Låst skrivbord? Virus/trojan

19 december, 2008

Tack nu kom den fram. :thumbsup:

Ladda ner OTMoveIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Starta programmet

Kopiera alla dessa rader (använd markera kod):

:Files
C:\WINDOWS\System32\xpsysw
C:\WINDOWS\System32\xpsysw.exe

Klistra in dem i rutan Paste Instructions for Items to be Moved

Tryck på MoveIt!

Om du blir tillfrågad om att starta om datorn så gör det.

Gå till mappen c:\_OTMoveIt\MovedFiles och öppna loggfilen som skapades med dagens datum och klockslag. Kopiera innehållet och klistra in här liksom en ny OTViewIt-logg (extra-loggen behövs inte).

19 december, 2008

Filen xpsysw är en textfil dit det skadliga programmet antingen har kopierat från skärmen eller kopierat det du har skrivit på tangentbordet. Det är möjligt att denna textfil har skickats iväg till någon dator på internet. Eftersom jag kan se orden Passwords och Autentisering i filen så måste du så snart som möjligt byta alla lösenord du använder i datorn och på internet från en ren dator.

20 december, 2008

[log]C:\WINDOWS\System32\xpsysw moved successfully.

File move failed. C:\WINDOWS\System32\xpsysw.exe scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12202008_122515

Files moved on Reboot...

C:\WINDOWS\System32\xpsysw.exe moved successfully.

[/log]

20 december, 2008

[log]OTViewIt logfile created on: 2008-12-20 12:34:15 - Run 2

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1022,48 Mb Total Physical Memory | 448,09 Mb Available Physical Memory | 43,82% Memory free

2,40 Gb Paging File | 1,92 Gb Available in Paging File | 80,18% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 93,15 Gb Total Space | 35,14 Gb Free Space | 37,73% Space Free | Partition Type: NTFS

Drive D: | 426,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 968,96 Mb Total Space | 968,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: STOP-21455814C3

Current User Name: Sibbe

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2005-03-08 22:34:28 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2006-08-01 09:39:44 | 00,239,264 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

[2008-02-12 17:53:26 | 00,177,488 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSETMGR.EXE

[2005-05-06 03:27:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\ISSVC.exe

[2007-03-28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

[2005-03-30 22:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

[2005-03-08 22:34:28 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2008-02-12 17:53:02 | 00,185,680 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCEVTMGR.EXE

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2006-08-03 17:08:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2004-06-03 12:14:16 | 00,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

[2008-05-12 08:49:47 | 00,826,512 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe

[2008-04-14 17:05:24 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2008-04-14 17:05:14 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[2008-02-12 17:52:46 | 00,049,488 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCAPP.EXE

[2005-02-02 13:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPLpr.exe

[2005-02-02 13:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPEnh.exe

[2005-03-08 20:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

[2007-03-11 20:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\Hp\HP Software Update\hpwuSchd2.exe

[2004-12-03 12:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program\HPQ\Quick Launch Buttons\eabservr.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_07\bin\jusched.exe

[2005-04-01 14:11:14 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[2008-07-01 13:42:36 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program\Delade filer\Real\Update_OB\realsched.exe

[2008-11-04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QTTask.exe

[2008-11-20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunesHelper.exe

[2008-04-14 17:05:24 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe

[2008-01-15 15:17:09 | 00,277,960 | ---- | M] (DT Soft Ltd.) -- C:\Program\DAEMON Tools Pro\DTProAgent.exe

[2006-11-15 09:49:42 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe

[2008-10-15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2004-06-02 16:48:22 | 00,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

[2008-05-12 14:37:49 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2004-06-02 16:46:52 | 01,249,364 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\BTStackServer.exe

[2005-03-04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\HPQ\shared\hpqwmi.exe

[2006-07-14 08:48:16 | 00,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Program\Philips\Media Manager\Philips Media Manager.exe

[2005-05-29 16:16:34 | 00,120,432 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NSMdtr.exe

[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe

[2007-09-20 09:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

[2007-01-15 11:24:14 | 00,128,112 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe

[2008-06-10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_07\bin\jucheck.exe

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe

[2008-12-19 09:10:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005-03-08 22:34:28 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2006-08-03 17:08:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisk LiveUpdate-schemaläggare [Auto | Running])

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2004-06-03 12:14:16 | 00,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe -- (btwdins [Auto | Running])

[2008-02-12 17:53:02 | 00,185,680 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])

[2006-08-01 09:39:44 | 00,239,264 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE -- (ccProxy [Auto | Running])

[2008-02-12 17:53:20 | 00,083,280 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])

[2008-02-12 17:53:26 | 00,177,488 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])

[2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2005-03-04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Running])

[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2005-05-06 03:27:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\ISSVC.exe -- (ISSVC [Auto | Running])

[2006-08-03 17:08:02 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007-01-15 11:24:14 | 00,128,112 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -- (navapsvc [On_Demand | Running])

[2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2005-10-10 22:28:24 | 00,198,368 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Stopped])

[2005-11-09 15:28:08 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService [Auto | Stopped])

