -- 31/10/2008 19:17:50 207932 ---A 14 days old -- C:\WINDOWS\KB951698.log

09/08/2008 20:52:09 -- 31/10/2008 19:17:31 205583 ---A 14 days old -- C:\WINDOWS\KB951376-v2.log

14/08/2008 08:46:48 -- 31/10/2008 19:17:11 33009 ---A 14 days old -- C:\WINDOWS\KB951072-v2.log

14/08/2008 09:57:45 -- 31/10/2008 19:17:09 198033 ---A 14 days old -- C:\WINDOWS\KB951066.log

14/08/2008 08:47:24 -- 31/10/2008 19:16:48 211314 ---A 14 days old -- C:\WINDOWS\KB950974.log

09/08/2008 20:50:30 -- 31/10/2008 19:16:29 200048 ---A 14 days old -- C:\WINDOWS\KB950762.log

09/08/2008 20:51:17 -- 31/10/2008 19:16:05 23113 ---A 14 days old -- C:\WINDOWS\KB942763.log

10/09/2008 11:35:49 -- 31/10/2008 19:16:03 195036 ---A 14 days old -- C:\WINDOWS\KB938464.log

09/08/2008 18:49:07 -- 31/10/2008 19:13:46 373 ---A 14 days old -- C:\WINDOWS\cmsetacl.log

09/08/2008 20:02:03 -- 31/10/2008 19:13:42 168526 ---A 14 days old -- C:\WINDOWS\spupdsvc.log

09/08/2008 18:51:26 -- 31/10/2008 19:13:34 1334 ---A 14 days old -- C:\WINDOWS\sessmgr.setup.log

09/08/2008 20:32:16 -- 31/10/2008 19:07:32 52604 ---A 14 days old -- C:\WINDOWS\netfxocm.log

31/10/2008 12:43:28 -- 14/04/2008 17:05:20 32866 ---- 14 days old -- C:\WINDOWS\slrundll.exe

31/10/2008 12:42:12 -- 28/12/2006 20:01:31 19569 ---A 14 days old -- C:\WINDOWS\002899_.tmp

09/08/2008 18:50:45 -- 25/10/2008 11:30:44 50450 ---A 21 days old -- C:\WINDOWS\wmsetup.log

10/08/2008 23:12:47 -- 21/10/2008 19:52:40 1424 ---A 24 days old -- C:\WINDOWS\mozver.dat

15/10/2008 05:48:32 -- 15/10/2008 05:48:35 11811 ---A 31 days old -- C:\WINDOWS\KB956391.log

15/10/2008 05:39:30 -- 15/10/2008 05:48:22 29786 ---A 31 days old -- C:\WINDOWS\KB956390-IE7.log

11/08/2008 11:36:31 -- 14/10/2008 06:03:23 10647 ---A 32 days old -- C:\WINDOWS\KB892130.log

 

---- recent files in C:\WINDOWS\system

---- recent files in C:\WINDOWS\system3209/08/2008 20:17:31 -- 14/11/2008 21:39:42 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers

09/08/2008 20:30:27 -- 14/11/2008 19:46:27 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2

09/08/2008 18:53:50 -- 12/11/2008 22:36:41 (DIR) ---- 2 days old -- C:\WINDOWS\system32\dllcache

09/08/2008 20:17:31 -- 07/11/2008 16:25:27 (DIR) ---- 7 days old -- C:\WINDOWS\system32\config

09/08/2008 20:17:31 -- 31/10/2008 19:22:55 (DIR) ---- 14 days old -- C:\WINDOWS\system32\wbem

31/10/2008 19:22:54 -- 31/10/2008 19:22:54 (DIR) ---- 14 days old -- C:\WINDOWS\system32\xircom

09/08/2008 20:17:31 -- 31/10/2008 19:22:09 (DIR) ---- 14 days old -- C:\WINDOWS\system32\Setup

09/08/2008 20:30:27 -- 31/10/2008 19:20:35 (DIR) ---- 14 days old -- C:\WINDOWS\system32\CatRoot

09/08/2008 20:17:31 -- 31/10/2008 19:12:54 (DIR) ---- 14 days old -- C:\WINDOWS\system32\inetsrv

09/08/2008 20:17:31 -- 31/10/2008 19:12:42 (DIR) ---- 14 days old -- C:\WINDOWS\system32\usmt

09/08/2008 20:17:31 -- 31/10/2008 19:12:42 (DIR) ---- 14 days old -- C:\WINDOWS\system32\sv-se

31/10/2008 19:12:40 -- 31/10/2008 19:12:41 (DIR) ---- 14 days old -- C:\WINDOWS\system32\sv

31/10/2008 19:12:40 -- 31/10/2008 19:12:40 (DIR) ---- 14 days old -- C:\WINDOWS\system32\bits

09/08/2008 18:51:46 -- 31/10/2008 19:10:08 (DIR) ---- 14 days old -- C:\WINDOWS\system32\Restore

09/08/2008 20:17:31 -- 31/10/2008 19:10:08 (DIR) ---- 14 days old -- C:\WINDOWS\system32\npp

09/08/2008 18:49:37 -- 31/10/2008 19:10:03 (DIR) ---- 14 days old -- C:\WINDOWS\system32\Com

09/08/2008 20:17:31 -- 31/10/2008 19:09:45 (DIR) ---- 14 days old -- C:\WINDOWS\system32\oobe

09/08/2008 19:16:02 -- 15/11/2008 02:07:55 30888 ---A 0 days old -- C:\WINDOWS\system32\BMXState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:16:02 -- 15/11/2008 02:07:55 30888 ---A 0 days old -- C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:16:02 -- 15/11/2008 02:07:55 30528 ---A 0 days old -- C:\WINDOWS\system32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:17:26 -- 15/11/2008 02:07:55 1080 ---A 0 days old -- C:\WINDOWS\system32\settings.sfm

09/08/2008 19:16:02 -- 15/11/2008 02:07:55 11564 ---A 0 days old -- C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

09/08/2008 19:17:26 -- 15/11/2008 02:07:55 1080 ---A 0 days old -- C:\WINDOWS\system32\settingsbkup.sfm

09/08/2008 19:16:02 -- 15/11/2008 02:07:55 30528 ---A 0 days old -- C:\WINDOWS\system32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-20061102}.rfx

10/11/2008 19:06:19 -- 15/11/2008 00:17:20 0 ---A 0 days old -- C:\WINDOWS\system32\tmp.txt

10/11/2008 19:06:19 -- 15/11/2008 00:17:20 3426 ---A 0 days old -- C:\WINDOWS\system32\tmp.reg

15/11/2008 00:16:50 -- 29/08/2006 18:43:54 135168 ---A 0 days old -- C:\WINDOWS\system32\swreg.exe

15/11/2008 00:16:50 -- 09/01/2006 09:36:06 40960 ---A 0 days old -- C:\WINDOWS\system32\swsc.exe

15/11/2008 00:16:50 -- 01/12/2006 05:20:32 79360 ---A 0 days old -- C:\WINDOWS\system32\swxcacls.exe

14/11/2008 21:40:43 -- 14/11/2008 21:40:43 14848 ---A 0 days old -- C:\WINDOWS\system32\ncobjaqi.dll

10/11/2008 19:05:43 -- 10/10/2008 07:58:08 82944 ---A 4 days old -- C:\WINDOWS\system32\IEDFix.C.exe

10/11/2008 19:05:43 -- 18/05/2008 20:40:35 82944 ---A 4 days old -- C:\WINDOWS\system32\IEDFix.exe

10/11/2008 19:05:43 -- 18/08/2008 11:19:03 82432 ---A 4 days old -- C:\WINDOWS\system32\404Fix.exe

10/11/2008 19:05:43 -- 01/10/2008 14:51:40 87552 ---A 4 days old -- C:\WINDOWS\system32\VACFix.exe

10/11/2008 19:05:43 -- 10/10/2008 07:58:08 82944 ---A 4 days old -- C:\WINDOWS\system32\o4Patch.exe

10/11/2008 19:05:43 -- 05/09/2007 23:22:23 289144 ---A 4 days old -- C:\WINDOWS\system32\VCCLSID.exe

10/11/2008 19:05:43 -- 03/10/2007 23:36:46 25600 ---A 4 days old -- C:\WINDOWS\system32\WS2Fix.exe

10/11/2008 19:05:42 -- 27/04/2006 16:49:30 288417 ---A 4 days old -- C:\WINDOWS\system32\SrchSTS.exe

10/11/2008 19:05:42 -- 05/06/2003 20:13:00 53248 ---A 4 days old -- C:\WINDOWS\system32\Process.exe

10/11/2008 19:05:42 -- 31/07/2004 17:50:36 51200 ---A 4 days old -- C:\WINDOWS\system32\dumphive.exe

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 404004 ---A 5 days old -- C:\WINDOWS\system32\perfh01D.dat

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 62344 ---A 5 days old -- C:\WINDOWS\system32\perfc009.dat

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 401064 ---A 5 days old -- C:\WINDOWS\system32\perfh009.dat

09/08/2008 20:32:12 -- 09/11/2008 18:40:45 953580 ---A 5 days old -- C:\WINDOWS\system32\PerfStringBackup.INI

28/09/2001 21:00:00 -- 09/11/2008 18:40:45 73728 ---A 5 days old -- C:\WINDOWS\system32\perfc01D.dat

09/08/2008 20:23:24 -- 05/11/2008 23:07:23 292480 ---A 9 days old -- C:\WINDOWS\system32\FNTCACHE.DAT

05/11/2008 23:02:43 -- 10/06/2008 01:21:01 135168 ---A 9 days old -- C:\WINDOWS\system32\java.exe

05/11/2008 23:02:28 -- 05/11/2008 23:02:43 6736 ---A 9 days old -- C:\WINDOWS\system32\jupdate-1.6.0_07-b06.log

05/11/2008 23:02:43 -- 10/06/2008 02:32:34 139264 ---A 9 days old -- C:\WINDOWS\system32\javaws.exe

05/11/2008 23:02:43 -- 10/06/2008 01:21:04 135168 ---A 9 days old -- C:\WINDOWS\system32\javaw.exe

12/08/2008 19:26:11 -- 04/11/2008 01:10:25 17318336 ---A 11 days old -- C:\WINDOWS\system32\MRT.exe

28/09/2001 21:00:00 -- 31/10/2008 19:22:51 2206 ---A 14 days old -- C:\WINDOWS\system32\wpa.dbl

31/10/2008 19:15:40 -- 31/10/2008 19:20:47 2979 ---A 14 days old -- C:\WINDOWS\system32\spupdsvc.inf

31/10/2008 12:44:04 -- 14/04/2008 17:04:54 276992 ---- 14 days old -- C:\WINDOWS\system32\wmphoto.dll

31/10/2008 12:44:01 -- 14/04/2008 17:04:54 69120 ---- 14 days old -- C:\WINDOWS\system32\wlanapi.dll

31/10/2008 12:43:59 -- 14/04/2008 17:04:54 346112 ---- 14 days old -- C:\WINDOWS\system32\windowscodecsext.dll

31/10/2008 12:43:59 -- 14/04/2008 17:04:54 712704 ---- 14 days old -- C:\WINDOWS\system32\windowscodecs.dll

31/10/2008 12:43:54 -- 14/04/2008 17:05:25 28672 ---- 14 days old -- C:\WINDOWS\system32\vidcap.ax

31/10/2008 12:43:46 -- 14/04/2008 17:04:53 50688 ---- 14 days old -- C:\WINDOWS\system32\tspkg.dll

31/10/2008 12:43:33 -- 14/04/2008 17:05:20 20992 ---- 14 days old -- C:\WINDOWS\system32\spupdwxp.exe

31/10/2008 12:43:31 -- 14/04/2008 17:05:20 7680 ---A 14 days old -- C:\WINDOWS\system32\spdwnwxp.exe

31/10/2008 12:43:28 -- 14/04/2008 17:05:20 73796 ---- 14 days old -- C:\WINDOWS\system32\slserv.exe

31/10/2008 12:43:28 -- 14/04/2008 17:04:48 188508 ---- 14 days old -- C:\WINDOWS\system32\slgen.dll

31/10/2008 12:43:28 -- 14/04/2008 17:05:20 32866 ---- 14 days old -- C:\WINDOWS\system32\slrundll.exe

31/10/2008 12:43:28 -- 14/04/2008 17:04:48 73832 ---- 14 days old -- C:\WINDOWS\system32\slcoinst.dll

31/10/2008 12:43:28 -- 14/04/2008 17:04:48 286792 ---- 14 days old -- C:\WINDOWS\system32\slextspk.dll

31/10/2008 12:43:25 -- 14/04/2008 17:05:19 32768 ---- 14 days old -- C:\WINDOWS\system32\setupn.exe

31/10/2008 12:43:20 -- 14/04/2008 17:04:47 397056 ---- 14 days old -- C:\WINDOWS\system32\s3gnb.dll

31/10/2008 12:43:14 -- 14/04/2008 17:04:47 61952 ---- 14 days old -- C:\WINDOWS\system32\rasqec.dll

31/10/2008 12:43:14 -- 14/04/2008 17:04:47 76800 ---- 14 days old -- C:\WINDOWS\system32\qutil.dll

31/10/2008 12:43:13 -- 14/04/2008 17:04:47 291328 ---- 14 days old -- C:\WINDOWS\system32\qagentrt.dll

31/10/2008 12:43:13 -- 14/04/2008 17:04:47 62464 ---- 14 days old -- C:\WINDOWS\system32\qcliprov.dll

31/10/2008 12:43:13 -- 14/04/2008 17:04:47 150528 ---- 14 days old -- C:\WINDOWS\system32\qagent.dll

31/10/2008 12:43:11 -- 14/04/2008 17:04:47 412160 ---- 14 days old -- C:\WINDOWS\system32\photometadatahandler.dll

31/10/2008 12:43:08 -- 14/04/2008 17:04:47 144384 ---- 14 days old -- C:\WINDOWS\system32\onex.dll

31/10/2008 12:43:06 -- 14/04/2008 17:04:45 4274816 ---- 14 days old -- C:\WINDOWS\system32\nv4_disp.dll

31/10/2008 12:42:59 -- 14/04/2008 17:05:14 176128 ---- 14 days old -- C:\WINDOWS\system32\napstat.exe

31/10/2008 12:42:59 -- 14/04/2008 17:04:44 194048 ---- 14 days old -- C:\WINDOWS\system32\napmontr.dll

31/10/2008 12:42:59 -- 14/04/2008 17:04:44 30208 ---- 14 days old -- C:\WINDOWS\system32\napipsec.dll

31/10/2008 12:42:59 -- 14/04/2008 17:04:44 1737856 ---- 14 days old -- C:\WINDOWS\system32\mtxparhd.dll

31/10/2008 12:42:58 -- 14/04/2008 16:41:48 79872 ---- 14 days old -- C:\WINDOWS\system32\msxml6r.dll

31/10/2008 12:42:58 -- 10/09/2008 02:16:22 1307648 ---- 14 days old -- C:\WINDOWS\system32\msxml6.dll

31/10/2008 12:42:56 -- 14/04/2008 16:41:04 77312 ---- 14 days old -- C:\WINDOWS\system32\msshavmsg.dll

31/10/2008 12:42:56 -- 14/04/2008 17:04:44 155136 ---- 14 days old -- C:\WINDOWS\system32\mssha.dll

31/10/2008 12:42:45 -- 14/04/2008 17:05:11 33792 ---- 14 days old -- C:\WINDOWS\system32\mmcperf.exe

31/10/2008 12:42:44 -- 14/04/2008 17:04:41 397312 ---- 14 days old -- C:\WINDOWS\system32\mmcex.dll

31/10/2008 12:42:44 -- 14/04/2008 17:04:41 184320 ---- 14 days old -- C:\WINDOWS\system32\microsoft.managementconsole.dll

31/10/2008 12:42:44 -- 14/04/2008 17:04:41 106496 ---- 14 days old -- C:\WINDOWS\system32\mmcfxcommon.dll

31/10/2008 12:42:42 -- 14/04/2008 17:04:41 86016 ---- 14 days old -- C:\WINDOWS\system32\mdmxsdk.dll

31/10/2008 12:42:33 -- 14/04/2008 17:04:40 37376 ---- 14 days old -- C:\WINDOWS\system32\l2gpstore.dll

31/10/2008 12:42:33 -- 14/04/2008 17:04:40 61440 ---- 14 days old -- C:\WINDOWS\system32\kmsvc.dll

31/10/2008 12:42:26 -- 14/04/2008 17:04:47 9728 ---- 14 days old -- C:\WINDOWS\system32\rwnh.dll

31/10/2008 12:42:26 -- 14/04/2008 16:46:22 1950 ---- 14 days old -- C:\WINDOWS\system32\pid.inf

31/10/2008 12:42:26 -- 14/04/2008 17:04:48 10752 ---- 14 days old -- C:\WINDOWS\system32\smtpapi.dll

31/10/2008 12:42:23 -- 13/04/2008 19:43:32 9728 ---- 14 days old -- C:\WINDOWS\system32\comsdupd.exe

31/10/2008 12:42:19 -- 14/04/2008 17:04:38 32285 ---- 14 days old -- C:\WINDOWS\system32\hsfcisp2.dll

31/10/2008 12:42:12 -- 14/04/2008 17:05:06 20992 ---- 14 days old -- C:\WINDOWS\system32\faxpatch.exe

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 58880 ---- 14 days old -- C:\WINDOWS\system32\eapqec.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 30720 ---- 14 days old -- C:\WINDOWS\system32\eapolqec.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 33280 ---- 14 days old -- C:\WINDOWS\system32\eapsvc.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 184832 ---- 14 days old -- C:\WINDOWS\system32\eapp3hst.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 40960 ---- 14 days old -- C:\WINDOWS\system32\eappprxy.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 180224 ---- 14 days old -- C:\WINDOWS\system32\eapphost.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 126976 ---- 14 days old -- C:\WINDOWS\system32\eappcfg.dll

31/10/2008 12:42:10 -- 14/04/2008 17:04:37 94208 ---- 14 days old -- C:\WINDOWS\system32\eappgnui.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 132608 ---- 14 days old -- C:\WINDOWS\system32\dot3svc.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 56320 ---- 14 days old -- C:\WINDOWS\system32\dot3msm.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 59392 ---- 14 days old -- C:\WINDOWS\system32\dot3cfg.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 26112 ---- 14 days old -- C:\WINDOWS\system32\dot3api.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 651264 ---- 14 days old -- C:\WINDOWS\system32\dot3ui.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 39936 ---- 14 days old -- C:\WINDOWS\system32\dot3gpclnt.dll

31/10/2008 12:42:08 -- 14/04/2008 17:04:36 9216 ---- 14 days old -- C:\WINDOWS\system32\dot3dlg.dll

31/10/2008 12:42:06 -- 14/04/2008 17:04:36 39936 ---- 14 days old -- C:\WINDOWS\system32\dimsroam.dll

31/10/2008 12:42:06 -- 14/04/2008 17:04:36 19456 ---- 14 days old -- C:\WINDOWS\system32\dimsntfy.dll

31/10/2008 12:42:06 -- 14/04/2008 17:04:36 48640 ---- 14 days old -- C:\WINDOWS\system32\dhcpqec.dll

31/10/2008 12:42:04 -- 14/04/2008 17:04:35 12800 ---- 14 days old -- C:\WINDOWS\system32\credssp.dll

31/10/2008 12:42:01 -- 14/04/2008 17:04:35 7168 ---- 14 days old -- C:\WINDOWS\system32\bitsprx4.dll

31/10/2008 12:42:00 -- 14/04/2008 17:04:35 233472 ---- 14 days old -- C:\WINDOWS\system32\azroles.dll

31/10/2008 12:41:59 -- 14/04/2008 17:05:25 9728 ---- 14 days old -- C:\WINDOWS\system32\ativdaxx.ax

31/10/2008 12:41:59 -- 14/04/2008 17:05:25 23040 ---- 14 days old -- C:\WINDOWS\system32\ativmvxx.ax

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 32768 ---- 14 days old -- C:\WINDOWS\system32\ativtmxx.dll

31/10/2008 12:41:58 -- 14/04/2008 17:04:35 870784 ---- 14 days old -- C:\WINDOWS\system32\ati3d1ag.dll

31/10/2008 12:41:58 -- 14/04/2008 17:04:35 377984 ---- 14 days old -- C:\WINDOWS\system32\ati2dvaa.dll

21/10/2008 19:52:24 -- 22/02/2008 15:52:06 107760 ---A 24 days old -- C:\WINDOWS\system32\iidplg.dll

27/05/2007 17:02:29 -- 15/10/2008 17:38:27 337408 ---A 30 days old -- C:\WINDOWS\system32\netapi32.dll

27/05/2007 17:12:11 -- 03/10/2008 18:26:34 6066176 ---A 42 days old -- C:\WINDOWS\system32\ieframe.dll

30/09/2008 16:43:34 -- 30/09/2008 16:43:34 1286152 ---A 45 days old -- C:\WINDOWS\system32\msxml4.dll

29/09/2008 17:52:58 -- 20/08/2007 12:42:58 75016 ---A 46 days old -- C:\WINDOWS\system32\isafprod.dll

27/05/2007 16:58:36 -- 15/09/2008 16:27:59 1846400 ---A 60 days old -- C:\WINDOWS\system32\win32k.sys

 

---- recent files in C:\WINDOWS\system32\drivers09/08/2008 20:17:31 -- 12/11/2008 22:37:33 (DIR) ---- 2 days old -- C:\WINDOWS\system32\drivers\etc

09/08/2008 19:55:59 -- 29/09/2008 20:49:01 (DIR) ---- 46 days old -- C:\WINDOWS\system32\drivers\UMDF

12/11/2008 06:45:54 -- 12/11/2008 06:45:54 85969 ---A 3 days old -- C:\WINDOWS\system32\drivers\gmer.sys

09/11/2008 20:11:13 -- 22/10/2008 16:10:22 15504 ---A 5 days old -- C:\WINDOWS\system32\drivers\mbam.sys

09/11/2008 20:11:10 -- 22/10/2008 16:10:38 38496 ---A 5 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

31/10/2008 12:43:56 -- 13/04/2008 19:43:55 14208 ---- 14 days old -- C:\WINDOWS\system32\drivers\wacompen.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:40 11807 ---- 14 days old -- C:\WINDOWS\system32\drivers\wadv07nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:46 22271 ---- 14 days old -- C:\WINDOWS\system32\drivers\watv06nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:42 11935 ---- 14 days old -- C:\WINDOWS\system32\drivers\wadv11nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:40 11295 ---- 14 days old -- C:\WINDOWS\system32\drivers\wadv08nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:46 25471 ---- 14 days old -- C:\WINDOWS\system32\drivers\watv10nt.sys

31/10/2008 12:43:56 -- 03/08/2004 22:29:42 11871 ---- 14 days old -- C:\WINDOWS\system32\drivers\wadv09nt.sys

31/10/2008 12:43:54 -- 13/04/2008 19:36:40 42240 ---- 14 days old -- C:\WINDOWS\system32\drivers\viaagp.sys

31/10/2008 12:43:53 -- 14/04/2008 17:04:53 11325 ---- 14 days old -- C:\WINDOWS\system32\drivers\vchnt5.dll

31/10/2008 12:43:51 -- 13/04/2008 19:46:20 121984 ---- 14 days old -- C:\WINDOWS\system32\drivers\usbvideo.sys

31/10/2008 12:43:50 -- 13/04/2008 19:56:49 12800 ---- 14 days old -- C:\WINDOWS\system32\drivers\usb8023x.sys

31/10/2008 12:43:47 -- 13/04/2008 19:36:40 44672 ---- 14 days old -- C:\WINDOWS\system32\drivers\uagp35.sys

31/10/2008 12:43:29 -- 13/04/2008 19:36:34 5888 ---- 14 days old -- C:\WINDOWS\system32\drivers\smbali.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:44 404990 ---- 14 days old -- C:\WINDOWS\system32\drivers\slntamr.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:46 13240 ---- 14 days old -- C:\WINDOWS\system32\drivers\slwdmsup.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:46 95424 ---- 14 days old -- C:\WINDOWS\system32\drivers\slnthal.sys

31/10/2008 12:43:28 -- 03/08/2004 22:41:42 129535 ---- 14 days old -- C:\WINDOWS\system32\drivers\slnt7554.sys

31/10/2008 12:43:27 -- 14/04/2008 17:04:48 3901 ---- 14 days old -- C:\WINDOWS\system32\drivers\siint5.dll

31/10/2008 12:43:27 -- 13/04/2008 19:36:39 40960 ---- 14 days old -- C:\WINDOWS\system32\drivers\sisagp.sys

31/10/2008 12:43:25 -- 13/04/2008 19:40:48 10240 ---- 14 days old -- C:\WINDOWS\system32\drivers\sffp_mmc.sys

31/10/2008 12:43:20 -- 03/08/2004 22:29:52 166912 ---- 14 days old -- C:\WINDOWS\system32\drivers\s3gnbm.sys

31/10/2008 12:43:17 -- 13/04/2008 19:46:32 59136 ---- 14 days old -- C:\WINDOWS\system32\drivers\rfcomm.sys

31/10/2008 12:43:17 -- 13/04/2008 19:56:49 30592 ---- 14 days old -- C:\WINDOWS\system32\drivers\rndismpx.sys

31/10/2008 12:43:15 -- 03/08/2004 22:41:40 13776 ---- 14 days old -- C:\WINDOWS\system32\drivers\recagent.sys

31/10/2008 12:43:06 -- 03/08/2004 22:29:56 1897408 ---- 14 days old -- C:\WINDOWS\system32\drivers\nv4_mini.sys

31/10/2008 12:43:05 -- 03/08/2004 22:41:40 180360 ---- 14 days old -- C:\WINDOWS\system32\drivers\ntmtlfax.sys

31/10/2008 12:43:02 -- 17/07/2004 11:35:00 67866 ---- 14 days old -- C:\WINDOWS\system32\drivers\netwlan5.img

31/10/2008 12:42:59 -- 03/08/2004 22:29:38 452736 ---- 14 days old -- C:\WINDOWS\system32\drivers\mtxparhm.sys

31/10/2008 12:42:59 -- 13/04/2008 19:43:55 12672 ---- 14 days old -- C:\WINDOWS\system32\drivers\mutohpen.sys

31/10/2008 12:42:58 -- 03/08/2004 22:41:38 1309184 ---- 14 days old -- C:\WINDOWS\system32\drivers\mtlstrm.sys

31/10/2008 12:42:58 -- 03/08/2004 22:41:40 126686 ---- 14 days old -- C:\WINDOWS\system32\drivers\mtlmnt5.sys

31/10/2008 12:42:42 -- 03/08/2004 22:41:56 11868 ---- 14 days old -- C:\WINDOWS\system32\drivers\mdmxsdk.sys

31/10/2008 12:42:24 -- 13/04/2008 19:45:34 46592 ---- 14 days old -- C:\WINDOWS\system32\drivers\irbus.sys

31/10/2008 12:42:19 -- 03/08/2004 22:41:48 220032 ---- 14 days old -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

31/10/2008 12:42:19 -- 03/08/2004 22:41:50 685056 ---- 14 days old -- C:\WINDOWS\system32\drivers\hsfcxts2.sys

31/10/2008 12:42:19 -- 03/08/2004 22:41:56 1041536 ---- 14 days old -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

31/10/2008 12:42:18 -- 13/04/2008 19:45:26 19200 ---- 14 days old -- C:\WINDOWS\system32\drivers\hidir.sys

31/10/2008 12:42:18 -- 14/04/2008 16:38:04 25600 ---- 14 days old -- C:\WINDOWS\system32\drivers\hidbth.sys

31/10/2008 12:42:16 -- 13/04/2008 19:36:40 46464 ---- 14 days old -- C:\WINDOWS\system32\drivers\gagp30kx.sys

31/10/2008 12:42:05 -- 17/07/2004 22:55:24 129045 ---- 14 days old -- C:\WINDOWS\system32\drivers\cxthsfs2.cty

31/10/2008 12:42:02 -- 14/04/2008 17:04:35 15423 ---- 14 days old -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll

31/10/2008 12:42:01 -- 13/04/2008 19:51:34 101120 ---- 14 days old -- C:\WINDOWS\system32\drivers\bthpan.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:33 37888 ---- 14 days old -- C:\WINDOWS\system32\drivers\bthmodem.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:33 17024 ---- 14 days old -- C:\WINDOWS\system32\drivers\bthenum.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:31 36480 ---- 14 days old -- C:\WINDOWS\system32\drivers\bthprint.sys

31/10/2008 12:42:01 -- 13/04/2008 19:46:29 18944 ---- 14 days old -- C:\WINDOWS\system32\drivers\bthusb.sys

31/10/2008 12:41:59 -- 17/07/2004 11:36:24 64352 ---- 14 days old -- C:\WINDOWS\system32\drivers\ativmc20.cod

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 11359 ---- 14 days old -- C:\WINDOWS\system32\drivers\atv02nt5.dll

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 21183 ---- 14 days old -- C:\WINDOWS\system32\drivers\atv01nt5.dll

31/10/2008 12:41:59 -- 03/08/2004 22:29:32 31744 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinxbxx.sys

31/10/2008 12:41:59 -- 03/08/2004 22:29:32 63488 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinxsxx.sys

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 14143 ---- 14 days old -- C:\WINDOWS\system32\drivers\atv06nt5.dll

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 25471 ---- 14 days old -- C:\WINDOWS\system32\drivers\atv04nt5.dll

31/10/2008 12:41:59 -- 14/04/2008 17:04:35 17279 ---- 14 days old -- C:\WINDOWS\system32\drivers\atv10nt5.dll

31/10/2008 12:41:58 -- 03/08/2004 22:29:30 52224 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinraxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:30 14336 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinpdxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:30 13824 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinmdxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 104960 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinrvxx.sys

31/10/2008 12:41:58 -- 04/08/2004 01:07:44 327040 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati2mtaa.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 73216 ---- 14 days old -- C:\WINDOWS\system32\drivers\atintuxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 28672 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinsnxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:32 13824 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinttxx.sys

31/10/2008 12:41:58 -- 03/08/2004 22:29:28 57856 ---- 14 days old -- C:\WINDOWS\system32\drivers\atinbtxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 26367 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1snxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 63663 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1rvxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:30 12047 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1pdxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 21343 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1ttxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 30671 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1raxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:30 56623 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1btxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 34735 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1xsxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:30 11615 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1mdxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 29455 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1xbxx.sys

31/10/2008 12:41:57 -- 03/08/2004 22:29:32 36463 ---- 14 days old -- C:\WINDOWS\system32\drivers\ati1tuxx.sys

31/10/2008 12:41:54 -- 13/04/2008 19:36:39 43008 ---- 14 days old -- C:\WINDOWS\system32\drivers\amdagp.sys

31/10/2008 12:41:54 -- 13/04/2008 19:36:38 42752 ---- 14 days old -- C:\WINDOWS\system32\drivers\alim1541.sys

31/10/2008 12:41:52 -- 13/04/2008 19:36:39 44928 ---- 14 days old -- C:\WINDOWS\system32\drivers\agpcpq.sys

31/10/2008 12:41:52 -- 13/04/2008 19:36:38 42368 ---- 14 days old -- C:\WINDOWS\system32\drivers\agp440.sys

31/10/2008 12:41:52 -- 14/04/2008 17:04:35 3775 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv11nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 4255 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv01nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3135 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv08nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3967 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv02nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3647 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv07nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3711 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv09nt5.dll

31/10/2008 12:41:51 -- 14/04/2008 17:04:35 3615 ---- 14 days old -- C:\WINDOWS\system32\drivers\adv05nt5.dll

27/05/2007 17:04:54 -- 24/10/2008 12:21:09 455296 ---A 22 days old -- C:\WINDOWS\system32\drivers\mrxsmb.sys

29/09/2008 17:53:45 -- 29/09/2008 17:53:34 880560 ---A 46 days old -- C:\WINDOWS\system32\drivers\vetefile.sys

29/09/2008 17:53:45 -- 29/09/2008 17:53:34 108368 ---A 46 days old -- C:\WINDOWS\system32\drivers\veteboot.sys

29/09/2008 17:52:59 -- 20/08/2007 12:42:56 26376 ---A 46 days old -- C:\WINDOWS\system32\drivers\vet-filt.sys

29/09/2008 17:52:59 -- 20/08/2007 12:42:56 32264 ---A 46 days old -- C:\WINDOWS\system32\drivers\vetmonnt.sys

29/09/2008 17:52:59 -- 20/08/2007 12:42:58 21512 ---A 46 days old -- C:\WINDOWS\system32\drivers\vetfddnt.sys

29/09/2008 17:52:59 -- 20/08/2007 12:42:58 21128 ---A 46 days old -- C:\WINDOWS\system32\drivers\vet-rec.sys

 

---- recent files in C:\WINDOWS\temp14/11/2008 21:22:12 -- 15/11/2008 12:03:49 255 ---A 0 days old -- C:\WINDOWS\temp\WGAErrLog.txt

 

---- recent files in C:\Program11/08/2008 21:46:52 -- 15/11/2008 12:07:11 (DIR) ---- 0 days old -- C:\Program\Steam

09/08/2008 20:32:07 -- 14/11/2008 20:51:20 (DIR) ---- 0 days old -- C:\Program\Delade filer

20/08/2008 11:55:58 -- 14/11/2008 14:57:56 (DIR) ---- 0 days old -- C:\Program\World of Warcraft

09/08/2008 19:47:18 -- 13/11/2008 21:46:59 (DIR) ---- 1 days old -- C:\Program\Mozilla Firefox

10/08/2008 17:50:27 -- 10/11/2008 22:24:54 (DIR) ---- 4 days old -- C:\Program\Google

09/11/2008 20:11:09 -- 09/11/2008 20:11:14 (DIR) ---- 5 days old -- C:\Program\Malwarebytes' Anti-Malware

09/11/2008 18:24:57 -- 09/11/2008 18:24:57 (DIR) ---- 5 days old -- C:\Program\Lavasoft

05/11/2008 23:02:59 -- 05/11/2008 23:02:59 (DIR) ---- 9 days old -- C:\Program\JRE

05/11/2008 23:02:55 -- 05/11/2008 23:02:56 (DIR) ---- 9 days old -- C:\Program\OpenOffice.org 3

09/08/2008 19:57:22 -- 05/11/2008 23:02:43 (DIR) ---- 9 days old -- C:\Program\Java

03/11/2008 19:58:47 -- 03/11/2008 21:44:44 (DIR) ---- 11 days old -- C:\Program\Fighters

03/11/2008 19:42:00 -- 03/11/2008 19:42:00 (DIR) ---- 11 days old -- C:\Program\Trend Micro

09/08/2008 18:54:55 -- 01/11/2008 16:09:48 (DIR) ---- 13 days old -- C:\Program\Messenger

31/10/2008 19:22:55 -- 31/10/2008 19:22:55 (DIR) ---- 14 days old -- C:\Program\xerox

31/10/2008 19:22:53 -- 31/10/2008 19:22:53 (DIR) ---- 14 days old -- C:\Program\msn gaming zone

31/10/2008 19:22:50 -- 31/10/2008 19:22:50 (DIR) ---- 14 days old -- C:\Program\microsoft frontpage

09/08/2008 18:51:53 -- 31/10/2008 19:12:40 (DIR) ---- 14 days old -- C:\Program\Movie Maker

09/08/2008 18:51:43 -- 31/10/2008 19:10:05 (DIR) ---- 14 days old -- C:\Program\NetMeeting

09/08/2008 18:49:41 -- 31/10/2008 19:10:01 (DIR) ---- 14 days old -- C:\Program\Windows NT

09/08/2008 18:50:45 -- 31/10/2008 19:10:01 (DIR) ---- 14 days old -- C:\Program\Windows Media Player

09/08/2008 18:51:40 -- 31/10/2008 19:10:00 (DIR) ---- 14 days old -- C:\Program\Outlook Express

20/10/2008 21:21:00 -- 20/10/2008 21:21:00 (DIR) ---- 25 days old -- C:\Program\DirectVobSub

09/08/2008 18:51:31 -- 15/10/2008 05:48:15 (DIR) ---- 31 days old -- C:\Program\Internet Explorer

30/09/2008 17:56:36 -- 14/10/2008 15:33:35 (DIR) ---- 31 days old -- C:\Program\Warcraft III

10/08/2008 20:57:55 -- 19/09/2008 19:00:35 (DIR) -S-- 56 days old -- C:\Program\HLSW

 

---- recent files in C:\Program\Delade filer10/08/2008 20:01:28 -- 09/11/2008 18:24:37 (DIR) ---- 5 days old -- C:\Program\Delade filer\Wise Installation Wizard

09/08/2008 18:51:35 -- 31/10/2008 19:09:57 (DIR) ---- 14 days old -- C:\Program\Delade filer\System

09/08/2008 20:32:08 -- 13/10/2008 05:51:08 (DIR) ---- 33 days old -- C:\Program\Delade filer\Microsoft Shared

20/08/2008 11:56:02 -- 30/09/2008 18:03:05 (DIR) ---- 45 days old -- C:\Program\Delade filer\Blizzard Entertainment

 

---- recent files in C:\Documents and Settings\Stefan\Application Data10/08/2008 20:57:55 -- 14/11/2008 22:49:52 (DIR) ---- 0 days old -- C:\Documents and Settings\Stefan\Application Data\HLSW

30/09/2008 19:31:10 -- 13/11/2008 20:32:10 (DIR) ---- 1 days old -- C:\Documents and Settings\Stefan\Application Data\iid

10/08/2008 19:21:49 -- 12/11/2008 23:06:37 (DIR) ---- 2 days old -- C:\Documents and Settings\Stefan\Application Data\uTorrent

09/11/2008 20:11:16 -- 09/11/2008 20:11:16 (DIR) ---- 5 days old -- C:\Documents and Settings\Stefan\Application Data\Malwarebytes

05/11/2008 23:04:16 -- 05/11/2008 23:04:16 (DIR) ---- 9 days old -- C:\Documents and Settings\Stefan\Application Data\OpenOffice.org

12/08/2008 13:51:30 -- 04/11/2008 16:50:09 (DIR) ---- 10 days old -- C:\Documents and Settings\Stefan\Application Data\Skype

12/08/2008 13:52:32 -- 04/11/2008 16:48:55 (DIR) ---- 10 days old -- C:\Documents and Settings\Stefan\Application Data\skypePM

10/09/2008 18:18:26 -- 03/11/2008 20:44:53 (DIR) ---- 11 days old -- C:\Documents and Settings\Stefan\Application Data\dvdcss

02/10/2008 15:21:07 -- 02/10/2008 15:21:07 (DIR) ---- 43 days old -- C:\Documents and Settings\Stefan\Application Data\Sun

03/11/2008 19:57:56 -- 03/11/2008 20:00:42 2668368 ---A 11 days old -- C:\Documents and Settings\Stefan\Application Data\install.txt

 

---- recent files in C:\Documents and Settings\Stefan\Lokala inställningar\Application Data10/08/2008 17:50:54 -- 10/11/2008 22:25:06 (DIR) ---- 4 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Google

09/08/2008 19:14:37 -- 10/11/2008 22:18:06 (DIR) -S-- 4 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\Microsoft

20/08/2008 22:34:39 -- 12/11/2008 23:39:29 18944 ---A 2 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

09/08/2008 20:48:24 -- 05/11/2008 23:08:37 74696 ---A 9 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

09/08/2008 19:21:06 -- 14/10/2008 22:03:03 2109404 H--A 31 days old -- C:\Documents and Settings\Stefan\Lokala inställningar\Application Data\IconCache.db

 

==========================================

Scan completed in 0 minutes

End of report

 

 

~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~

SystemScan uses some freeware tools that remain property of their authors:

 

* SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts "

* dumphive (Markus Stephany)--> "Registry scan"

* Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules"

* Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record"

---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log

 

Thanks to all of them for their hard work

 

[/log]

 

[Cecilia]

Jag fick förslag från zipp om Mwav-skanningen, det kan vara bra i väntan på att 927 kollar den nya loggen:

Ladda ner denna skanner till Skrivbordet:

http://www.spywareinfo.dk/download/mwav.exe

 

Dubbelklicka på mwav.exe, sen klicka Unzip och den skapar automatiskt en ny mapp C:\Kaspersky

Sen öppna Kaspersky-mappen och dubbelklicka på kavupd.exe och leta uppdateringar.

När den är klar så tryck på nån tangent och det blir automatiskt 2 nya mappar på C:

C:\Bases

C:\Downloads

 

Öppna Downloads-mappen och markera alla filer och Redigera-Klipp ut

Klicka på Kaspersky-mappen och Redigera - Klistra in och svara ja till alla.

Sen öppna Kaspersky-mappen och dubbelklicka på mwavscan.com.

Bocka i Drive och Scan All Files.

Sen klicka på Start Clean och låt den scanna klart (kan ta några timmar).

Kopiera det som blir i nedre fönstret genom att markera (måla) alla rader och välja Ctrl+C (kopiera).

 

Klistra in detta från det nedre fönstret i ditt svar här.

 

[Cecilia]

Skanna C:\WINDOWS\002899_.tmp på virustotal-sidan.

 

När märkte du att det fanns något skadligt i datorn?

 

[dusc]

Märket det för ca 2-3v

v-scanlog[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.14.3 2008.11.14 -

AntiVir 7.9.0.31 2008.11.14 -

Authentium 5.1.0.4 2008.11.15 -

Avast 4.8.1281.0 2008.11.14 -

AVG 8.0.0.199 2008.11.14 -

BitDefender 7.2 2008.11.15 -

CAT-QuickHeal 10.00 2008.11.15 -

ClamAV 0.94.1 2008.11.15 -

DrWeb 4.44.0.09170 2008.11.15 -

eSafe 7.0.17.0 2008.11.13 -

eTrust-Vet 31.6.6210 2008.11.14 -

Ewido 4.0 2008.11.15 -

F-Prot 4.4.4.56 2008.11.14 -

F-Secure 8.0.14332.0 2008.11.15 -

Fortinet 3.117.0.0 2008.11.15 -

GData 19 2008.11.15 -

Ikarus T3.1.1.45.0 2008.11.15 -

K7AntiVirus 7.10.526 2008.11.15 -

Kaspersky 7.0.0.125 2008.11.15 -

McAfee 5434 2008.11.14 -

Microsoft 1.4104 2008.11.15 -

NOD32 3615 2008.11.15 -

Norman 5.80.02 2008.11.14 -

Panda 9.0.0.4 2008.11.14 -

PCTools 4.4.2.0 2008.11.15 -

Prevx1 V2 2008.11.15 -

Rising 21.03.42.00 2008.11.14 -

SecureWeb-Gateway 6.7.6 2008.11.14 -

Sophos 4.35.0 2008.11.15 -

Sunbelt 3.1.1801.2 2008.11.14 -

Symantec 10 2008.11.15 -

TheHacker 6.3.1.1.152 2008.11.13 -

TrendMicro 8.700.0.1004 2008.11.14 -

VBA32 3.12.8.9 2008.11.14 -

ViRobot 2008.11.15.1470 2008.11.15 -

VirusBuster 4.5.11.0 2008.11.14

[/log]

 

[927]

ja den temp filen som är kollad är det enda jag ser men det är ju väldigt många sys filer och nån av dom kan ju en elaking.

jag tänkte rek den här, den är lite lättare att använda än den som zipp rekomendera

http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/

 

en annan sak jag tänkte är om allt åtgärdats med mbam, jag tänkte om skräpet som finns i registret på nåt vis återskapar en ny dll fil

 

[dusc]

hej

jag håller på och kör mvaw nu,ser ut att ta lite tid att skanna igenom :-)

Ska jag köra din rekomendation efetråt ?

Mvh Stefan

 

[Cecilia]

en annan sak jag tänkte är om allt åtgärdats med mbam, jag tänkte om skräpet som finns i registret på nåt vis återskapar en ny dll fil

Nja, bara registerrader kan ju inte göra en fil.

Men man kan ju med ComboFix ta bort både filen och registernyckeln i och för sig.

 

Det här finns i SDFix-loggen:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000147

Säger det dig något, 927?

 

 

 

[dusc]

log efter mwav[log]File C:\WINDOWS\system32\ncobjaqi.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File to be deleted on reboot.

File C:\Program\Trend Micro\HijackThis\backups\backup-20081113-211907-971.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\Qoobox\Quarantine\C\WINDOWS\system32\CTXFITPK.DLL.vir infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\Qoobox\Quarantine\C\WINDOWS\system32\msqbde40.dll.vir infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\Qoobox\Quarantine\C\WINDOWS\system32\msxml3rd.dll.vir infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\Qoobox\Quarantine\C\WINDOWS\system32\termsrvd.dll.vir infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\Qoobox\Quarantine\C\WINDOWS\system32\xmlpsovi.dll.vir infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\SLASK\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\SLASK\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP106\A0030744.exe tagged as not-a-virus:PSWTool.Win32.Delf.f. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP106\A0030745.exe tagged as not-a-virus:PSWTool.Win32.Delf.f. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP106\A0030746.exe tagged as not-a-virus:PSWTool.Win32.SnadBoy.2011. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP106\A0030747.dll tagged as not-a-virus:PSWTool.Win32.SnadBoy.2011. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP107\A0030880.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP111\A0031267.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP113\A0031390.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP115\A0031450.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP115\A0031545.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP115\A0031653.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031788.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031797.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031798.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031799.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031800.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031804.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP117\A0031832.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP118\A0032004.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP120\A0032168.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP121\A0032266.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP121\A0032313.dll tagged as not-a-virus:FraudTool.Win32.SpywareStop.as. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP121\A0032323.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP121\A0032324.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP121\A0032325.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP123\A0032600.exe tagged as not-a-virus:FraudTool.Win32.SpywareStop.as. No Action Taken.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP123\A0032637.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP123\A0032776.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP124\A0032959.DLL infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

File C:\System Volume Information\_restore{94FA83EF-7CDF-4777-95AE-5B82C4BFDE6C}\RP125\A0033185.dll infected by "Trojan-Downloader.Win32.Small.vxz" Virus. Action Taken: File Deleted.

[/log]

 

[Cecilia]

jag håller på och kör mvaw nu,ser ut att ta lite tid att skanna igenom :-)

Ska jag köra din rekomendation efetråt ?

Det ska väl vara samma virusdatabas så det ger nog inte något mer.

 

Var Internet Explorer igång när du körde Mwav?

 

Kollla det här:

Stäng Internet Explorer.

Uppdatera MBAM.

Dra ur internetkabeln.

Snabb skanning med MBAM.

Omstart

Anslut internetkabeln och klistra in MBAM-loggen.

 

[inlägget ändrat 2008-11-15 15:24:42 av Cecilia]

[dusc]

Hej

IE var igång vid MWAV.

Här är logen efter MBAM(jag deletade de infekterade filerna den hittade rätt/fel)

 

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1400

Windows 5.1.2600 Service Pack 3

 

2008-11-15 16:41:16

mbam-log-2008-11-15 (16-41-12).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 49438

Förfluten tid: 3 minute(s), 34 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b22292ef-5da3-482d-ae21-76f871b99eb9} (Trojan.BHO.H) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{b22292ef-5da3-482d-ae21-76f871b99eb9} (Trojan.BHO.H) -> No action taken.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\mucltuid.dll (Trojan.BHO.H) -> No action taken.

[/log]

 

[Zipp.]

 

Vi tar en titt med detta

Ladda ner ProcessExplore

 

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

 

Öppna och klicka på Winlogon.exe

Sen File > Save as.. spara och skicka loggen

 

Gör samma sak med Explorer.exe

 

 

[dusc]

winlogon log[log]Process PID CPU Description Company Name

System Idle Process 0 89.06

Interrupts n/a 6.25 Hardware Interrupts

DPCs n/a Deferred Procedure Calls

System 4

smss.exe 768 Sessionshanteraren i Windows NT Microsoft Corporation

csrss.exe 1084 Client Server Runtime Process Microsoft Corporation

winlogon.exe 864 Inloggningsprogram för Windows NT Microsoft Corporation

services.exe 1016 Tjänst- och styrenhetsprogram Microsoft Corporation

ati2evxx.exe 652 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 692 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexStoreSvr.exe 424 Nero Home Nero AG

WLLoginProxy.exe 2456 WLLoginProxy.exe Microsoft Corporation

iexplore.exe 2316 Internet Explorer Microsoft Corporation

svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1924 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1624 Generic Host Process for Win32 Services Microsoft Corporation

aawservice.exe 236 Ad-Aware Service Lavasoft

spoolsv.exe 960 Spooler SubSystem App Microsoft Corporation

AppleMobileDeviceService.exe 400 Apple Mobile Device Service Apple Inc.

bgsvcgen.exe 624 B's Recorder GOLD Service Library B.H.A Corporation

mDNSResponder.exe 812 Bonjour Service Apple Inc.

isafe.exe 1132 CA ISafe Service Computer Associates International, Inc.

mdm.exe 1444 Machine Debug Manager Microsoft Corporation

NBService.exe 1632 Nero BackItUp Nero AG

spupdsvc.exe 1368 Update RunOnce Service Microsoft Corporation

medctrro.exe 1980 Windows NT Microsoft Corporation

vetmsg.exe 1672 CA Anti-Virus Realtime Messaging Service CA, Inc.

alg.exe 1180 Application Layer Gateway Service Microsoft Corporation

svchost.exe 2548 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexingService.exe 3188 Nero Home Nero AG

iPodService.exe 1948 iPodService Module Apple Inc.

ccprovsp.exe 3244 CCProvSP CA, Inc.

lsass.exe 1076 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1736 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 836 Utforskaren Microsoft Corporation

CTHELPER.EXE 2420 CtHelper Application Creative Technology Ltd

Logi_MwX.Exe 2476 Logitech Launcher Application Logitech Inc.

vistadrive.exe 2540

ehtray.exe 2600 Media Center Tray Applet Microsoft Corporation

cctray.exe 2776 CA Common Tray CA, Inc.

cavrid.exe 2872 CA Anti-Virus Realtime Infection Report CA, Inc.

razerhid.exe 2916 razerhid MFC Application

razertra.exe 3340 razertra MFC Application

razerofa.exe 3616 Razer OFA - On-the-Fly Sensitivity Adjustment Razer Inc.

smax4pnp.exe 3036 SMax4PNP MFC Application Analog Devices, Inc.

iTunesHelper.exe 3612 iTunesHelper Module Apple Inc.

jusched.exe 3968 Java Platform SE binary Sun Microsystems, Inc.

NMBgMonitor.exe 2220 Nero Home Nero AG

ctfmon.exe 3596 CTF Loader Microsoft Corporation

GoogleToolbarNotifier.exe 3784 GoogleToolbarNotifier Google Inc.

msnmsgr.exe 3952 Windows Live Messenger Microsoft Corporation

steam.exe 460 Steam Valve Corporation

msmsgs.exe 2184 Windows Messenger Microsoft Corporation

msimn.exe 3800 Outlook Express Microsoft Corporation

procexp.exe 3704 4.69 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 2116 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 2112 Catalyst Control Centre: Host application ATI Technologies Inc.

 

[/log]

 

[dusc]

explore logen [log]Process PID CPU Description Company Name

System Idle Process 0 92.19

Interrupts n/a Hardware Interrupts

DPCs n/a 7.81 Deferred Procedure Calls

System 4

smss.exe 768 Sessionshanteraren i Windows NT Microsoft Corporation

csrss.exe 1084 Client Server Runtime Process Microsoft Corporation

winlogon.exe 864 Inloggningsprogram för Windows NT Microsoft Corporation

services.exe 1016 Tjänst- och styrenhetsprogram Microsoft Corporation

ati2evxx.exe 652 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 692 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexStoreSvr.exe 424 Nero Home Nero AG

WLLoginProxy.exe 2456 WLLoginProxy.exe Microsoft Corporation

iexplore.exe 2316 Internet Explorer Microsoft Corporation

svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1924 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1624 Generic Host Process for Win32 Services Microsoft Corporation

aawservice.exe 236 Ad-Aware Service Lavasoft

spoolsv.exe 960 Spooler SubSystem App Microsoft Corporation

AppleMobileDeviceService.exe 400 Apple Mobile Device Service Apple Inc.

bgsvcgen.exe 624 B's Recorder GOLD Service Library B.H.A Corporation

mDNSResponder.exe 812 Bonjour Service Apple Inc.

isafe.exe 1132 CA ISafe Service Computer Associates International, Inc.

mdm.exe 1444 Machine Debug Manager Microsoft Corporation

NBService.exe 1632 Nero BackItUp Nero AG

spupdsvc.exe 1368 Update RunOnce Service Microsoft Corporation

medctrro.exe 1980 Windows NT Microsoft Corporation

vetmsg.exe 1672 CA Anti-Virus Realtime Messaging Service CA, Inc.

alg.exe 1180 Application Layer Gateway Service Microsoft Corporation

svchost.exe 2548 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexingService.exe 3188 Nero Home Nero AG

iPodService.exe 1948 iPodService Module Apple Inc.

ccprovsp.exe 3244 CCProvSP CA, Inc.

lsass.exe 1076 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1736 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 836 Utforskaren Microsoft Corporation

CTHELPER.EXE 2420 CtHelper Application Creative Technology Ltd

Logi_MwX.Exe 2476 Logitech Launcher Application Logitech Inc.

vistadrive.exe 2540

ehtray.exe 2600 Media Center Tray Applet Microsoft Corporation

cctray.exe 2776 CA Common Tray CA, Inc.

cavrid.exe 2872 CA Anti-Virus Realtime Infection Report CA, Inc.

razerhid.exe 2916 razerhid MFC Application

razertra.exe 3340 razertra MFC Application

razerofa.exe 3616 Razer OFA - On-the-Fly Sensitivity Adjustment Razer Inc.

smax4pnp.exe 3036 SMax4PNP MFC Application Analog Devices, Inc.

iTunesHelper.exe 3612 iTunesHelper Module Apple Inc.

jusched.exe 3968 Java Platform SE binary Sun Microsystems, Inc.

NMBgMonitor.exe 2220 Nero Home Nero AG

ctfmon.exe 3596 CTF Loader Microsoft Corporation

GoogleToolbarNotifier.exe 3784 GoogleToolbarNotifier Google Inc.

msnmsgr.exe 3952 Windows Live Messenger Microsoft Corporation

steam.exe 460 Steam Valve Corporation

msmsgs.exe 2184 Windows Messenger Microsoft Corporation

msimn.exe 3800 Outlook Express Microsoft Corporation

procexp.exe 3704 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 2116 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 2112 Catalyst Control Centre: Host application ATI Technologies Inc.

 

[/log]

 

[Zipp.]

 

Kopiera du hela loggar .dll filer fattas

 

[dusc]

ja "markera allt" sen "ctrl c" sen "ctrl v"

 

[Zipp.]

 

Titta att dessa är ibockat

 

View

 

Show processes from all users

Show lower pane

Lower pane view > dlls

 

och sen kör igen

 

[dusc]

ny winlogon [log]Process PID CPU Description Company Name

System Idle Process 0 90.77

Interrupts n/a Hardware Interrupts

DPCs n/a 6.15 Deferred Procedure Calls

System 4

smss.exe 768 Sessionshanteraren i Windows NT Microsoft Corporation

csrss.exe 1084 Client Server Runtime Process Microsoft Corporation

winlogon.exe 864 1.54 Inloggningsprogram för Windows NT Microsoft Corporation

services.exe 1016 Tjänst- och styrenhetsprogram Microsoft Corporation

ati2evxx.exe 652 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 692 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexStoreSvr.exe 424 Nero Home Nero AG

WLLoginProxy.exe 2456 WLLoginProxy.exe Microsoft Corporation

iexplore.exe 2316 Internet Explorer Microsoft Corporation

svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1924 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1624 Generic Host Process for Win32 Services Microsoft Corporation

aawservice.exe 236 Ad-Aware Service Lavasoft

spoolsv.exe 960 Spooler SubSystem App Microsoft Corporation

AppleMobileDeviceService.exe 400 Apple Mobile Device Service Apple Inc.

bgsvcgen.exe 624 B's Recorder GOLD Service Library B.H.A Corporation

mDNSResponder.exe 812 Bonjour Service Apple Inc.

isafe.exe 1132 CA ISafe Service Computer Associates International, Inc.

mdm.exe 1444 Machine Debug Manager Microsoft Corporation

NBService.exe 1632 Nero BackItUp Nero AG

spupdsvc.exe 1368 Update RunOnce Service Microsoft Corporation

medctrro.exe 1980 Windows NT Microsoft Corporation

vetmsg.exe 1672 CA Anti-Virus Realtime Messaging Service CA, Inc.

alg.exe 1180 Application Layer Gateway Service Microsoft Corporation

svchost.exe 2548 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexingService.exe 3188 Nero Home Nero AG

iPodService.exe 1948 iPodService Module Apple Inc.

ccprovsp.exe 3244 CCProvSP CA, Inc.

lsass.exe 1076 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1736 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 836 Utforskaren Microsoft Corporation

CTHELPER.EXE 2420 CtHelper Application Creative Technology Ltd

Logi_MwX.Exe 2476 Logitech Launcher Application Logitech Inc.

vistadrive.exe 2540

ehtray.exe 2600 Media Center Tray Applet Microsoft Corporation

cctray.exe 2776 CA Common Tray CA, Inc.

cavrid.exe 2872 CA Anti-Virus Realtime Infection Report CA, Inc.

razerhid.exe 2916 razerhid MFC Application

razertra.exe 3340 razertra MFC Application

razerofa.exe 3616 Razer OFA - On-the-Fly Sensitivity Adjustment Razer Inc.

smax4pnp.exe 3036 SMax4PNP MFC Application Analog Devices, Inc.

iTunesHelper.exe 3612 iTunesHelper Module Apple Inc.

jusched.exe 3968 Java Platform SE binary Sun Microsystems, Inc.

NMBgMonitor.exe 2220 Nero Home Nero AG

ctfmon.exe 3596 CTF Loader Microsoft Corporation

GoogleToolbarNotifier.exe 3784 GoogleToolbarNotifier Google Inc.

msnmsgr.exe 3952 Windows Live Messenger Microsoft Corporation

steam.exe 460 Steam Valve Corporation

msmsgs.exe 2184 Windows Messenger Microsoft Corporation

msimn.exe 3800 Outlook Express Microsoft Corporation

procexp.exe 620 1.54 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 2116 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 2112 Catalyst Control Centre: Host application ATI Technologies Inc.

 

Process: winlogon.exe Pid: 864

 

Name Description Company Name Version

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512

Apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.5512

Ati2evxx.dll ATI External Event Utility DLL Module ATI Technologies Inc. 6.14.0010.4177

AUTHZ.dll Authorization Framework Microsoft Corporation 5.01.2600.5512

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700

COMCTL32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512

comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512

comdlg32.dll DLL-fil med vanliga dialogrutor Microsoft Corporation 6.00.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.0700

CRYPT32.dll 32-bitars kryptografi-API Microsoft Corporation 5.131.2600.5512

cscdll.dll Agent för frånkopplat nätverk Microsoft Corporation 5.01.2600.5512

cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.5512

ctype.nls

dimsntfy.dll DIMS Notification Handler Microsoft Corporation 5.01.2600.5512

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512

IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.5512

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512

iphlpapi.dll API för IP Helper Microsoft Corporation 5.01.2600.5512

kernel32.dll Klient-DLL för Windows NT BASE API Microsoft Corporation 5.01.2600.5512

locale.nls

midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.5512

MPR.dll DLL-fil för router med flera providers Microsoft Corporation 5.01.2600.5512

MSACM32.dll Microsoft ACM-ljudfilter Microsoft Corporation 5.01.2600.5512

msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512

MSGINA.dll Inloggnings-GINA för Windows NT Microsoft Corporation 5.01.2600.5512

msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.5512

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512

NDdeApi.dll API för Network DDE Share Management Microsoft Corporation 5.01.2600.5512

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694

ntdll.dll DLL-fil för NT Layer Microsoft Corporation 5.01.2600.5512

NTMARTA.DLL Windows NT MARTA-provider Microsoft Corporation 5.01.2600.5512

ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1132.0000

odbcint.dll Microsoft Data Access - ODBC-resurser Microsoft Corporation 3.525.1117.0000

ole32.dll Microsoft OLE för Windows Microsoft Corporation 5.01.2600.5512

OLEAUT32.dll Microsoft Corporation 5.01.2600.5512

PROFMAP.dll Userenv Microsoft Corporation 5.01.2600.5512

PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.5512

REGAPI.dll Registry Configuration APIs Microsoft Corporation 5.01.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512

SETUPAPI.dll API för installationsprogrammet för Windows Microsoft Corporation 5.01.2600.5512

sfc.dll Windows File Protection Microsoft Corporation 5.01.2600.5512

sfc_os.dll Windows Filskydd Microsoft Corporation 5.01.2600.5512

SHELL32.dll DLL-fil för Windows-gränssnittet Microsoft Corporation 6.00.2900.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512

SHSVCS.dll DLL-fil för Windows Shell-tjänster Microsoft Corporation 6.00.2900.5512

sortkey.nls

sorttbls.nls

sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.5512

unicode.nls

USER32.dll Klient-DLL-fil för Windows XP Microsoft Corporation 5.01.2600.5512

USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512

uxtheme.dll Bibliotek för Microsoft UxTheme Microsoft Corporation 6.00.2900.5512

wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512

WgaLogon.dll Windows Genuine Advantage Notification Microsoft Corporation 1.07.0018.0007

winlogon.exe Inloggningsprogram för Windows NT Microsoft Corporation 5.01.2600.5512

WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.5512

WINSCARD.DLL Microsoft API för smartkort Microsoft Corporation 5.01.2600.5512

WINSPOOL.DRV Drivrutin för Windows-bufferthanterare Microsoft Corporation 5.01.2600.5512

WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512

WINTRUST.dll API för autentisering av Microsoft Trust Microsoft Corporation 5.131.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512

WlNotify.dll Gemensam DLL-fil för att erhålla Winlogon-meddelanden Microsoft Corporation 5.01.2600.5512

WS2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512

WTSAPI32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.5512

xpsp2res.dll Service Pack 2-meddelanden Microsoft Corporation 5.01.2600.5512

[/log]

 

[dusc]

nya iexplore [log]Process PID CPU Description Company Name

System Idle Process 0 89.39

Interrupts n/a Hardware Interrupts

DPCs n/a 3.03 Deferred Procedure Calls

System 4

smss.exe 768 Sessionshanteraren i Windows NT Microsoft Corporation

csrss.exe 1084 Client Server Runtime Process Microsoft Corporation

winlogon.exe 864 Inloggningsprogram för Windows NT Microsoft Corporation

services.exe 1016 Tjänst- och styrenhetsprogram Microsoft Corporation

ati2evxx.exe 652 ATI External Event Utility EXE Module ATI Technologies Inc.

svchost.exe 692 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexStoreSvr.exe 424 Nero Home Nero AG

WLLoginProxy.exe 2456 WLLoginProxy.exe Microsoft Corporation

iexplore.exe 2316 3.03 Internet Explorer Microsoft Corporation

svchost.exe 1044 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1556 Generic Host Process for Win32 Services Microsoft Corporation

wuauclt.exe 2864 Windows Update Automatic Updates Microsoft Corporation

svchost.exe 1924 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1172 Generic Host Process for Win32 Services Microsoft Corporation

svchost.exe 1624 Generic Host Process for Win32 Services Microsoft Corporation

aawservice.exe 236 Ad-Aware Service Lavasoft

spoolsv.exe 960 Spooler SubSystem App Microsoft Corporation

AppleMobileDeviceService.exe 400 Apple Mobile Device Service Apple Inc.

bgsvcgen.exe 624 B's Recorder GOLD Service Library B.H.A Corporation

mDNSResponder.exe 812 Bonjour Service Apple Inc.

isafe.exe 1132 CA ISafe Service Computer Associates International, Inc.

mdm.exe 1444 Machine Debug Manager Microsoft Corporation

NBService.exe 1632 Nero BackItUp Nero AG

spupdsvc.exe 1368 Update RunOnce Service Microsoft Corporation

medctrro.exe 1980 Windows NT Microsoft Corporation

vetmsg.exe 1672 CA Anti-Virus Realtime Messaging Service CA, Inc.

alg.exe 1180 Application Layer Gateway Service Microsoft Corporation

svchost.exe 2548 Generic Host Process for Win32 Services Microsoft Corporation

NMIndexingService.exe 3188 Nero Home Nero AG

iPodService.exe 1948 iPodService Module Apple Inc.

ccprovsp.exe 3244 CCProvSP CA, Inc.

lsass.exe 1076 LSA Shell (Export Version) Microsoft Corporation

ati2evxx.exe 1736 ATI External Event Utility EXE Module ATI Technologies Inc.

explorer.exe 836 Utforskaren Microsoft Corporation

CTHELPER.EXE 2420 CtHelper Application Creative Technology Ltd

Logi_MwX.Exe 2476 Logitech Launcher Application Logitech Inc.

vistadrive.exe 2540

ehtray.exe 2600 Media Center Tray Applet Microsoft Corporation

cctray.exe 2776 CA Common Tray CA, Inc.

cavrid.exe 2872 CA Anti-Virus Realtime Infection Report CA, Inc.

razerhid.exe 2916 razerhid MFC Application

razertra.exe 3340 razertra MFC Application

razerofa.exe 3616 Razer OFA - On-the-Fly Sensitivity Adjustment Razer Inc.

smax4pnp.exe 3036 SMax4PNP MFC Application Analog Devices, Inc.

iTunesHelper.exe 3612 iTunesHelper Module Apple Inc.

jusched.exe 3968 Java Platform SE binary Sun Microsystems, Inc.

NMBgMonitor.exe 2220 Nero Home Nero AG

ctfmon.exe 3596 CTF Loader Microsoft Corporation

GoogleToolbarNotifier.exe 3784 GoogleToolbarNotifier Google Inc.

msnmsgr.exe 3952 Windows Live Messenger Microsoft Corporation

steam.exe 460 Steam Valve Corporation

msmsgs.exe 2184 Windows Messenger Microsoft Corporation

msimn.exe 3800 Outlook Express Microsoft Corporation

procexp.exe 620 3.03 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

procexp.exe 3656 1.52 Sysinternals Process Explorer Sysinternals - www.sysinternals.com

MOM.exe 2116 Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.

CCC.exe 2112 Catalyst Control Centre: Host application ATI Technologies Inc.

 

Process: iexplore.exe Pid: 2316

 

Name Description Company Name Version

AcroIEHelper.dll Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 8.00.0000.0456

AcroIEHelper.dll Adobe PDF Helper for Internet Explorer Adobe Systems Incorporated 8.00.0000.0456

ACTXPRXY.DLL ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.5512

ADVAPI32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.5512

apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.5512

ATL.DLL ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0001

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat

c_28591.nls

CLBCATQ.DLL Microsoft Corporation 2001.12.4414.0700

comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.5512

comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.5512

comdlg32.dll DLL-fil med vanliga dialogrutor Microsoft Corporation 6.00.2900.5512

COMRes.dll Microsoft Corporation 2001.12.4414.0700

CRYPT32.dll 32-bitars kryptografi-API Microsoft Corporation 5.131.2600.5512

cryptnet.dll Crypto Network Related API Microsoft Corporation 5.131.2600.5512

CRYPTUI.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.5512

CSCDLL.dll Agent för frånkopplat nätverk Microsoft Corporation 5.01.2600.5512

cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.5512

ctagent.dll ctagent Creative Technology Ltd 1.00.0000.0012

ctype.nls

davclnt.dll DLL-fil för Webb-DAV-klient Microsoft Corporation 5.01.2600.5512

dbghelp.dll Windows Image Helper Microsoft Corporation 5.01.2600.5512

DCIMAN32.dll DCI Manager Microsoft Corporation 5.01.2600.5512

DDRAW.dll Microsoft DirectDraw Microsoft Corporation 5.03.2600.5512

ddrawex.dll Direct Draw Ex Microsoft Corporation 5.03.2600.5512

dispex.dll Microsoft ® DispEx Microsoft Corporation 5.07.0000.16599

DNSAPI.dll DNS Client API DLL Microsoft Corporation 5.01.2600.5625

drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.5512

dssenh.dll Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider Microsoft Corporation 5.01.2600.5507

Dxtmsft.dll DirectX Media -- Image DirectX Transforms Microsoft Corporation 7.00.6000.16735

Dxtrans.dll DirectX Media -- DirectX Transform Core Microsoft Corporation 7.00.6000.16735

fastsearch_219B3E1547538286.dll Fast Search Google Inc. 1.00.0610.10250

Flash10a.ocx Adobe Flash Player 10.0 r12 Adobe Systems, Inc. 10.00.0012.0036

Flash10a.ocx Adobe Flash Player 10.0 r12 Adobe Systems, Inc. 10.00.0012.0036

GDI32.dll GDI Client DLL Microsoft Corporation 5.01.2600.5512

gdiplus.dll Microsoft GDI+ Microsoft Corporation 5.01.3102.5512

GoogleToolbar.dll

GoogleToolbarDynamic_834848C3BEDA8CCA.dll Google Toolbar for Internet Explorer Google Inc. 5.00.2124.2070

GoogleToolbarDynamic_mui_sv_8379BD4B4A60FAE2.dll Google Verktygsfält för Internet Explorer Google Inc. 5.00.2124.2070

hnetcfg.dll Hanteraren för konfiguration av hemnätverk Microsoft Corporation 5.01.2600.5512

ieapfltr.dat Microsoft Phishing Filter Data File Microsoft Corporation 7.00.6011.0000

ieapfltr.dat Microsoft Phishing Filter Data File Microsoft Corporation 7.00.6011.0000

ieapfltr.dat Microsoft Phishing Filter Data File Microsoft Corporation 7.00.6011.0000

ieapfltr.dll Microsoft Phishing Filter Microsoft Corporation 7.00.6000.16461

IEFRAME.dll Internet Explorer Microsoft Corporation 7.00.6000.16757

ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414

ieframe.dll.mui Internet Explorer Microsoft Corporation 7.00.6000.16414

iepeers.dll Internet Explorer Peer Objects Microsoft Corporation 7.00.5730.0011

iepeers.dll Internet Explorer Peer Objects Microsoft Corporation 7.00.5730.0011

ieproxy.dll IE ActiveX Interface Marshaling Library Microsoft Corporation 7.00.5730.0011

iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 7.00.6000.16735

IEUI.dll Internet Explorer UI Engine Microsoft Corporation 7.00.5730.0011

IEXPLORE.EXE Internet Explorer Microsoft Corporation 7.00.6000.16735

IMAGEHLP.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.5512

ImgUtil.dll IE plugin image decoder support DLL Microsoft Corporation 7.00.5730.0011

IMM32.DLL Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.5512

index.dat

index.dat

index.dat

index.dat

index.dat

iphlpapi.dll API för IP Helper Microsoft Corporation 5.01.2600.5512

ISafeIf.dll CA ISafe Interface DLL Computer Associates International, Inc. 8.00.0008.0000

jscript.dll Microsoft ® JScript Microsoft Corporation 5.07.0000.18066

jscript.dll.mui Microsoft ® JScript Microsoft Corporation 5.07.0000.16599

jsproxyd.dll

kernel32.dll Klient-DLL för Windows NT BASE API Microsoft Corporation 5.01.2600.5512

LINKINFO.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.5512

locale.nls

mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 1.00.0004.0012

midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.5512

MLANG.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.5512

MPR.dll DLL-fil för router med flera providers Microsoft Corporation 5.01.2600.5512

MSACM32.dll Microsoft ACM-ljudfilter Microsoft Corporation 5.01.2600.5512

msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000

MSASN1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.5512

mscms.dll Microsoft Color Matching System DLL Microsoft Corporation 5.01.2600.5627

mscoree.dll Microsoft .NET Runtime Execution Engine Microsoft Corporation 2.00.50727.0253

mscorie.dll Microsoft .NET IE MIME Filter Microsoft Corporation 2.00.50727.0042

MSCTF.dll DLL-fil för MSCTF-servern Microsoft Corporation 5.01.2600.5512

msctfime.ime Microsoft Text Frame Work Service IME Microsoft Corporation 5.01.2600.5512

MSGINA.dll Inloggnings-GINA för Windows NT Microsoft Corporation 5.01.2600.5512

mshtml.dll Microsoft ® HTML Viewer Microsoft Corporation 7.00.6000.16735

mshtml.tlb Microsoft® MSHTML Typelib Microsoft Corporation 7.00.5730.0011

mshtmled.dll Microsoft® HTML Editing Component Microsoft Corporation 7.00.6000.16735

mshtmled.dll.mui HTML-redigeringskomponent för Microsoft® Microsoft Corporation 7.00.5730.0011

msi.dll Windows Installer Microsoft Corporation 3.01.4001.5512

msidcrl40.dll IDCRL Dynamic Link Library Microsoft Corporation 4.200.0520.0001

MSIMG32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.5512

MSIMGSIZ.DAT

msimtf.dll Active IMM Server DLL Microsoft Corporation 5.01.2600.5512

msls31.dll Microsoft Line Services library file Microsoft Corporation 3.10.0349.0000

msohevi.dll 2007 Microsoft Office component Microsoft Corporation 12.00.4518.1014

MSOXMLMF.DLL Microsoft Office XML MIME Filter Microsoft Corporation 12.00.4518.1014

msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.5512

MSVCP60.dll Microsoft ® C++ Runtime Library Microsoft Corporation 6.02.3104.0000

MSVCR71.dll Microsoft® C Runtime Library Microsoft Corporation 7.10.3052.0004

MSVCR80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0762

msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.5512

mswsock.dll Tjänstprovider för Microsoft Windows Sockets 2.0 Microsoft Corporation 5.01.2600.5625

msxml3.dll MSXML 3.0 SP10 Microsoft Corporation 8.100.1048.0000

msxml3r.dll XML Resources Microsoft Corporation 8.20.8730.0001

NETAPI32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.5694

NETRAP.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.5512

NETUI0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.5512

NETUI1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.5512

Normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.00.5441.0000

ntdll.dll DLL-fil för NT Layer Microsoft Corporation 5.01.2600.5512

ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.5512

NTMARTA.DLL Windows NT MARTA-provider Microsoft Corporation 5.01.2600.5512

ntshrui.dll Shell-tillägg för delning Microsoft Corporation 5.01.2600.5512

ODBC32.dll Microsoft Data Access - ODBC Driver Manager Microsoft Corporation 3.525.1132.0000

odbcint.dll Microsoft Data Access - ODBC-resurser Microsoft Corporation 3.525.1117.0000

ole32.dll Microsoft OLE för Windows Microsoft Corporation 5.01.2600.5512

OLEACC.dll Active Accessibility Core Component Microsoft Corporation 4.02.5406.0000

oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.02.5406.0000

OLEAUT32.dll Microsoft Corporation 5.01.2600.5512

pngfilt.dll IE PNG plugin image decoder Microsoft Corporation 7.00.6000.16735

PSAPI.DLL Process Status Helper Microsoft Corporation 5.01.2600.5512

rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.5512

RASAPI32.dll Programmeringsgränssnitt för Fjärråtkomst Microsoft Corporation 5.01.2600.5512

rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.5512

RPCRT4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.5512

rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.5507

rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.5512

SAMLIB.dll SAM Library DLL Microsoft Corporation 5.01.2600.5512

schannel.dll TLS / SSL Security Provider Microsoft Corporation 5.01.2600.5512

Secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.5512

SensApi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.5512

SETUPAPI.dll API för installationsprogrammet för Windows Microsoft Corporation 5.01.2600.5512

shdocvw.dll Shell Doc Object och Control Library Microsoft Corporation 6.00.2900.5512

SHELL32.dll DLL-fil för Windows-gränssnittet Microsoft Corporation 6.00.2900.5512

SHLWAPI.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.5512

sortkey.nls

sorttbls.nls

ssv.dll Java Platform SE binary Sun Microsystems, Inc. 6.00.0070.0006

stdole2.tlb Microsoft Corporation 5.01.2600.5512

swg.dll GoogleToolbarNotifier Google Inc. 5.00.0926.3450

SXS.DLL Fusion 2.5 Microsoft Corporation 5.01.2600.5512

TAPI32.dll Klient-DLL för Microsoft® Windows-telefoni-API Microsoft Corporation 5.01.2600.5512

unicode.nls

urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 7.00.6000.16735

urlmon.dll.mui OLE32-tillägg för Win32 Microsoft Corporation 7.00.5730.0011

USER32.dll Klient-DLL-fil för Windows XP Microsoft Corporation 5.01.2600.5512

USERENV.dll Userenv Microsoft Corporation 5.01.2600.5512

USP10.dll Uniscribe Unicode script processor Microsoft Corporation 1.420.2600.5512

UxTheme.dll Bibliotek för Microsoft UxTheme Microsoft Corporation 6.00.2900.5512

vbscript.dll Microsoft ® VBScript Microsoft Corporation 5.07.0000.18066

wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.5512

VERSION.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.5512

VetRedir.dll CA ISafe LSP DLL Computer Associates International, Inc. 8.00.0008.0000

WindowsLiveLogin.dll WindowsLiveLogin.dll Microsoft Corporation 4.200.0520.0001

WINHTTP.dll Windows HTTP Services Microsoft Corporation 5.01.2600.5512

WININET.dll Internet Extensions for Win32 Microsoft Corporation 7.00.6000.16735

WINMM.dll MCI API DLL Microsoft Corporation 5.01.2600.5512

winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.01.2600.5512

WINSPOOL.DRV Drivrutin för Windows-bufferthanterare Microsoft Corporation 5.01.2600.5512

WINSTA.dll Winstation Library Microsoft Corporation 5.01.2600.5512

WINTRUST.dll API för autentisering av Microsoft Trust Microsoft Corporation 5.131.2600.5512

WLDAP32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.5512

ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.5512

WS2HELP.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.5512

wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.5512

WSOCK32.dll 32-bitars DLL-fil för Windows Socket Microsoft Corporation 5.01.2600.5512

xmllite.dll Microsoft XmlLite Library Microsoft Corporation 1.00.1018.0000

xpsp2res.dll Service Pack 2-meddelanden Microsoft Corporation 5.01.2600.5512

[/log]

 

[Zipp.]

 

Ser inget i loggar.

Starta datorn i felsäkert läge

 

Sen öppna Hijack

Open the Misc Tools section

Generate startuplist log

 

först bocka i dom 2 smårutor och kör loggen

 

Starta sen normalt och kör startuplist log igen

Skick bägge loggar från felläge och normal.

 

 

[dusc]

felsäkert log[log]StartupList report, 2008-11-15, 18:29:46

StartupList version: 1.52.2

Started from : C:\Program\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16735)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Stefan\Start-meny\Program\Autostart]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

CTHelper = CTHELPER.EXE

CTxfiHlp = CTXFIHLP.EXE

Logitech Utility = Logi_MwX.Exe

VistaDrive = C:\WINDOWS\VistaDrive\VistaDrive.exe

ehTray = C:\WINDOWS\ehome\ehtray.exe

Adobe Reader Speed Launcher = "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

NeroFilterCheck = C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

cctray = "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

CAVRID = "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

DeathAdder = C:\Program\Razer\DeathAdder\razerhid.exe

StartCCC = "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe

QuickTime Task = "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

AppleSyncNotifier = C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

iTunesHelper = "C:\Program\iTunes\iTunesHelper.exe"

OM_Monitor = C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

SunJavaUpdateSched = "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

swg = C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MsnMsgr = "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

Steam = "c:\program\steam\steam.exe" -silent

OM_Monitor = C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

=

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\ComFile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registereditorn'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\WINDOWS\system32\jsproxyd.dll - {8DF4A25B-1FEC-4FA0-B530-4E047190CBF5}

(no name) - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

(no name) - C:\Program\Google\Google Toolbar\GoogleToolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

Google Dictionary Compression sdch - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

AppleSoftwareUpdate.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program\Java\jre1.6.0_07\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

 

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program\Java\jre1.6.0_07\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

 

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx

CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\Program\Bonjour\mdnsNSP.dll

Protocol #1: C:\WINDOWS\system32\VetRedir.dll

Protocol #2: C:\WINDOWS\system32\VetRedir.dll

Protocol #3: C:\WINDOWS\system32\VetRedir.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\rsvpsp.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\VetRedir.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Lavasoft Ad-Aware Service: C:\Program\Lavasoft\Ad-Aware\aawservice.exe (autostart)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Apple Mobile Device: "C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP-klientprotokoll: system32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard-IDE/ESDI-hårddiskstyrenhet: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Ljud-stub-drivrutin: system32\DRIVERS\audstub.sys (manual start)

Broadcom NetXtreme Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)

B's Recorder GOLD Library General Service: C:\WINDOWS\system32\bgsvcgen.exe (autostart)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Belkin Wireless G USB Network Adapter(Belkin): system32\DRIVERS\BLKWGU.sys (manual start)

Bonjour-tjänst: C:\Program\Bonjour\mDNSResponder.exe (autostart)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

CaCCProvSP: "C:\Program\CA\CA Internet Security Suite\ccprovsp.exe" (manual start)

CAISafe: C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (autostart)

CD-ROM-drivrutin: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)

Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)

Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)

Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)

Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)

DeathAdder Mouse: system32\drivers\dadder.sys (manual start)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Diskdrivrutin: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

EAP-tjänsten (Extensible Authentication Protocol): %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)

E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Drivrutin för diskettstyrenhet: system32\DRIVERS\fdc.sys (manual start)

Diskettdrivrutin: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

Spelportsuppräknare: system32\DRIVERS\gameenum.sys (manual start)

GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)

gmer: System32\DRIVERS\gmer.sys (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)

Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)

Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)

Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)

Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (manual start)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)

Intel-processordrivrutin: system32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

iPod Service: C:\Program\iPod\bin\iPodService.exe (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

Tjänst för IR-uppräkning: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Tangentbordsklassdrivrutin: system32\DRIVERS\kbdclass.sys (system)

HID-drivrutin för tangentbord: system32\DRIVERS\kbdhid.sys (system)

Microsoft Kernel-wave-ljudMixer: system32\drivers\kmixer.sys (manual start)

Logitech SetPoint Keyboard Driver: system32\DRIVERS\L8042Kbd.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Logitech HID/USB Mouse Filter Driver: system32\DRIVERS\LHidFlt2.Sys (manual start)

Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Logitech Mouse Class Filter Driver: system32\DRIVERS\LMouFlt2.Sys (manual start)

Machine Debug Manager: "C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe" (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Musklassdrivrutin: system32\DRIVERS\mouclass.sys (system)

HID-drivrutin för mus: system32\DRIVERS\mouhid.sys (manual start)

Klientomdirigerare för WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)

Tjänstproxy för Microsoft-direktuppspelning: system32\drivers\MSKSSRV.sys (manual start)

Klockproxy för Microsoft-direktuppspelning: system32\drivers\MSPCLOCK.sys (manual start)

Kvalitetshanteringsproxy för Microsoft-direktuppspelning: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS-protokoll för I/O i användarläge: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

Nero BackItUp Scheduler 3: C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe (autostart)

NetBIOS-gränssnitt: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NMIndexingService: "C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe" (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

Microsoft Office Diagnostics Service: "C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)

OHCI-kompatibel IEEE 1394-värdstyrenhet: system32\DRIVERS\ohci1394.sys (system)

OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)

Office Source Engine: "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)

Drivrutin för parallellport: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direkt parallell: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Filterdrivrutin för uppspelning av digitalt CD-ljud: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

senfilt: system32\drivers\senfilt.sys (manual start)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum-filterdrivrutin: system32\DRIVERS\serenum.sys (manual start)

Drivrutin för seriell port: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

smwdm: system32\drivers\smwdm.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

Windows Service Pack Installer update service: C:\WINDOWS\system32\spupdsvc.exe (autostart)

Drivrutin för filter för Systemåterställning: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

WIA (Windows Image Acquisition): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{75D93B30-5390-4053-878F-134D8BABE868} (manual start)

Microsoft Kernelsystemljudenhet: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2-aktiverat nav: system32\DRIVERS\usbhub.sys (manual start)

Drivrutin för USB-masslagringsenheter: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

Messenger Sharing Folders USN Journal Reader Service: "C:\Program\Windows Live\Messenger\usnsvc.exe" (manual start)

VET Message Service: C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (autostart)

VGA-bildskärmsstyrenhet.: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Drivrutin för Microsoft WINMM WDM-ljudkompatibilitet: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Live Setup Service: "C:\Program\Windows Live\installer\WLSetupSvc.exe" (manual start)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Windows Media Player Network Sharing Service: "C:\Program\Windows Media Player\WMPNetwk.exe" (manual start)

WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute =

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\system32\webcheck.dll

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 35 812 bytes

Report generated in 0,297 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[/log]

 

[dusc]

normalt läge log [log]StartupList report, 2008-11-15, 18:32:54

StartupList version: 1.52.2

Started from : C:\Program\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP3 (WinNT 5.01.2600)

Detected: Internet Explorer v7.00 (7.00.6000.16735)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\spupdsvc.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\ehome\medctrro.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\Logi_MwX.Exe

C:\WINDOWS\VistaDrive\VistaDrive.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Razer\DeathAdder\razerhid.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\program\steam\steam.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Razer\DeathAdder\razertra.exe

C:\Program\Razer\DeathAdder\razerofa.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Stefan\Start-meny\Program\Autostart]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start-meny\Program\Autostart]

*No files*

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

CTHelper = CTHELPER.EXE

CTxfiHlp = CTXFIHLP.EXE

Logitech Utility = Logi_MwX.Exe

VistaDrive = C:\WINDOWS\VistaDrive\VistaDrive.exe

ehTray = C:\WINDOWS\ehome\ehtray.exe

Adobe Reader Speed Launcher = "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

NeroFilterCheck = C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

cctray = "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

CAVRID = "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

DeathAdder = C:\Program\Razer\DeathAdder\razerhid.exe

StartCCC = "C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

SoundMAXPnP = C:\Program\Analog Devices\Core\smax4pnp.exe

QuickTime Task = "C:\Program\Multimedia\QuickTime Alternative\QTTask.exe" -atboottime

AppleSyncNotifier = C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

iTunesHelper = "C:\Program\iTunes\iTunesHelper.exe"

OM_Monitor = C:\Program\OLYMPUS\OLYMPUS Master\FirstStart.exe

SunJavaUpdateSched = "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe"

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

swg = C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

MsnMsgr = "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

Steam = "c:\program\steam\steam.exe" -silent

OM_Monitor = C:\Program\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart

MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

=

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\ComFile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

 

--------------------------------------------------

 

File association entry for .TXT:

HKEY_CLASSES_ROOT\txtfile\shell\open\command

 

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *

StubPath = C:\WINDOWS\system32\ieudinit.exe

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

 

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *

StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry value not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registereditorn'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

(no name) - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

(no name) - C:\Program\Java\jre1.6.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

(no name) - C:\WINDOWS\system32\jsproxyd.dll - {8DF4A25B-1FEC-4FA0-B530-4E047190CBF5}

(no name) - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

(no name) - C:\Program\Google\Google Toolbar\GoogleToolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

(no name) - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

Google Dictionary Compression sdch - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

AppleSoftwareUpdate.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program\Java\jre1.6.0_07\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

 

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program\Java\jre1.6.0_07\bin\ssv.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

 

[Java Plug-in 1.6.0_07]

InProcServer32 = C:\Program\Java\jre1.6.0_07\bin\npjpi160_07.dll

CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx

CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

NameSpace #4: C:\Program\Bonjour\mdnsNSP.dll

Protocol #1: C:\WINDOWS\system32\VetRedir.dll

Protocol #2: C:\WINDOWS\system32\VetRedir.dll

Protocol #3: C:\WINDOWS\system32\VetRedir.dll

Protocol #4: C:\WINDOWS\system32\mswsock.dll

Protocol #5: C:\WINDOWS\system32\mswsock.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\rsvpsp.dll

Protocol #8: C:\WINDOWS\system32\rsvpsp.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

Protocol #18: C:\WINDOWS\system32\mswsock.dll

Protocol #19: C:\WINDOWS\system32\VetRedir.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

Lavasoft Ad-Aware Service: C:\Program\Lavasoft\Ad-Aware\aawservice.exe (autostart)

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD: \SystemRoot\System32\drivers\afd.sys (system)

Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

Apple Mobile Device: "C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" (autostart)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

1394 ARP-klientprotokoll: system32\DRIVERS\arp1394.sys (manual start)

ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)

RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)

Standard-IDE/ESDI-hårddiskstyrenhet: system32\DRIVERS\atapi.sys (system)

Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)

ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)

ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)

ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Ljud-stub-drivrutin: system32\DRIVERS\audstub.sys (manual start)

Broadcom NetXtreme Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)

B's Recorder GOLD Library General Service: C:\WINDOWS\system32\bgsvcgen.exe (autostart)

Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Belkin Wireless G USB Network Adapter(Belkin): system32\DRIVERS\BLKWGU.sys (manual start)

Bonjour-tjänst: C:\Program\Bonjour\mDNSResponder.exe (autostart)

Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

CaCCProvSP: "C:\Program\CA\CA Internet Security Suite\ccprovsp.exe" (manual start)

CAISafe: C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe (autostart)

CD-ROM-drivrutin: system32\DRIVERS\cdrom.sys (system)

Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)

.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)

COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Creative AC3 Software Decoder: system32\drivers\ctac32k.sys (manual start)

Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)

Creative DVD-Audio Device Driver: system32\drivers\ctdvda2k.sys (manual start)

Creative Proxy Driver: system32\drivers\ctprxy2k.sys (manual start)

Creative SoundFont Management Device Driver: system32\drivers\ctsfm2k.sys (manual start)

DeathAdder Mouse: system32\drivers\dadder.sys (manual start)

DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)

DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Diskdrivrutin: system32\DRIVERS\disk.sys (system)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)

dmboot: System32\drivers\dmboot.sys (disabled)

Logical Disk Manager Driver: System32\drivers\dmio.sys (system)

dmload: System32\drivers\dmload.sys (system)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)

Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

EAP-tjänsten (Extensible Authentication Protocol): %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)

E-mu Plug-in Architecture Driver: system32\drivers\emupia2k.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Drivrutin för diskettstyrenhet: system32\DRIVERS\fdc.sys (manual start)

Diskettdrivrutin: system32\DRIVERS\flpydisk.sys (manual start)

FltMgr: system32\drivers\fltmgr.sys (system)

Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)

Spelportsuppräknare: system32\DRIVERS\gameenum.sys (manual start)

GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)

gmer: System32\DRIVERS\gmer.sys (manual start)

Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)

Google Updater Service: "C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)

Creative Hardware Abstract Layer Driver: system32\drivers\ha10kx2k.sys (manual start)

Creative P16V HAL Driver: system32\drivers\hap16v2k.sys (manual start)

Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)

Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

HTTP: System32\Drivers\HTTP.sys (manual start)

HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)

i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)

InstallDriver Table Manager: "C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe" (manual start)

CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)

IMAPI CD-Burning COM Service: %systemroot%\system32\imapi.exe (manual start)

Intel-processordrivrutin: system32\DRIVERS\intelppm.sys (system)

IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)

IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)

iPod Service: C:\Program\iPod\bin\iPodService.exe (manual start)

IPSEC driver: system32\DRIVERS\ipsec.sys (system)

Tjänst för IR-uppräkning: system32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)

Tangentbordsklassdrivrutin: system32\DRIVERS\kbdclass.sys (system)

HID-drivrutin för tangentbord: system32\DRIVERS\kbdhid.sys (system)

Microsoft Kernel-wave-ljudMixer: system32\drivers\kmixer.sys (manual start)

Logitech SetPoint Keyboard Driver: system32\DRIVERS\L8042Kbd.sys (manual start)

Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Logitech HID/USB Mouse Filter Driver: system32\DRIVERS\LHidFlt2.Sys (manual start)

Logitech USB Receiver device driver: System32\Drivers\LHidUsb.Sys (manual start)

TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Logitech Mouse Class Filter Driver: system32\DRIVERS\LMouFlt2.Sys (manual start)

Machine Debug Manager: "C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\mdm.exe" (autostart)

Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)

Musklassdrivrutin: system32\DRIVERS\mouclass.sys (system)

HID-drivrutin för mus: system32\DRIVERS\mouhid.sys (manual start)

Klientomdirigerare för WebDav: system32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: system32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)

Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)

Tjänstproxy för Microsoft-direktuppspelning: system32\drivers\MSKSSRV.sys (manual start)

Klockproxy för Microsoft-direktuppspelning: system32\drivers\MSPCLOCK.sys (manual start)

Kvalitetshanteringsproxy för Microsoft-direktuppspelning: system32\drivers\MSPQM.sys (manual start)

Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)

Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)

NDIS-protokoll för I/O i användarläge: system32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)

Nero BackItUp Scheduler 3: C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe (autostart)

NetBIOS-gränssnitt: system32\DRIVERS\netbios.sys (system)

NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (disabled)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)

Net Logon: %SystemRoot%\system32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)

Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

NMIndexingService: "C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe" (manual start)

NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)

Microsoft Office Diagnostics Service: "C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)

OHCI-kompatibel IEEE 1394-värdstyrenhet: system32\DRIVERS\ohci1394.sys (system)

OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)

Office Source Engine: "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE" (manual start)

Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)

Drivrutin för parallellport: system32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: system32\DRIVERS\pci.sys (system)

PCIIde: system32\DRIVERS\pciide.sys (system)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)

WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)

Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)

Direkt parallell: system32\DRIVERS\raspti.sys (manual start)

Rdbss: system32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Filterdrivrutin för uppspelning av digitalt CD-ljud: system32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)

Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: system32\DRIVERS\secdrv.sys (manual start)

Secondary Logon Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

senfilt: system32\drivers\senfilt.sys (manual start)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum-filterdrivrutin: system32\DRIVERS\serenum.sys (manual start)

Drivrutin för seriell port: system32\DRIVERS\serial.sys (system)

Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

smwdm: system32\drivers\smwdm.sys (manual start)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

Windows Service Pack Installer update service: C:\WINDOWS\system32\spupdsvc.exe (autostart)

Drivrutin för filter för Systemåterställning: system32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Srv: system32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

WIA (Windows Image Acquisition): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{75D93B30-5390-4053-878F-134D8BABE868} (manual start)

Microsoft Kernelsystemljudenhet: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: system32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Microcode Update Driver: system32\DRIVERS\update.sys (manual start)

Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)

Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)

USB2-aktiverat nav: system32\DRIVERS\usbhub.sys (manual start)

Drivrutin för USB-masslagringsenheter: system32\DRIVERS\USBSTOR.SYS (manual start)

Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)

Messenger Sharing Folders USN Journal Reader Service: "C:\Program\Windows Live\Messenger\usnsvc.exe" (manual start)

VET Message Service: C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe (autostart)

VGA-bildskärmsstyrenhet.: \SystemRoot\System32\drivers\vga.sys (system)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)

Drivrutin för Microsoft WINMM WDM-ljudkompatibilitet: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Live Setup Service: "C:\Program\Windows Live\installer\WLSetupSvc.exe" (manual start)

Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)

Windows Media Player Network Sharing Service: "C:\Program\Windows Media Player\WMPNetwk.exe" (manual start)

WpdUsb: system32\DRIVERS\wpdusb.sys (manual start)

Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (system)

Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start)

Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (autostart)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute =

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

WebCheck: C:\WINDOWS\system32\webcheck.dll

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

 

*No values found*

 

--------------------------------------------------

 

End of report, 37 542 bytes

Report generated in 0,109 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

[/log]