[2007-03-28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])

[2005-03-30 22:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2008-05-12 08:49:47 | 00,826,512 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2005-03-08 22:36:52 | 00,988,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2008-12-08 21:15:40 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])

[2005-03-10 10:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])

[2004-06-02 16:07:28 | 01,240,938 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [boot | Running])

[2004-06-02 15:50:16 | 00,053,816 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])

[2004-11-17 11:17:14 | 00,293,120 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD [On_Demand | Running])

[2004-11-17 11:17:58 | 00,280,192 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA [On_Demand | Running])

[2004-04-14 06:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [system | Running])

[2003-06-06 10:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])

[2008-09-03 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008-04-17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2004-12-15 16:18:34 | 00,207,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])

[2004-12-15 16:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2008-04-14 16:41:34 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2008-12-08 21:15:39 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])

[2004-03-17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2008-11-12 10:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081217.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008-11-12 10:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081217.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2008-11-23 23:03:43 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005-04-25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2005-03-04 12:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])

[2005-10-10 22:28:18 | 00,334,984 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])

[2005-10-10 22:28:22 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [system | Running])

[2008-04-13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2008-04-13 17:39:17 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005-03-30 22:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008-08-04 15:05:31 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2007-03-28 17:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2006-09-15 21:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2007-03-28 17:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2007-03-28 17:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008-09-12 08:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SymcData\idsdefs\20081213.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2008-05-12 08:49:47 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

[2007-03-28 17:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2007-03-28 17:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2007-03-28 17:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2005-02-02 12:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2005-03-16 13:43:06 | 00,159,488 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

[2008-10-01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2004-12-15 16:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[2008-04-13 19:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [system | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (770 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

68.142.79.69 www.happysex.ch

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

{BDF3E430-B101-42AD-A544-FADC6B084872} (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"AutoTBar"=AUTOTBAR.EXE File not found

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"Cpqset"=C:\Program\HPQ\Default Settings\cpqset.exe ()

"eabconfg.cpl"=C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )

"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

"hpWirelessAssistant"=C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"Symantec NetDriver Monitor"=C:\Program\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)

"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

"URLLSTCK.exe"=C:\Program\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

"Windows Logon"=wsnhost.exe File not found

"xpsys.exe"=C:\WINDOWS\system32\xpsysw.exe File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) RunServices Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Windows Logon"=wsnhost.exe File not found

========== (O4) Startup Folders ==========

[2004-12-14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2004-06-02 16:48:22 | 00,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\BTTray.lnk = C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

[2008-05-12 14:37:49 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

File not found -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Adobe Media Player.lnk = C:\Program\Adobe Media Player\Adobe Media Player.exe

[2006-07-14 08:48:16 | 00,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk = C:\Program\Philips\Media Manager\Philips Media Manager.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referensinformation -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-4017 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229080257765 -- WUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab -- Java Plug-in 1.5.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

========== (O17) DNS Name Servers ==========

{3F44E469-DE46-409A-B8EF-DA7402612F54} (Servers: | Description: 1394 Net Adapter)

{A67D86FA-AA51-4278-A1A1-E4B4314019B2} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{C9F6D075-BE73-4880-8A71-22324FCC4D8E} (Servers: | Description: Broadcom 802.11b/g WLAN)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2008-05-09 11:57:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [;DA2007 Installer ver.: 2.1 | [autorun] | open=WAC_installer.exe | ]

[2007-06-06 04:17:41 | 00,000,064 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5e06a41-1dc5-11dd-8355-806d6172696f}\Shell]

""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5e06a41-1dc5-11dd-8355-806d6172696f}\Shell\AutoRun\command]

""=D:\WAC_installer.exe -- [2007-06-06 04:17:41 | 01,311,296 | R--- | M] (Macromedia, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]

""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command]

""=D:\WAC_installer.exe -- [2007-06-06 04:17:41 | 01,311,296 | R--- | M] (Macromedia, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]

[2008-12-20 12:25:15 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2008-12-19 14:51:35 | 00,039,667 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\xpsysw

[2008-12-19 13:41:10 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-19 13:33:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\MSNFix

[2008-12-19 13:04:49 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\xpsysw.exe

[2008-12-19 12:55:45 | 00,792,618 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\MSNFix.zip

[2008-12-19 09:10:49 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-16 18:52:10 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:08 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-12-16 18:51:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-13 10:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Philips Media Manager Sample Media

[2008-12-13 10:06:00 | 00,000,886 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-13 10:05:34 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\i4j_jres

[2008-12-12 18:19:11 | 00,000,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 18:19:11 | 00,000,000 | ---D | C] -- C:\Program\Philips

[2008-12-12 12:33:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:11:38 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2008-12-08 21:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Games

[2008-12-08 21:17:36 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2008-12-08 21:17:36 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2008-12-08 21:17:35 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2008-12-08 21:17:34 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2008-12-08 21:17:33 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2008-12-08 21:17:19 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2008-12-08 21:17:18 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2008-12-08 21:17:18 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2008-12-08 21:17:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2008-12-08 21:17:16 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2008-12-08 21:17:15 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2008-12-08 21:17:14 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll

[2008-12-08 21:17:13 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2008-12-08 21:17:11 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2008-12-08 21:17:11 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

[2008-12-08 21:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\SherlockHolmesTheAwakenedv1.3NoDVDFixedexeEng

[2008-12-08 21:16:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2008-12-08 21:16:03 | 00,000,000 | ---D | C] -- C:\Program\AGEIA Technologies

[2008-12-08 21:15:41 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard

[2008-12-08 21:15:40 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-12-08 21:14:59 | 05,296,128 | R--- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\game.exe

[2008-12-08 21:08:38 | 00,000,000 | ---D | C] -- C:\Program\Focus

[2008-12-04 11:48:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\VA - Absolute Hits 2008

[2008-12-03 18:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Segelsemester 2008

[2008-11-24 14:35:01 | 00,000,957 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:34:09 | 01,122,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll

[2008-11-24 14:34:08 | 01,650,688 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll

[2008-11-24 14:34:08 | 01,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll

[2008-11-24 14:34:08 | 01,552,384 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll

[2008-11-24 14:34:08 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaw7.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaa6.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplapx.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplam6.dll

[2008-11-24 14:34:08 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2008-11-24 14:34:04 | 00,417,792 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl

[2008-11-24 14:34:03 | 00,000,000 | ---D | C] -- C:\Program\ACE Mega CoDecS Pack

[2008-11-24 12:12:55 | 51,622,242 | ---- | C] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:06:00 | 00,136,704 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\iacenc.dll

[2008-11-24 12:06:00 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008-11-24 12:05:57 | 00,000,000 | ---D | C] -- C:\Program\Ligos

[2008-11-24 12:03:49 | 02,068,266 | ---- | C] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:20 | 14,618,605 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:03:43 | 00,240,240 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

[2008-11-23 23:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:466F9D5D

[2008-11-22 16:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Ny mapp

[2008-11-22 16:25:04 | 00,000,000 | ---D | C] -- C:\Program\iPod

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Program\iTunes

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008-11-22 16:21:32 | 00,000,000 | ---D | C] -- C:\Program\QuickTime

========== Files - Modified Within 30 Days ==========

[19 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008-12-20 12:27:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-20 12:26:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-20 12:26:35 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-19 14:49:10 | 00,039,667 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\xpsysw

[2008-12-19 12:55:46 | 00,792,618 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\MSNFix.zip

[2008-12-19 09:10:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-19 07:16:00 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-16 18:55:20 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:31 | 00,000,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008-12-16 18:51:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-14 15:54:22 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\xpsysw.exe

[2008-12-14 15:36:35 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Mina delade mappar.lnk

[2008-12-13 12:58:56 | 00,181,760 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-13 10:09:36 | 00,000,886 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-12 18:19:11 | 00,000,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 12:33:39 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:31:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-12 12:28:02 | 00,933,196 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-12-12 12:28:02 | 00,412,338 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-12-12 12:28:02 | 00,409,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-12-12 12:28:02 | 00,076,836 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-12-12 12:28:02 | 00,064,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-12-11 23:38:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008-12-11 23:38:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-09 23:13:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008-12-09 23:13:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008-12-08 21:15:40 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-11-24 14:35:01 | 00,000,957 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:23:11 | 00,000,831 | ---- | M] () -- C:\WINDOWS\system.ini

[2008-11-24 12:16:29 | 51,622,242 | ---- | M] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:03:50 | 02,068,266 | ---- | M] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:55 | 14,618,605 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:03:43 | 00,240,240 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

< End of report >

[/log]

20 december, 2008

Skall genast byta lösenord frånh en annan dator, eller är denna nu ren?

Hur skall man göra med tex e-legitimation?

20 december, 2008

Automatiska uppdateringar fungerar fortfarande inte. Går jag till system, säkerhet så är automatiska uppdateringar ifyllt. Men i högra hörnet på datorn finns en röd sköld som säger att det är av??

20 december, 2008

Eftersom automatiska uppdateringar inte fungerar så finns det risk för att något är kvar, så kan du byta lösenord från en annan dator så är det bäst. Jag vet inte hur e-legitimation fungerar så det kan jag inte svara på. Det är väl en bank eller liknande som utfärdar den och i så fall se om du kan få kontakt med någon där.

Ta bort xpsysw och xpwsysw.exe från Skrivbordet.

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

Klistra in innehållet i loggfilen i ditt svar här.

Gör inget annat med SmitfraudFix.

20 december, 2008

[log]SmitFraudFix v2.387

Scan done at 13:32:53,81, 2008-12-20

Run from C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\DAEMON Tools Pro\DTProAgent.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\HPQ\shared\hpqwmi.exe

C:\Program\Philips\Media Manager\Philips Media Manager.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Symantec Shared\AdBlocking\NSMdtr.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sibbe.STOP-21455814C3

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SIBBE~1.STO\LOKALA~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sibbe.STOP-21455814C3\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SIBBE~1.STO\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch