Just nu i M3-nätverket
Jump to content

Infekterad dator som är seg


ferdi_k

Recommended Posts

Hej!

 

Jag har lite problem med min dator, den är lite seg och så df körde jag också

samma program (ComboFix) som du rekomenderade o här är logen:

Tack så jättemycket! kolla om det är något strull!

 

 

ComboFix 10-07-22.06 - bou 2010-07-23 21:22:10.1.1 - x86

Körs från: c:\documents and settings\bou\Skrivbord\ComboFix.exe

* Skapade en ny återställningspunkt

* Resident AV is active

 

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\bou\Application Data\chrtmp

c:\documents and settings\bou\Start-meny\Program\Mach7.lnk

c:\program\Delade filer\m7

c:\program\Delade filer\m7\finish_install.exe

c:\program\Delade filer\m7\in.vbs

c:\program\Delade filer\m7\licence.txt

c:\program\Delade filer\m7\mach7.dat

c:\program\Delade filer\m7\mach7.exe

c:\program\Delade filer\m7\mach7ico.ico

c:\program\Delade filer\m7\startm7.bat

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\fonts

c:\windows\system32\fonts\DataStudioSymbol.TTF

c:\windows\system32\mxpvct22.dat

c:\windows\system32\mxpvct25.dat

c:\windows\Temp\_ex-08.exe

 

----- BITS: Troligen infekterade webbplatser -----

 

hxxp://www.podtrac.com

hxxp://libsyn.com

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_SSHNAS

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-06-23 till 2010-07-23 ))))))))))))))))))))))))))))))

.

 

2010-07-23 19:34 . 2010-07-23 19:34 -------- dc----w- c:\temp\WPDNSE

2010-07-23 19:33 . 2010-07-23 19:33 53248 -c--a-w- c:\temp\catchme.dll

2010-07-23 19:32 . 2010-07-23 19:32 16384 -c--atw- c:\temp\Perflib_Perfdata_154.dat

2010-07-23 10:36 . 2010-07-23 19:26 -------- dc----w- c:\temp\div9.tmp

2010-07-21 10:05 . 2010-07-21 10:05 -------- dc----w- c:\temp\div3.tmp

2010-07-19 22:12 . 2010-07-22 19:11 -------- dc----w- c:\documents and settings\bou\Application Data\vlc

2010-07-19 22:09 . 2010-07-19 22:09 -------- dc----w- c:\documents and settings\bou\Lokala inst�llningar

2010-07-19 22:03 . 2010-07-19 22:03 -------- dc----w- c:\documents and settings\bou\Application Data\MozillaControl

2010-07-19 22:03 . 2010-07-23 19:26 -------- dc----w- c:\temp\{1D2C96C3-A3F3-49E7-B839-95279DED837F}

2010-07-19 22:01 . 2010-07-19 22:01 -------- dc----w- c:\program\Mozilla ActiveX Control v1.7.12

2010-07-19 21:57 . 2010-07-19 22:25 -------- dc----w- c:\program\Graboid

2010-07-19 20:12 . 2010-07-23 19:26 -------- dc----w- c:\temp\divBA.tmp

2010-07-14 15:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml1

2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml

2010-07-14 14:57 . 2010-07-14 14:57 -------- dc----w- c:\temp\VBE

2010-07-14 13:37 . 2010-07-23 19:26 -------- dc----w- c:\temp\iss1D.tmp

2010-07-14 13:19 . 2010-07-14 13:19 -------- dc----w- c:\temp\div16.tmp

2010-07-14 13:18 . 2010-07-23 19:26 -------- dc----w- c:\temp\is-TE48T.tmp

2010-07-14 12:58 . 2010-07-14 13:24 -------- dc----w- c:\temp\comtypes_cache

2010-07-14 11:51 . 2010-07-14 11:51 -------- dc----w- c:\windows\system32\wbem\Repository

2010-07-14 11:11 . 2010-07-14 11:54 766976 -c--a-w- c:\windows\system32\drivers\djscd.sys

2010-07-14 11:02 . 2010-07-20 22:00 -------- dc----w- c:\temp\hsperfdata_bou

2010-07-14 10:58 . 2010-07-14 10:58 -------- dc----w- c:\temp\div5.tmp

2010-07-13 21:02 . 2010-07-23 19:26 -------- dc----w- c:\temp\MessengerCache

2010-07-13 19:01 . 2010-07-13 19:01 -------- dc----w- c:\documents and settings\All Users\Application Data\wanted_demo

2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros

2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\program\AGEIA Technologies

2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\windows\system32\AGEIA

2010-07-13 14:46 . 2010-07-13 14:46 -------- dc----w- c:\program\Delade filer\Wise Installation Wizard

2010-07-13 09:47 . 2010-07-23 19:26 -------- dc----w- c:\temp\divA.tmp

2010-07-12 14:56 . 2010-07-12 14:56 -------- dc----w- c:\program\Thomas Wright Consulting

2010-07-11 11:08 . 2010-07-11 11:08 -------- dc----w- c:\windows\BBSTORE

2010-07-11 11:08 . 1997-05-12 14:53 314368 -c--a-w- c:\windows\IsUninst.exe

2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\program\Telia

2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Support.com

2010-07-10 19:16 . 2010-07-10 19:16 -------- dc----w- c:\windows\system32\winrm

2010-07-10 19:15 . 2010-07-10 19:16 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\program\MAGIX

2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX

2010-07-10 13:53 . 2010-07-10 14:56 -------- dc----w- c:\program\Ace Translator

2010-07-10 11:29 . 2010-07-10 11:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Boss Media

2010-07-08 19:56 . 2010-07-08 19:58 -------- dc----w- c:\windows\uninstall

2010-07-08 17:14 . 2010-07-08 17:14 -------- dc----w- c:\documents and settings\bou\Application Data\Need for Speed World

2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Ask.com

2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Adobe PhotoShop CS3

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Windows Desktop Search

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\PhotoFiltre

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Xara

2010-07-08 14:38 . 2010-07-14 13:37 -------- dc----w- c:\program\Uniblue

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\UnHackMe

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----r- c:\program\Net Nanny

2010-07-08 14:36 . 2010-07-08 16:25 -------- dc----w- c:\program\Delade filer\Adobe AIR

2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\documents and settings\bou\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2010-07-08 13:13 . 2010-07-08 14:36 -------- dc----w- c:\program\AdobeSupportAdvisor

2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\program\Delade filer\Adobe AIR(3)

2010-07-07 10:29 . 2010-07-07 10:29 -------- dc----w- c:\program\Activision

2010-07-04 20:04 . 2010-07-04 20:05 -------- dc----w- c:\documents and settings\All Users\Application Data\PlatinumHideIP

2010-07-04 20:04 . 2010-07-04 20:04 -------- dc----w- c:\documents and settings\bou\Application Data\PlatinumHideIP

2010-07-04 18:41 . 2010-07-04 20:03 -------- dc----w- c:\documents and settings\bou\Application Data\DVD Flick

2010-07-04 18:40 . 2010-07-04 18:41 -------- dc----w- c:\program\DVD Flick

2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-03 23:20 . 2010-07-03 23:20 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe

2010-07-03 23:20 . 2010-07-03 23:20 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe

2010-07-03 23:20 . 2010-07-03 23:20 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe

2010-07-02 16:54 . 2010-07-02 16:54 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-01 19:53 . 2010-07-01 19:53 -------- dc----w- c:\documents and settings\bou\Application Data\CheeseSoft

2010-07-01 19:53 . 2010-07-01 19:54 -------- dc----w- c:\program\FinalUninstaller

2010-06-27 15:36 . 2010-07-14 12:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-27 15:36 . 2010-06-30 11:11 -------- dc----w- c:\program\Spybot - Search & Destroy

2010-06-26 19:39 . 2010-06-26 19:39 2 -cshatr- c:\windows\winstart.bat

2010-06-26 00:06 . 2010-06-26 00:06 -------- dc----w- c:\program\Conduit

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-23 19:32 . 2008-05-08 02:12 -------- dc----w- c:\program\NORMAN

2010-07-22 19:11 . 2010-07-19 22:12 -------- dc----w- c:\documents and settings\bou\Application Data\vlc

2010-07-19 22:49 . 2010-01-11 16:44 -------- dc----w- c:\documents and settings\bou\Application Data\uTorrent

2010-07-19 20:34 . 2010-02-03 17:56 -------- dc----w- c:\documents and settings\bou\Application Data\U3

2010-07-14 13:13 . 2010-05-07 17:01 -------- dc----w- c:\documents and settings\bou\Application Data\Uniblue

2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros

2010-07-13 18:48 . 2006-10-03 06:21 -------- dc-h--w- c:\program\InstallShield Installation Information

2010-07-11 10:58 . 2010-05-16 14:46 -------- dc----w- c:\program\MagicISO

2010-07-10 11:58 . 2010-06-14 16:59 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-10 11:58 . 2010-05-07 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX

2010-07-10 11:57 . 2010-07-10 11:57 56765 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-07-10 11:57 . 2010-05-07 21:05 -------- dc----w- c:\program\DivX

2010-07-10 11:57 . 2010-07-10 11:57 57715 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-07-10 11:57 . 2010-07-10 11:57 84054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-07-10 11:56 . 2010-07-10 11:56 54153 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-07-10 11:56 . 2010-06-16 17:39 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-07-10 11:54 . 2010-06-16 17:39 895256 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-08 16:24 . 2010-07-08 16:25 53632 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-07-08 16:23 . 2010-07-08 16:23 12124624 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe

2010-07-08 15:42 . 2010-02-11 14:34 -------- dc----w- c:\program\Delade filer\Adobe

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote

2010-07-04 18:46 . 2010-05-16 13:55 -------- dc----w- c:\documents and settings\bou\Application Data\ImgBurn

2010-07-04 18:45 . 2010-05-15 23:19 -------- dc----w- c:\program\ImgBurn

2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\documents and settings\bou\Application Data\PnkBstrK.sys

2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\documents and settings\bou\Application Data\PnkBstrK.sys

2010-07-01 22:16 . 2010-01-13 19:55 -------- dc----w- c:\documents and settings\bou\Application Data\HpUpdate

2010-07-01 21:26 . 2010-05-25 20:57 -------- dc----w- c:\program\Ubisoft

2010-07-01 20:11 . 2010-03-29 16:49 -------- dc----w- c:\documents and settings\bou\Application Data\Apple Computer

2010-07-01 15:30 . 2010-03-28 17:18 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-01 14:20 . 2008-05-08 02:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-30 19:54 . 2006-05-02 12:05 -------- dc----w- c:\program\Google

2010-06-30 13:33 . 2010-05-25 21:21 -------- dc----w- c:\program\CCleaner

2010-06-28 12:17 . 2010-04-25 08:27 1324 -c--a-w- c:\windows\system32\d3d9caps.dat

2010-06-24 21:50 . 2008-05-30 08:03 -------- dc----w- c:\program\HP

2010-06-21 23:36 . 2010-03-24 20:19 -------- dc----w- c:\program\Free FLV Converter

2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-06-21 18:11 . 2010-05-29 10:14 -------- dc----w- c:\documents and settings\bou\Application Data\Dream Aquarium

2010-06-21 15:26 . 2010-06-21 15:24 -------- dc----w- c:\program\PcMedik

2010-06-19 19:54 . 2010-06-23 10:24 168448 -c--a-w- c:\windows\Wpicug.exe

2010-06-19 19:54 . 2010-06-22 12:01 168448 -c--a-w- c:\windows\Wpicuf.exe

2010-06-19 19:54 . 2010-06-21 23:49 168448 -c--a-w- c:\windows\Wpicue.exe

2010-06-19 19:54 . 2010-06-21 16:14 168448 -c--a-w- c:\windows\Wpicud.exe

2010-06-19 19:54 . 2010-06-21 09:02 168448 -c--a-w- c:\windows\Wpicuc.exe

2010-06-19 19:54 . 2010-06-20 10:47 168448 -c--a-w- c:\windows\Wpicub.exe

2010-06-19 19:53 . 2010-06-19 19:53 168448 -c--a-w- c:\windows\Wpicua.exe

2010-06-19 12:08 . 2010-06-19 12:08 -------- dc----w- c:\program\Saitek

2010-06-18 19:34 . 2010-02-27 14:29 -------- dc----w- c:\program\Windows Live Safety Center

2010-06-18 11:40 . 2004-08-04 12:00 84650 -c--a-w- c:\windows\system32\perfc01D.dat

2010-06-18 11:40 . 2004-08-04 12:00 446102 -c--a-w- c:\windows\system32\perfh01D.dat

2010-06-17 16:11 . 2010-01-17 17:51 -------- dc----w- c:\documents and settings\bou\Application Data\DivX

2010-06-17 10:44 . 2010-06-17 10:44 -------- dc----w- c:\program\SystemRequirementsLab

2010-06-17 10:16 . 2010-06-17 10:16 -------- dc----w- c:\program\Microsoft Games

2010-06-16 23:04 . 2010-02-11 20:41 -------- dc----w- c:\program\Windows Live

2010-06-16 23:03 . 2010-06-16 23:03 -------- dc----w- c:\program\Microsoft SQL Server Compact Edition

2010-06-16 17:39 . 2010-06-16 17:39 56997 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-16 17:39 . 2010-06-16 17:39 53600 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 54128 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-08 09:30 . 2010-03-24 20:19 311296 -c--a-w- c:\windows\system32\TubeFinder.exe

2010-06-08 09:00 . 2010-02-26 13:07 -------- dc----w- c:\documents and settings\bou\Application Data\Media Player Classic

2010-06-05 10:53 . 2010-06-05 10:53 -------- dc----w- c:\documents and settings\bou\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2010-06-05 10:07 . 2010-05-22 14:55 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-06-02 02:55 . 2010-06-23 12:23 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 02:55 . 2010-06-23 12:23 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 02:55 . 2010-06-23 12:23 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll

2010-05-29 10:14 . 2010-05-29 10:07 -------- dc----w- c:\program\Dream Aquarium

2010-05-27 20:32 . 2007-12-19 09:45 245936 -c--a-w- c:\windows\system32\drivers\SynTP.sys

2010-05-27 20:31 . 2008-03-28 00:04 120104 -c--a-w- c:\windows\system32\SynTPCo4.dll

2010-05-27 20:31 . 2007-12-19 09:45 165160 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-05-27 20:31 . 2007-12-19 09:45 210216 -c--a-w- c:\windows\system32\SynCtrl.dll

2010-05-27 20:31 . 2007-12-19 09:45 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-05-26 09:41 . 2010-06-23 12:23 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll

2010-05-25 20:59 . 2010-05-01 15:48 -------- dc----w- c:\program\Easy-Hide-IP

2010-05-25 20:59 . 2010-05-25 20:59 -------- dc----w- c:\program\Common Files

2010-05-25 20:54 . 2010-05-09 14:41 -------- dc----w- c:\program\AllWebMenus3

2010-05-25 20:54 . 2010-05-09 16:40 -------- dc----w- c:\program\Gigaset QuickSync(2)

2010-05-25 20:38 . 2010-02-25 16:29 -------- dc----w- c:\program\Sony Ericsson

2010-05-25 20:29 . 2010-05-21 22:07 -------- dc----w- c:\documents and settings\bou\Application Data\GetRightToGo

2010-05-25 20:29 . 2010-05-21 22:11 -------- dc----w- c:\program\Driver Checker

2010-05-25 20:26 . 2010-05-22 13:39 -------- dc----w- c:\program\Delade filer\Adobe AIR(2)

2010-05-25 20:06 . 2010-02-25 16:34 -------- dc----w- c:\program\QuickTime

2010-05-25 20:05 . 2010-05-25 19:38 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS

2010-05-17 19:00 . 2010-03-29 16:49 59052 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-05-06 10:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-28 05:44 . 2010-06-16 23:04 54760 -c--a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-04-25 10:55 . 2010-04-25 09:16 79488 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll

2010-04-25 10:55 . 2010-04-25 09:16 152576 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\jre1.6.0_20\lzma.dll

2010-04-17 18:59 . 2010-04-17 18:08 80 -csh--r- c:\windows\system32\D59F6963CD.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Norman ZANDA"="c:\program\NORMAN\Npm\bin\ZLH.EXE" [2009-10-06 275840]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"NNTray"="c:\program\Net Nanny\nnstart.exe" [2002-09-24 61440]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SwitchBoard"="c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

NalView.lnk - c:\program\Novell\ZENworks\NalView.exe [2005-9-8 35840]

PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2008-5-8 40960]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-01-10 11:36 24576 -c--a-w- c:\windows\system32\Novell\xtnotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]

2007-05-02 02:21 364544 -c--a-r- c:\windows\system32\TPSvc.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Photosmart Premier Snabbstart.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\HP Photosmart Premier Snabbstart.lnk

backup=c:\windows\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Windows Search.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^bou^Start-meny^Program^Autostart^Telia Mobilt bredband.lnk]

path=c:\documents and settings\bou\Start-meny\Program\Autostart\Telia Mobilt bredband.lnk

backup=c:\windows\pss\Telia Mobilt bredband.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 07:58 40368 -c--a-w- c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2010-03-09 02:28 11989960 -c--a-w- c:\program\Adobe\Adobe Bridge CS5\Bridge.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 02:57 406992 -c--a-w- c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 16:05 15360 -c--a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 -c--a-w- c:\program\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07 2260480 -c----w- c:\program\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2008-04-14 16:05 143872 -c--a-w- c:\windows\system32\mobsync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"ose"=3 (0x3)

"Bonjour Service"=2 (0x2)

"gupdate"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Novell\\GroupWise\\grpwise.exe"=

"c:\\Novell\\GroupWise\\notify.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\bou\\Skrivbord\\uTorrent.exe"=

"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program\\Ace Translator\\AceTrans.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-04-24 28552]

R1 NGS;Norman General Security Driver;c:\program\NORMAN\nvc\bin\ngs.sys [2010-01-11 25032]

R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-01-17 6899]

R2 Ndiskio;Ndiskio;c:\program\NORMAN\Nse\Bin\Ndiskio.sys [2010-01-11 24168]

R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-09-01 163840]

R2 USB Drive Letter Mananger;USBDLM;c:\program\USBDLM\USBDLM.exe [2006-05-24 64000]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [2005-01-10 61440]

R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-01-10 2773]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-03 17149]

R3 nsesvc;Norman Scanner Engine Service;c:\program\NORMAN\Nse\Bin\Nsesvc.exe [2010-01-11 283976]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-01-11 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\program\NORMAN\nvc\bin\Nvcoas.exe [2010-01-11 185672]

R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\NORMAN\nvc\bin\Nvcsched.exe [2010-01-11 148808]

S2 hgfs;hgfs;c:\windows\system32\DRIVERS\hgfs.sys --> c:\windows\system32\DRIVERS\hgfs.sys [?]

S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-03-22 43392]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-02-25 13224]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-07-05 65664]

S3 SwitchBoard;SwitchBoard;c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-08-04 14336]

S4 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 135664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

 

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

 

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

 

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = 127.0.0.1:8080

uInternet Settings,ProxyOverride = local

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nattstad.se/ImageUploader6.cab

FF - ProfilePath - c:\documents and settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

------- Filassociationer -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-adsnwk - c:\windows\system32\adsnwk.exe

HKLM-Run-FU_JFM - c:\program\FinalUninstaller\JFM.exe

MSConfigStartUp-Adobe ARM - c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

MSConfigStartUp-Adobe Photo Downloader - c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

MSConfigStartUp-AdobeCS4ServiceManager - c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe

MSConfigStartUp-AGEIA PhysX SysTray - c:\program\AGEIA Technologies\TrayIcon.exe

MSConfigStartUp-IDMan - c:\temp\Rar$EX02.015\idm 5.18\IDMan.exe

MSConfigStartUp-m7 - c:\progra~1\common~1\m7\in.vbs

MSConfigStartUp-Sony Ericsson PC Suite - c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

MSConfigStartUp-swg - c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

AddRemove-Svenska Spels Poker - c:\casino\SVENSK~1\UNWISE.EXE

AddRemove-uTorrent - u:\\uTorrent.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-23 21:33

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NNTray = c:\program\Net Nanny\nnstart.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-2814842062-1513136318-2222897245-1045\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder]

@Denied: (A C D 2 3 6) (Everyone)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"D140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(872)

c:\program\Novell\ZENworks\ZENPOL32.DLL

c:\windows\system32\xmlparse.dll

c:\windows\system32\msi.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'Explorer.exe'(3896)

c:\program\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\NLS\SVENSKA\NWSHLXNR.DLL

c:\windows\system32\NLS\SVENSKA\NOVNPNTR.DLL

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program\NORMAN\Npm\bin\ELOGSVC.EXE

c:\program\NORMAN\npm\bin\zanda.exe

c:\windows\system32\agrsmsvc.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program\Novell\ZENworks\nalntsrv.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program\Novell\ZENworks\wm.exe

c:\program\NORMAN\Npm\bin\NJEEVES.EXE

c:\program\Novell\ZENworks\WMRUNDLL.EXE

c:\windows\system32\NWTRAY.EXE

c:\program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\windows\system32\msiexec.exe

c:\program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\program\NORMAN\Nvc\bin\cclaw.exe

c:\program\DataStudio\PASPortal.exe

.

**************************************************************************

.

Sluttid: 2010-07-23 21:42:14 - datorn startades om.

ComboFix-quarantined-files.txt 2010-07-23 19:42

 

Före genomsökningen: 64 613 941 248 byte ledigt

Efter genomsökningen: 65 233 313 792 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - AE3DC8D7F051866BF7362490207FBACA

 

 

 

:thumbsup: TACK!

Link to comment
Share on other sites

  • Replies 55
  • Created
  • Last Reply

ComboFix rekommenderas aldrig som första program att köra. Först vill se en översikt över datorn. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Link to comment
Share on other sites

ComboFix rekommenderas aldrig som första program att köra. Först vill se en översikt över datorn. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

 

hej!

här är dds loggen:

 

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by bou at 19:20:14,21 on 2010-07-24

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1919.1137 [GMT 2:00]

 

AV: Norman Virus Control *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

 

============== Running Processes ===============

 

C:\WINDOWS\System32\Novell\XTAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRAM\NORMAN\Npm\bin\ELOGSVC.EXE

C:\PROGRAM\NORMAN\npm\bin\zanda.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Novell\ZENworks\nalntsrv.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\USBDLM\USBDLM.exe

C:\Program\Novell\ZENworks\wm.exe

C:\PROGRAM\NORMAN\Npm\bin\NJEEVES.EXE

C:\Program\Novell\ZENworks\WMRUNDLL.EXE

C:\PROGRAM\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\PROGRAM\NORMAN\Nvc\bin\nvcoas.exe

C:\Program\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRAM\NORMAN\Npm\bin\ZLH.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\PROGRAM\NORMAN\Nvc\bin\cclaw.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\DataStudio\PASPortal.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Documents and Settings\bou\Lokala inställningar\Temporary Internet Files\Content.IE5\UAO8I3H8\dds[1].scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.google.se/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = 127.0.0.1:8080

uInternet Settings,ProxyOverride = local

BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File

TB: {00000000-5736-4205-0008-F7ED0776FB27} - No File

uRun: [msnmsgr] "c:\program\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [ZENRC Tray Icon] c:\windows\system32\zentray.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe

mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [startCCC] "c:\program\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

mRun: [soundMAXPnP] c:\program\analog devices\core\smax4pnp.exe

mRun: [NNTray] c:\program\net nanny\nnstart.exe

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [switchBoard] c:\program\delade filer\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program\delade filer\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\nalview.lnk - c:\program\novell\zenworks\NalView.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\paspor~1.lnk - c:\windows\installer\{d4ab1a2a-72a8-4801-b238-0cb789c992fe}\NewShortcut1.exe

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program\delade filer\sourcetec\swf catcher\InternetExplorer.htm

IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe

IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program\delade filer\sourcetec\swf catcher\InternetExplorer.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~4\office11\REFIEBAR.DLL

IE: {C1994287-422F-47aa-8E5E-6323E210A125} - {4B5F7606-8666-4D5A-9780-DB92A9D8812B} - c:\program\novell\zenworks\AxNalServer.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nattstad.se/ImageUploader6.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NetIdentity Notification - c:\windows\system32\novell\XtNotify.dll

Notify: TPSvc - TPSvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwv1_0

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\bou\applic~1\mozilla\firefox\profiles\9l2eva6x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

 

============= SERVICES / DRIVERS ===============

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-24 28552]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-2-16 10880]

R1 NGS;Norman General Security Driver;c:\program\norman\nvc\bin\ngs.sys [2010-1-11 25032]

R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-1-17 6899]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-6-17 54760]

R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\Ndiskio.sys [2010-1-11 24168]

R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\Zanda.exe [2010-1-11 411016]

R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program\novell\zenworks\remotemanagement\rmagent\ZenRem32.exe [2005-9-1 163840]

R2 USB Drive Letter Mananger;USBDLM;c:\program\usbdlm\USBDLM.exe [2006-5-24 64000]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [2005-1-10 61440]

R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-1-10 2773]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-3 17149]

R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\Nsesvc.exe [2010-1-11 283976]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-1-11 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\Nvcoas.exe [2010-1-11 185672]

R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\norman\nvc\bin\Nvcsched.exe [2010-1-11 148808]

S2 hgfs;hgfs;c:\windows\system32\drivers\hgfs.sys --> c:\windows\system32\drivers\hgfs.sys [?]

S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-3-22 43392]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-2-25 13224]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-7-5 65664]

S3 SwitchBoard;SwitchBoard;c:\program\delade filer\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S4 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-3-2 135664]

 

============== File Associations ===============

 

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

 

=============== Created Last 30 ================

 

2010-07-24 17:20:13 0 dc----w- c:\temp\A.tmp

2010-07-24 16:24:45 0 dc----w- c:\temp\WPDNSE

2010-07-24 16:11:37 16384 -c--atw- c:\temp\Perflib_Perfdata_144.dat

2010-07-23 21:28:27 0 dc----w- c:\program\VirtualDJ

2010-07-23 19:37:30 0 dc----w- c:\windows\system32\Fonts

2010-07-23 19:32:23 16384 -c--atw- c:\temp\Perflib_Perfdata_154.dat

2010-07-23 19:20:22 0 dcsha-r- C:\cmdcons

2010-07-23 17:22:16 77312 -c--a-w- c:\windows\MBR.exe

2010-07-23 17:22:16 256512 -c--a-w- c:\windows\PEV.exe

2010-07-23 17:22:15 98816 -c--a-w- c:\windows\sed.exe

2010-07-23 17:22:15 161792 -c--a-w- c:\windows\SWREG.exe

2010-07-23 10:36:49 0 dc----w- c:\temp\div9.tmp

2010-07-21 10:05:08 0 dc----w- c:\temp\div3.tmp

2010-07-19 22:09:44 0 dc----w- c:\documents and settings\bou\Lokala inst�llningar

2010-07-19 22:03:13 0 dc----w- c:\docume~1\bou\applic~1\MozillaControl

2010-07-19 22:03:02 0 dc----w- c:\temp\{1D2C96C3-A3F3-49E7-B839-95279DED837F}

2010-07-19 22:01:57 0 dc----w- c:\program\Mozilla ActiveX Control v1.7.12

2010-07-19 21:57:51 0 dc----w- c:\program\Graboid

2010-07-19 20:12:43 0 dc----w- c:\temp\divBA.tmp

2010-07-14 18:13:10 62 -c--a-w- c:\windows\MyProg.ini

2010-07-14 15:11:53 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-14 15:08:53 0 dc----w- c:\temp\msohtml1

2010-07-14 15:08:53 0 dc----w- c:\temp\msohtml

2010-07-14 14:57:37 0 dc----w- c:\temp\VBE

2010-07-14 13:37:47 0 dc----w- c:\temp\iss1D.tmp

2010-07-14 13:19:10 0 dc----w- c:\temp\div16.tmp

2010-07-14 13:18:38 0 dc----w- c:\temp\is-TE48T.tmp

2010-07-14 12:58:46 0 dc----w- c:\temp\comtypes_cache

2010-07-14 11:51:31 0 dc----w- c:\windows\system32\wbem\Repository

2010-07-14 11:11:04 766976 -c--a-w- c:\windows\system32\drivers\djscd.sys

2010-07-14 11:02:49 0 dc----w- c:\temp\hsperfdata_bou

2010-07-14 10:58:40 0 dc----w- c:\temp\div5.tmp

2010-07-13 21:02:22 0 dc----w- c:\temp\MessengerCache

2010-07-13 19:01:04 0 dc----w- c:\docume~1\alluse~1\applic~1\wanted_demo

2010-07-13 18:48:05 0 dc----w- c:\program\WarnerBros

2010-07-13 14:52:44 0 dc----w- c:\windows\system32\AGEIA

2010-07-13 14:46:24 0 dc----w- c:\program\delade filer\Wise Installation Wizard

2010-07-13 09:47:29 0 dc----w- c:\temp\divA.tmp

2010-07-12 14:56:41 0 dc----w- c:\program\Thomas Wright Consulting

2010-07-11 11:08:50 0 dc----w- c:\windows\BBSTORE

2010-07-11 11:08:37 314368 -c--a-w- c:\windows\IsUninst.exe

2010-07-11 11:08:32 0 -c--a-w- c:\windows\SETUP32.INI

2010-07-11 10:51:23 0 dc----w- c:\program\Telia

2010-07-10 19:16:02 0 dc----w- c:\windows\system32\winrm

2010-07-10 19:15:49 0 dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-07-10 14:17:02 0 dc----w- c:\program\MAGIX

2010-07-10 14:17:02 0 dc----w- c:\docume~1\alluse~1\applic~1\MAGIX

2010-07-10 13:53:58 0 dc----w- c:\program\Ace Translator

2010-07-10 11:29:36 0 dc----w- c:\docume~1\alluse~1\applic~1\Boss Media

2010-07-08 19:56:02 0 dc----w- c:\windows\uninstall

2010-07-08 17:14:48 0 dc----w- c:\docume~1\bou\applic~1\Need for Speed World

2010-07-08 14:39:11 0 dc----w- c:\program\Ask.com

2010-07-08 14:39:02 0 dc----w- c:\program\Adobe PhotoShop CS3

2010-07-08 14:38:57 0 dc----w- c:\program\Vuze_Remote

2010-07-08 14:38:57 0 dc----w- c:\program\Windows Desktop Search

2010-07-08 14:38:57 0 dc----w- c:\program\PhotoFiltre

2010-07-08 14:38:56 0 dc----w- c:\program\Xara

2010-07-08 14:38:53 0 dc----w- c:\program\Uniblue

2010-07-08 14:38:52 0 dc----w- c:\program\UnHackMe

2010-07-08 14:38:51 0 dc----r- c:\program\Net Nanny

2010-07-08 14:36:30 0 dc----w- c:\program\delade filer\Adobe AIR

2010-07-08 13:13:55 0 dc----w- c:\docume~1\bou\applic~1\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2010-07-08 13:13:34 0 dc----w- c:\program\AdobeSupportAdvisor

2010-07-08 13:13:24 0 dc----w- c:\program\delade filer\Adobe AIR(3)

2010-07-07 10:29:29 0 dc----w- c:\program\Activision

2010-07-04 20:04:27 0 dc----w- c:\docume~1\bou\applic~1\PlatinumHideIP

2010-07-04 20:04:27 0 dc----w- c:\docume~1\alluse~1\applic~1\PlatinumHideIP

2010-07-04 18:41:17 0 dc----w- c:\docume~1\bou\applic~1\DVD Flick

2010-07-04 18:40:59 28672 -c--a-w- c:\windows\system32\mousewheel.ocx

2010-07-04 18:40:59 212240 -c--a-w- c:\windows\system32\richtx32.ocx

2010-07-04 18:40:59 0 dc----w- c:\program\DVD Flick

2010-07-03 23:20:53 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-03 23:20:53 138056 -c--a-w- c:\docume~1\bou\applic~1\PnkBstrK.sys

2010-07-03 23:20:38 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe

2010-07-03 23:20:35 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe

2010-07-03 23:20:34 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe

2010-07-01 19:53:46 0 dc----w- c:\docume~1\bou\applic~1\CheeseSoft

2010-07-01 19:53:39 0 dc----w- c:\program\FinalUninstaller

2010-06-27 15:36:35 0 dc----w- c:\program\Spybot - Search & Destroy

2010-06-27 15:36:35 0 dc----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-06-26 19:39:21 2 -cshatr- c:\windows\winstart.bat

2010-06-26 00:06:16 0 dc----w- c:\program\Conduit

 

==================== Find3M ====================

 

2010-06-21 19:14:46 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-06-21 19:14:41 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicug.exe

2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicuf.exe

2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicue.exe

2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicud.exe

2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicuc.exe

2010-06-19 19:54:39 168448 -c--a-w- c:\windows\Wpicub.exe

2010-06-19 19:53:48 168448 -c--a-w- c:\windows\Wpicua.exe

2010-06-18 11:40:29 84650 -c--a-w- c:\windows\system32\perfc01D.dat

2010-06-18 11:40:29 446102 -c--a-w- c:\windows\system32\perfh01D.dat

2010-06-09 23:01:10 9200 -c----w- c:\windows\system32\drivers\cdralw2k.sys

2010-06-09 23:01:10 9072 -c----w- c:\windows\system32\drivers\cdr4_xp.sys

2010-06-09 23:01:10 45648 -c----w- c:\windows\system32\drivers\PxHelp20.sys

2010-06-09 23:01:10 133616 -c----w- c:\windows\system32\pxafs.dll

2010-06-09 23:01:10 126448 -c----w- c:\windows\system32\pxinsi64.exe

2010-06-09 23:01:10 123888 -c----w- c:\windows\system32\pxcpyi64.exe

2010-06-08 09:30:38 311296 -c--a-w- c:\windows\system32\TubeFinder.exe

2010-06-02 02:55:30 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 02:55:30 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 02:55:30 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll

2010-05-27 20:32:58 245936 -c--a-w- c:\windows\system32\drivers\SynTP.sys

2010-05-27 20:31:32 165160 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-05-27 20:31:32 120104 -c--a-w- c:\windows\system32\SynTPCo4.dll

2010-05-27 20:31:28 210216 -c--a-w- c:\windows\system32\SynCtrl.dll

2010-05-27 20:31:26 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-05-26 09:41:02 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 09:41:02 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 09:41:02 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 09:41:02 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll

2010-05-26 09:41:02 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll

2010-05-17 19:00:47 59052 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-05-06 10:36:51 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10:15 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-17 18:59:57 80 -csh--r- c:\windows\system32\D59F6963CD.dll

2010-03-03 21:38:59 245760 -csha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2010-02-23 19:07:22 32768 -csha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012010022320100224\index.dat

 

============= FINISH: 19:20:51,47 ===============

Attach.txt

Link to comment
Share on other sites

uInternet Settings,ProxyServer = 127.0.0.1:8080

Har du själv ställt in att en Proxy Server ska användas?

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\windows\system32\drivers\djscd.sys

c:\windows\Wpicuc.exe

c:\windows\system32\D59F6963CD.dll

c:\windows\system32\mlfcache.dat

 

Vad finns i denna mapp?

2010-06-26 00:06:16 0 dc----w- c:\program\Conduit

 

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

Link to comment
Share on other sites

uInternet Settings,ProxyServer = 127.0.0.1:8080

Har du själv ställt in att en Proxy Server ska användas?

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

c:\windows\system32\drivers\djscd.sys

c:\windows\Wpicuc.exe

c:\windows\system32\D59F6963CD.dll

c:\windows\system32\mlfcache.dat

 

Vad finns i denna mapp?

2010-06-26 00:06:16 0 dc----w- c:\program\Conduit

 

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

 

Länk 1: http://www.virustotal.com/sv/analisis/4f3cc3292d02a47fd5bc029ecba70917745024867604d3393b512f5d392884e7-1280013778

Länk 2: http://www.virustotal.com/sv/analisis/8b3de3f83cbed34c29d9d27effd6bcd74534b8fcb65c6ea4dbe09b8ba40135ed-1277581823

Länk 3: http://www.virustotal.com/sv/analisis/742ac021f3d05d40282569ece8001feca9179af2c0c076734303d7881e10ea98-1277581762

Länk 4: http://www.virustotal.com/sv/analisis/dc722f6f1e422e47d298e77c1afe4eeab1f8bb33e97da5b9782de3e0b5a06a8b-1280061125

 

 

Jag har ingen aning om Proxy Servern (?)

I mappen c:\program\Conduit finns en mapp till som heter Community Alerts o i den mappen finns en dll-fil som heter Alert.dll

Link to comment
Share on other sites

Ett besvärligt rootkit verkar det vara.

 

1.

Ta bort den ComboFix du har på Skrivbordet och ladda ner en ny:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html'>http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

2.

Spara denna fil på Skrivbordet:

http://rootrepeal.googlepages.com/RootRepeal.zip

Packa upp zip-filen (extrahera) så att du får en programfil.

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).

Välj Report-fliken och tryck på Scan.

Bocka för alla sju valen och tryck sedan på Yes/Ja.

Välj C: och tryck Ok.

Det tar ett tag för RootRepeal att söka igenom C:.

När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.

 

3.

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

Link to comment
Share on other sites

Ett besvärligt rootkit verkar det vara.

 

1.

Ta bort den ComboFix du har på Skrivbordet och ladda ner en ny:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html'>http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

2.

Spara denna fil på Skrivbordet:

http://rootrepeal.googlepages.com/RootRepeal.zip

Packa upp zip-filen (extrahera) så att du får en programfil.

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

 

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).

Välj Report-fliken och tryck på Scan.

Bocka för alla sju valen och tryck sedan på Yes/Ja.

Välj C: och tryck Ok.

Det tar ett tag för RootRepeal att söka igenom C:.

När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.

 

3.

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

 

Jag har bifogat alla tre loggarna:

Combofix log.txt

RootRepeal report.txt

Gmer_ log.txt

Link to comment
Share on other sites

Jag klistrar in loggarna så att datt det är lätt att söka på det som står i och lätt att senare gå tillbaks och jämföra.

 

ComboFix 10-07-24.03 - bou 2010-07-25 18:18:25.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.1919.1339 [GMT 2:00]

Körs från: c:\documents and settings\bou\Skrivbord\ComboFix.exe

AV: Norman Virus Control *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

* Resident AV is active

 

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-06-25 till 2010-07-25 ))))))))))))))))))))))))))))))

.

 

2010-07-25 16:26 . 2010-07-25 16:26 53248 -c--a-w- c:\temp\catchme.dll

2010-07-25 16:18 . 2010-07-25 16:18 -------- dc----w- c:\temp\WPDNSE

2010-07-25 16:13 . 2010-07-25 16:13 16384 -c--atw- c:\temp\Perflib_Perfdata_73c.dat

2010-07-24 23:25 . 2010-07-24 23:25 503808 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e9a8723-n\msvcp71.dll

2010-07-24 23:25 . 2010-07-24 23:25 499712 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e9a8723-n\jmc.dll

2010-07-24 23:25 . 2010-07-24 23:25 348160 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e9a8723-n\msvcr71.dll

2010-07-24 23:25 . 2010-07-24 23:25 12800 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f92c13a-n\decora-d3d.dll

2010-07-24 23:25 . 2010-07-24 23:25 61440 -c--a-w- c:\documents and settings\bou\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f92c13a-n\decora-sse.dll

2010-07-24 23:25 . 2010-06-22 02:36 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-07-24 17:20 . 2010-07-25 15:31 -------- dc----w- c:\temp\A.tmp

2010-07-23 21:28 . 2010-07-23 21:28 -------- dc----w- c:\program\VirtualDJ

2010-07-23 10:36 . 2010-07-23 19:26 -------- dc----w- c:\temp\div9.tmp

2010-07-21 10:05 . 2010-07-21 10:05 -------- dc----w- c:\temp\div3.tmp

2010-07-19 22:12 . 2010-07-22 19:11 -------- dc----w- c:\documents and settings\bou\Application Data\vlc

2010-07-19 22:09 . 2010-07-19 22:09 -------- dc----w- c:\documents and settings\bou\Lokala inst�llningar

2010-07-19 22:03 . 2010-07-19 22:03 -------- dc----w- c:\documents and settings\bou\Application Data\MozillaControl

2010-07-19 22:03 . 2010-07-23 19:26 -------- dc----w- c:\temp\{1D2C96C3-A3F3-49E7-B839-95279DED837F}

2010-07-19 22:01 . 2010-07-19 22:01 -------- dc----w- c:\program\Mozilla ActiveX Control v1.7.12

2010-07-19 21:57 . 2010-07-19 22:25 -------- dc----w- c:\program\Graboid

2010-07-19 20:12 . 2010-07-23 19:26 -------- dc----w- c:\temp\divBA.tmp

2010-07-14 15:11 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml1

2010-07-14 15:08 . 2010-07-14 15:08 -------- dc----w- c:\temp\msohtml

2010-07-14 14:57 . 2010-07-14 14:57 -------- dc----w- c:\temp\VBE

2010-07-14 13:37 . 2010-07-23 19:26 -------- dc----w- c:\temp\iss1D.tmp

2010-07-14 13:19 . 2010-07-14 13:19 -------- dc----w- c:\temp\div16.tmp

2010-07-14 13:18 . 2010-07-23 19:26 -------- dc----w- c:\temp\is-TE48T.tmp

2010-07-14 12:58 . 2010-07-14 13:24 -------- dc----w- c:\temp\comtypes_cache

2010-07-14 11:51 . 2010-07-14 11:51 -------- dc----w- c:\windows\system32\wbem\Repository

2010-07-14 11:11 . 2010-07-14 11:54 766976 -c--a-w- c:\windows\system32\drivers\djscd.sys

2010-07-14 11:02 . 2010-07-24 23:25 -------- dc----w- c:\temp\hsperfdata_bou

2010-07-14 10:58 . 2010-07-14 10:58 -------- dc----w- c:\temp\div5.tmp

2010-07-13 21:02 . 2010-07-25 15:31 -------- dc----w- c:\temp\MessengerCache

2010-07-13 19:01 . 2010-07-13 19:01 -------- dc----w- c:\documents and settings\All Users\Application Data\wanted_demo

2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros

2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\program\AGEIA Technologies

2010-07-13 14:52 . 2010-07-13 14:52 -------- dc----w- c:\windows\system32\AGEIA

2010-07-13 14:46 . 2010-07-13 14:46 -------- dc----w- c:\program\Delade filer\Wise Installation Wizard

2010-07-13 09:47 . 2010-07-23 19:26 -------- dc----w- c:\temp\divA.tmp

2010-07-12 14:56 . 2010-07-12 14:56 -------- dc----w- c:\program\Thomas Wright Consulting

2010-07-11 11:08 . 2010-07-11 11:08 -------- dc----w- c:\windows\BBSTORE

2010-07-11 11:08 . 1997-05-12 14:53 314368 -c--a-w- c:\windows\IsUninst.exe

2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\program\Telia

2010-07-11 10:51 . 2010-07-11 10:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Support.com

2010-07-10 19:16 . 2010-07-10 19:16 -------- dc----w- c:\windows\system32\winrm

2010-07-10 19:15 . 2010-07-10 19:16 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\program\MAGIX

2010-07-10 14:17 . 2010-07-12 15:04 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX

2010-07-10 13:53 . 2010-07-10 14:56 -------- dc----w- c:\program\Ace Translator

2010-07-10 11:57 . 2010-07-10 11:57 56765 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-07-10 11:57 . 2010-07-10 11:57 57715 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-07-10 11:57 . 2010-07-10 11:57 84054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-07-10 11:56 . 2010-07-10 11:56 54153 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-07-10 11:29 . 2010-07-10 11:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Boss Media

2010-07-08 19:56 . 2010-07-08 19:58 -------- dc----w- c:\windows\uninstall

2010-07-08 17:14 . 2010-07-08 17:14 -------- dc----w- c:\documents and settings\bou\Application Data\Need for Speed World

2010-07-08 16:25 . 2010-07-08 16:24 53632 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2010-07-08 16:23 . 2010-07-08 16:23 12124624 -c--a-w- c:\documents and settings\bou\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller2x0\airinstaller2x0.exe

2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Ask.com

2010-07-08 14:39 . 2010-07-08 14:39 -------- dc----w- c:\program\Adobe PhotoShop CS3

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Windows Desktop Search

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\PhotoFiltre

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Xara

2010-07-08 14:38 . 2010-07-14 13:37 -------- dc----w- c:\program\Uniblue

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\UnHackMe

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----r- c:\program\Net Nanny

2010-07-08 14:36 . 2010-07-08 16:25 -------- dc----w- c:\program\Delade filer\Adobe AIR

2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\documents and settings\bou\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2010-07-08 13:13 . 2010-07-08 14:36 -------- dc----w- c:\program\AdobeSupportAdvisor

2010-07-08 13:13 . 2010-07-08 13:13 -------- dc----w- c:\program\Delade filer\Adobe AIR(3)

2010-07-07 10:29 . 2010-07-07 10:29 -------- dc----w- c:\program\Activision

2010-07-04 20:04 . 2010-07-04 20:05 -------- dc----w- c:\documents and settings\All Users\Application Data\PlatinumHideIP

2010-07-04 20:04 . 2010-07-04 20:04 -------- dc----w- c:\documents and settings\bou\Application Data\PlatinumHideIP

2010-07-04 18:41 . 2010-07-04 20:03 -------- dc----w- c:\documents and settings\bou\Application Data\DVD Flick

2010-07-04 18:40 . 2010-07-04 18:41 -------- dc----w- c:\program\DVD Flick

2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-07-03 23:20 . 2010-07-03 23:20 138056 -c--a-w- c:\documents and settings\bou\Application Data\PnkBstrK.sys

2010-07-03 23:20 . 2010-07-03 23:20 189248 -c--a-w- c:\windows\system32\PnkBstrB.exe

2010-07-03 23:20 . 2010-07-03 23:20 75064 -c--a-w- c:\windows\system32\PnkBstrA.exe

2010-07-03 23:20 . 2010-07-03 23:20 2434856 -c--a-w- c:\windows\system32\pbsvc_bc2.exe

2010-07-02 16:54 . 2010-07-02 16:54 -------- dcsh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-01 19:53 . 2010-07-01 19:53 -------- dc----w- c:\documents and settings\bou\Application Data\CheeseSoft

2010-07-01 19:53 . 2010-07-01 19:54 -------- dc----w- c:\program\FinalUninstaller

2010-06-27 15:36 . 2010-07-14 12:00 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-27 15:36 . 2010-06-30 11:11 -------- dc----w- c:\program\Spybot - Search & Destroy

2010-06-26 19:39 . 2010-06-26 19:39 2 -cshatr- c:\windows\winstart.bat

2010-06-26 00:06 . 2010-06-26 00:06 -------- dc----w- c:\program\Conduit

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-25 16:13 . 2008-05-08 02:12 -------- dc----w- c:\program\NORMAN

2010-07-24 23:25 . 2008-05-08 02:17 -------- dc----w- c:\program\Delade filer\Java

2010-07-24 23:25 . 2008-05-08 02:17 -------- dc----w- c:\program\Java

2010-07-23 21:28 . 2010-07-23 21:28 -------- dc----w- c:\program\VirtualDJ

2010-07-22 19:11 . 2010-07-19 22:12 -------- dc----w- c:\documents and settings\bou\Application Data\vlc

2010-07-19 22:49 . 2010-01-11 16:44 -------- dc----w- c:\documents and settings\bou\Application Data\uTorrent

2010-07-19 20:34 . 2010-02-03 17:56 -------- dc----w- c:\documents and settings\bou\Application Data\U3

2010-07-14 13:13 . 2010-05-07 17:01 -------- dc----w- c:\documents and settings\bou\Application Data\Uniblue

2010-07-13 18:48 . 2010-07-13 18:48 -------- dc----w- c:\program\WarnerBros

2010-07-13 18:48 . 2006-10-03 06:21 -------- dc-h--w- c:\program\InstallShield Installation Information

2010-07-11 10:58 . 2010-05-16 14:46 -------- dc----w- c:\program\MagicISO

2010-07-10 11:58 . 2010-06-14 16:59 57344 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-07-10 11:58 . 2010-05-07 21:03 -------- dc----w- c:\documents and settings\All Users\Application Data\DivX

2010-07-10 11:57 . 2010-05-07 21:05 -------- dc----w- c:\program\DivX

2010-07-10 11:56 . 2010-06-16 17:39 1062184 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-07-10 11:54 . 2010-06-16 17:39 895256 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-07-08 15:42 . 2010-02-11 14:34 -------- dc----w- c:\program\Delade filer\Adobe

2010-07-08 14:38 . 2010-07-08 14:38 -------- dc----w- c:\program\Vuze_Remote

2010-07-04 18:46 . 2010-05-16 13:55 -------- dc----w- c:\documents and settings\bou\Application Data\ImgBurn

2010-07-04 18:45 . 2010-05-15 23:19 -------- dc----w- c:\program\ImgBurn

2010-07-01 22:16 . 2010-01-13 19:55 -------- dc----w- c:\documents and settings\bou\Application Data\HpUpdate

2010-07-01 21:26 . 2010-05-25 20:57 -------- dc----w- c:\program\Ubisoft

2010-07-01 20:11 . 2010-03-29 16:49 -------- dc----w- c:\documents and settings\bou\Application Data\Apple Computer

2010-07-01 15:30 . 2010-03-28 17:18 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-01 14:20 . 2008-05-08 02:16 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-06-30 19:54 . 2006-05-02 12:05 -------- dc----w- c:\program\Google

2010-06-30 13:33 . 2010-05-25 21:21 -------- dc----w- c:\program\CCleaner

2010-06-28 12:17 . 2010-04-25 08:27 1324 -c--a-w- c:\windows\system32\d3d9caps.dat

2010-06-24 21:50 . 2008-05-30 08:03 -------- dc----w- c:\program\HP

2010-06-21 23:36 . 2010-03-24 20:19 -------- dc----w- c:\program\Free FLV Converter

2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf

2010-06-21 19:14 . 2010-06-21 19:14 0 -c-ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2010-06-21 18:11 . 2010-05-29 10:14 -------- dc----w- c:\documents and settings\bou\Application Data\Dream Aquarium

2010-06-21 15:26 . 2010-06-21 15:24 -------- dc----w- c:\program\PcMedik

2010-06-19 19:54 . 2010-06-23 10:24 168448 -c--a-w- c:\windows\Wpicug.exe

2010-06-19 19:54 . 2010-06-22 12:01 168448 -c--a-w- c:\windows\Wpicuf.exe

2010-06-19 19:54 . 2010-06-21 23:49 168448 -c--a-w- c:\windows\Wpicue.exe

2010-06-19 19:54 . 2010-06-21 16:14 168448 -c--a-w- c:\windows\Wpicud.exe

2010-06-19 19:54 . 2010-06-21 09:02 168448 -c--a-w- c:\windows\Wpicuc.exe

2010-06-19 19:54 . 2010-06-20 10:47 168448 -c--a-w- c:\windows\Wpicub.exe

2010-06-19 19:53 . 2010-06-19 19:53 168448 -c--a-w- c:\windows\Wpicua.exe

2010-06-19 12:08 . 2010-06-19 12:08 -------- dc----w- c:\program\Saitek

2010-06-18 19:34 . 2010-02-27 14:29 -------- dc----w- c:\program\Windows Live Safety Center

2010-06-18 11:40 . 2004-08-04 12:00 84650 -c--a-w- c:\windows\system32\perfc01D.dat

2010-06-18 11:40 . 2004-08-04 12:00 446102 -c--a-w- c:\windows\system32\perfh01D.dat

2010-06-17 16:11 . 2010-01-17 17:51 -------- dc----w- c:\documents and settings\bou\Application Data\DivX

2010-06-17 10:44 . 2010-06-17 10:44 -------- dc----w- c:\program\SystemRequirementsLab

2010-06-17 10:16 . 2010-06-17 10:16 -------- dc----w- c:\program\Microsoft Games

2010-06-16 23:04 . 2010-02-11 20:41 -------- dc----w- c:\program\Windows Live

2010-06-16 23:03 . 2010-06-16 23:03 -------- dc----w- c:\program\Microsoft SQL Server Compact Edition

2010-06-16 17:39 . 2010-06-16 17:39 56997 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-06-16 17:39 . 2010-06-16 17:39 53600 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 57054 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 54166 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 57532 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 56458 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 54174 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-06-16 17:38 . 2010-06-16 17:38 54128 -c--a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-08 09:30 . 2010-03-24 20:19 311296 -c--a-w- c:\windows\system32\TubeFinder.exe

2010-06-08 09:00 . 2010-02-26 13:07 -------- dc----w- c:\documents and settings\bou\Application Data\Media Player Classic

2010-06-05 10:53 . 2010-06-05 10:53 -------- dc----w- c:\documents and settings\bou\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2010-06-05 10:07 . 2010-05-22 14:55 -------- dc----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2010-06-02 02:55 . 2010-06-23 12:23 74072 -c--a-w- c:\windows\system32\XAPOFX1_5.dll

2010-06-02 02:55 . 2010-06-23 12:23 527192 -c--a-w- c:\windows\system32\XAudio2_7.dll

2010-06-02 02:55 . 2010-06-23 12:23 239960 -c--a-w- c:\windows\system32\xactengine3_7.dll

2010-05-29 10:14 . 2010-05-29 10:07 -------- dc----w- c:\program\Dream Aquarium

2010-05-27 20:32 . 2007-12-19 09:45 245936 -c--a-w- c:\windows\system32\drivers\SynTP.sys

2010-05-27 20:31 . 2008-03-28 00:04 120104 -c--a-w- c:\windows\system32\SynTPCo4.dll

2010-05-27 20:31 . 2007-12-19 09:45 165160 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-05-27 20:31 . 2007-12-19 09:45 210216 -c--a-w- c:\windows\system32\SynCtrl.dll

2010-05-27 20:31 . 2007-12-19 09:45 173352 ----a-w- c:\windows\system32\SynCOM.dll

2010-05-26 09:41 . 2010-06-23 12:23 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 1868128 -c--a-w- c:\windows\system32\d3dcsx_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll

2010-05-26 09:41 . 2010-06-23 12:23 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll

2010-05-17 19:00 . 2010-03-29 16:49 59052 -c-ha-w- c:\windows\system32\mlfcache.dat

2010-05-06 10:36 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:10 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-28 05:44 . 2010-06-16 23:04 54760 -c--a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2010-04-17 18:59 . 2010-04-17 18:08 80 -csh--r- c:\windows\system32\D59F6963CD.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-07-25_15.32.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-07-25 16:13 . 2008-05-08 09:21 14206 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\XPSec.dat

- 2010-07-25 12:21 . 2008-05-08 09:21 14206 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\XPSec.dat

+ 2010-07-25 16:13 . 2008-05-08 09:21 45056 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\IPS1.dat

- 2010-07-25 12:21 . 2008-05-08 09:21 45056 c:\windows\system32\GroupPolicy\Machine\Microsoft\Windows NT\SecEdit\IPS1.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"NDPS"="c:\windows\system32\dpmw32.exe" [2004-05-17 32859]

"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-01-17 40960]

"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]

"Norman ZANDA"="c:\program\NORMAN\Npm\bin\ZLH.EXE" [2009-10-06 275840]

"StartCCC"="c:\program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]

"SoundMAXPnP"="c:\program\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]

"NNTray"="c:\program\Net Nanny\nnstart.exe" [2002-09-24 61440]

"SwitchBoard"="c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

NalView.lnk - c:\program\Novell\ZENworks\NalView.exe [2005-9-8 35840]

PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2008-5-8 40960]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]

2005-01-10 11:36 24576 -c--a-w- c:\windows\system32\Novell\xtnotify.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]

2007-05-02 02:21 364544 -c--a-r- c:\windows\system32\TPSvc.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Photosmart Premier Snabbstart.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\HP Photosmart Premier Snabbstart.lnk

backup=c:\windows\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Windows Search.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^bou^Start-meny^Program^Autostart^Telia Mobilt bredband.lnk]

path=c:\documents and settings\bou\Start-meny\Program\Autostart\Telia Mobilt bredband.lnk

backup=c:\windows\pss\Telia Mobilt bredband.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-18 07:58 40368 -c--a-w- c:\program\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]

2010-03-09 02:28 11989960 -c--a-w- c:\program\Adobe\Adobe Bridge CS5\Bridge.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 02:57 406992 -c--a-w- c:\program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 16:05 15360 -c--a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-06-03 00:50 1144104 ----a-w- c:\program\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-16 20:12 3872080 -c--a-w- c:\program\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 14:07 2260480 -c----w- c:\program\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2008-04-14 16:05 143872 -c--a-w- c:\windows\system32\mobsync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=2 (0x2)

"idsvc"=3 (0x3)

"gusvc"=3 (0x3)

"wlidsvc"=2 (0x2)

"ose"=3 (0x3)

"Bonjour Service"=2 (0x2)

"gupdate"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Novell\\GroupWise\\grpwise.exe"=

"c:\\Novell\\GroupWise\\notify.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\bou\\Skrivbord\\uTorrent.exe"=

"c:\\Program\\Sony Ericsson\\Update Service\\Update Service.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program\\Ace Translator\\AceTrans.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

 

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-04-24 28552]

R1 NGS;Norman General Security Driver;c:\program\NORMAN\nvc\bin\ngs.sys [2010-01-11 25032]

R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [2005-01-17 6899]

R2 Ndiskio;Ndiskio;c:\program\NORMAN\Nse\Bin\Ndiskio.sys [2010-01-11 24168]

R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2005-09-01 163840]

R2 USB Drive Letter Mananger;USBDLM;c:\program\USBDLM\USBDLM.exe [2006-05-24 64000]

R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\Novell\xtagent.exe [2005-01-10 61440]

R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [2005-01-10 2773]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-10-03 17149]

R3 nsesvc;Norman Scanner Engine Service;c:\program\NORMAN\Nse\Bin\Nsesvc.exe [2010-01-11 283976]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2010-01-11 21832]

R3 nvcoas;Norman Virus Control on-access component;c:\program\NORMAN\nvc\bin\Nvcoas.exe [2010-01-11 185672]

R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\NORMAN\nvc\bin\Nvcsched.exe [2010-01-11 148808]

S2 hgfs;hgfs;c:\windows\system32\DRIVERS\hgfs.sys --> c:\windows\system32\DRIVERS\hgfs.sys [?]

S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2006-03-22 43392]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-02-25 13224]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2007-07-05 65664]

S3 SwitchBoard;SwitchBoard;c:\program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-08-04 14336]

S4 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 135664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

 

2010-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-02 17:11]

 

2010-07-25 c:\windows\Tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

 

2010-07-25 c:\windows\Tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = 127.0.0.1:8080

uInternet Settings,ProxyOverride = local

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm

DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab

DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.nattstad.se/ImageUploader6.cab

FF - ProfilePath - c:\documents and settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www2.firesearch.com/

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

------- Filassociationer -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-07-25 18:26

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NNTray = c:\program\Net Nanny\nnstart.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-2814842062-1513136318-2222897245-1045\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder]

@Denied: (A C D 2 3 6) (Everyone)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"D140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

"D140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(696)

c:\program\Novell\ZENworks\ZENPOL32.DLL

c:\windows\system32\xmlparse.dll

c:\windows\system32\msi.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'Explorer.exe'(3268)

c:\program\WINDOW~2\wmpband.dll

c:\windows\system32\NLS\SVENSKA\NWSHLXNR.DLL

c:\windows\system32\NLS\SVENSKA\NOVNPNTR.DLL

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

 

- - - - - - - > 'Explorer.exe'(3412)

c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\program\SPYBOT~1\SDHelper.dll

c:\windows\system32\NLS\SVENSKA\NWSHLXNR.DLL

c:\windows\system32\NLS\SVENSKA\NOVNPNTR.DLL

c:\program\Microsoft Office\OFFICE11\msohev.dll

c:\windows\system32\PortableDeviceApi.dll

.

Sluttid: 2010-07-25 18:29:27

ComboFix-quarantined-files.txt 2010-07-25 16:29

ComboFix2.txt 2010-07-25 15:35

ComboFix3.txt 2010-07-23 19:42

 

Före genomsökningen: 70 397 325 312 byte ledigt

Efter genomsökningen: 70 420 205 568 byte ledigt

 

- - End Of File - - 80A0C7C8E22EE8C9AFE60AE2E8982B40

 

******************************************************

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/07/25 18:30

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: catchme.sys

Image Path: C:\Temp\catchme.sys

Address: 0xBA428000 Size: 31744 File Visible: No Signed: -

Status: -

 

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xACD00000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xBA5D2000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: mbr.sys

Image Path: C:\Temp\mbr.sys

Address: 0xBA3E0000 Size: 20864 File Visible: No Signed: -

Status: -

 

Name: nwfilter.sys

Image Path: nwfilter.sys

Address: 0xBA4CC000 Size: 15808 File Visible: No Signed: -

Status: -

 

Name: PROCEXP113.SYS

Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Address: 0xBA628000 Size: 7872 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA927A000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: c:\documents and settings\bou\lokala inställningar\temporary internet files\content.word\~wrf0003.tmp

Status: Allocation size mismatch (API: 4096, Raw: 0)

 

Path: c:\documents and settings\localservice\lokala inställningar\temp\cookies\index.dat

Status: Allocation size mismatch (API: 4096, Raw: 16384)

 

Path: c:\documents and settings\localservice\lokala inställningar\temp\history\history.ie5\index.dat

Status: Allocation size mismatch (API: 4096, Raw: 16384)

 

Path: C:\Documents and Settings\bou\Lokala inställningar\Apps\2.0\35JMXCX0.71B\09YZR90V.567\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\bou\Lokala inställningar\Apps\2.0\35JMXCX0.71B\09YZR90V.567\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\eFerKar.RI-1418-393.000\Lokala inställningar\Apps\2.0\K8R1TVPG.ODN\6ZTKMYEJ.MCO\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\eFerKar.RI-1418-393.000\Lokala inställningar\Apps\2.0\K8R1TVPG.ODN\6ZTKMYEJ.MCO\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!

 

==EOF==

******************************************************

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-07-26 00:01:29

Windows 5.1.2600 Service Pack 3

Running: qev9us82.exe; Driver: C:\Temp\pfdiakog.sys

 

 

---- System - GMER 1.0.15 ----

 

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90F159A

INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B90F1655

 

Code \??\C:\Temp\catchme.sys pIofCallDriver

 

---- Kernel code sections - GMER 1.0.15 ----

 

? nwfilter.sys Det går inte att hitta filen. !

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F73000, 0x17D80E, 0xE8000020]

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Det går inte att hitta filen. !

? C:\Temp\catchme.sys Det går inte att hitta filen. !

? C:\Temp\mbr.sys Det går inte att hitta filen. !

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\3da21691-e39d-4da6-8a4b-b43877bcb1b7@FlushCacheFiles C:\WINDOWS\SoftwareDistribution\EventCache\{DB945B03-1F52-4C6D-9D62-E7F9BE7B3165}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{D41787F5-BC1B-4414-AA72-2A55A861B78C}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{1E4FF124-BD1E-46F0-9B5C-B804E7257311}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{C169930F-A539-4CD1-B948-FDD1D85B0AB3}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{45DB4264-2C05-457C-AC39-7BD74B35C663}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{41C28601-E771-42F8-A228-A863E96A41D9}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{7FF6EC69-86A9-4BD7-AE99-677D14124B8B}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{E9D9F060-68FA-419C-B740-B887D0026D5B}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{2859028F-5302-4262-A7F7-FAA772C9C08A}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{E8D023DE-F5C1-4364-9F94-D3F07605DB2E}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{0725A93A-B858-4825-A1DC-0091682AA346}.bin?C:\WINDOWS\SoftwareDistribution\EventCache\{C47248F3-2F0C-4C9E-8EB5-95229BAA8

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32@Assembly Microsoft.Office.Interop.FrontPage, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32@Class Microsoft.Office.Interop.FrontPage.ApplicationClass

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32@RuntimeVersion v1.1.4322

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0@Class Microsoft.Office.Interop.FrontPage.ApplicationClass

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0@Assembly Microsoft.Office.Interop.FrontPage, Version=11.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\InprocServer32\11.0.0.0@RuntimeVersion v1.1.4322

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\LocalServer32@ C:\Program\MICROS~4\OFFICE11\FRONTPG.EXE

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\LocalServer32@LocalServer32 F&HBVn-}f(ZXfeAR6.jiFPClientFiles>yl'iQFmea9c.svcfb5$r?

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\ProgID@ FrontPage.Application.6

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\Programmable@

Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}\VersionIndependentProgID@ FrontPage.Application

 

---- EOF - GMER 1.0.15 ----

Link to comment
Share on other sites

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

 

Är det en företagsdator eftersom Novell ZENworks är installerat? I så fall bör du inte göra något av följande för det kan förstöra inställningar så att datorn inte fungerar i ett företagsnätverk.

 

Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar

Klicka på Avancerat

Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.

Ta bort innehållet där så att alla rutor under rubriken Servrar är tomma.

Klicka OK

Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.

Ta bort eventuellt innehåll i rutan Adress

Avbocka "Använd en proxyserver...."

 

Kopiera alla rader i rutan:

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Eftersom datorn blev infekterad för mer än en månad sedan är det bäst att kolla med OTL också eftersom det går att ställa in den för att titta på nya filer som är äldre än en månad. Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Ändra 30 days to 90 days.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Link to comment
Share on other sites

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

 

Är det en företagsdator eftersom Novell ZENworks är installerat? I så fall bör du inte göra något av följande för det kan förstöra inställningar så att datorn inte fungerar i ett företagsnätverk.

 

Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar

Klicka på Avancerat

Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.

Ta bort innehållet där så att alla rutor under rubriken Servrar är tomma.

Klicka OK

Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.

Ta bort eventuellt innehåll i rutan Adress

Avbocka "Använd en proxyserver...."

 

Kopiera alla rader i rutan:

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Eftersom datorn blev infekterad för mer än en månad sedan är det bäst att kolla med OTL också eftersom det går att ställa in den för att titta på nya filer som är äldre än en månad. Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe'>http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Ändra 30 days to 90 days.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

länken funkar inte http://oldtimer.geekstogo.com/OTL.exe

Link to comment
Share on other sites

Har du ändrat så att mappen c:\temp ska användas som mapp för tillfälliga filer?

 

Är det en företagsdator eftersom Novell ZENworks är installerat? I så fall bör du inte göra något av följande för det kan förstöra inställningar så att datorn inte fungerar i ett företagsnätverk.

 

Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar

Klicka på Avancerat

Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.

Ta bort innehållet där så att alla rutor under rubriken Servrar är tomma.

Klicka OK

Skriv ner hur det ser ut så att du kan återställa om borttagningen av proxy-servern gör att du tappar internetförbindelsen.

Ta bort eventuellt innehåll i rutan Adress

Avbocka "Använd en proxyserver...."

 

Kopiera alla rader i rutan:

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Eftersom datorn blev infekterad för mer än en månad sedan är det bäst att kolla med OTL också eftersom det går att ställa in den för att titta på nya filer som är äldre än en månad. Spara OTL på Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe'>http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Ändra 30 days to 90 days.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

 

nej, men delvis. det är skolans dator jag använder, därför har jag novell

angående länken http://oldtimer.geekstogo.com/OTL.exe den funkar inte, och proxy-servern är inte förbockat, men när jag öppnar Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar under ProxyServer är rutan inte bockat, men det står Adress: 127.0.0.1 Port 8080 ska jag iaf tabort de eller låta de vara?

 

och en sista ting, ang

Killall::
Rootkit::
c:\windows\system32\drivers\djscd.sys
File::
c:\windows\Wpicug.exe
c:\windows\Wpicuf.exe
c:\windows\Wpicue.exe
c:\windows\Wpicud.exe
c:\windows\Wpicuc.exe
c:\windows\Wpicub.exe
c:\windows\Wpicua.exe

 

ska jag köra det i samband med jag först tarbort Proxyserven o därefter köra koden eller kan det köras annars också?

Tack!

Link to comment
Share on other sites

men när jag öppnar Kontrollpanelen - Internetalternativ - Anslutningar - LAN-inställningar under ProxyServer är rutan inte bockat, men det står Adress: 127.0.0.1 Port 8080 ska jag iaf tabort de eller låta de vara?
Då kan det vara kvar.

 

Jag kan inte garantera att datorn fungerar med skolans nätverk när den har blivit ren.

 

Du kan köra ComboFix med CFScript fast du inte ändrar proxy-server-rutan.

 

Jag återkommer med en annan OTL-länk.

Link to comment
Share on other sites

Då kan det vara kvar.

 

Jag kan inte garantera att datorn fungerar med skolans nätverk när den har blivit ren.

 

Du kan köra ComboFix med CFScript fast du inte ändrar proxy-server-rutan.

 

Jag återkommer med en annan OTL-länk.

 

jag har klistrat in ovanstående koden, och sparar den med namnet CFScript, men ska det vara en exe fil eller txt ?

Link to comment
Share on other sites

Tack för alla poäng! :D

 

När man sparar i Anteckningar så brukar det automatiskt bli filändelsen .txt och det ska det vara. Se till att det i Anteckningar ser ut precis som här i forumet, med lika många rader.

Link to comment
Share on other sites

Tack för alla poäng! :D

 

När man sparar i Anteckningar så brukar det automatiskt bli filändelsen .txt och det ska det vara. Se till att det i Anteckningar ser ut precis som här i forumet, med lika många rader.

 

Inga problem! =)

 

Det går inte att klistra in hela OTL-loggen "det blir för långt" enligt Eforum, därför

så bifogar jag de alla tre, sorry!

OTL.Txt

Extras.Txt

Combo log.txt

Link to comment
Share on other sites

ComboFix tog bort filerna precis som den skulle.

 

OTL blev lite onödigt lång därför att du valde 180 dagar i stället för 90 dagar samt att i alla fall den bifogade OTL.txt innehåller loggen två gånger. Jag tog bort det som gällde filer skapade eller modifierade innan 14 juni och klistrade in resten.

 

OTL logfile created on: 2010-07-26 13:15:31 - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\bou\Skrivbord

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 111,79 Gb Total Space | 65,43 Gb Free Space | 58,53% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RI-1418-393

Current User Name: bou

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 180 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\bou\Skrivbord\OTL.exe (OldTimer Tools)

PRC - C:\Program\NORMAN\Nse\Bin\Nsesvc.exe (Norman ASA)

PRC - C:\Program\NORMAN\npm\Bin\Njeeves.exe (Norman ASA)

PRC - C:\Program\NORMAN\npm\Bin\Zlh.exe (Norman ASA)

PRC - C:\Program\NORMAN\npm\Bin\Zanda.exe (Norman ASA)

PRC - C:\Program\NORMAN\nvc\bin\Nvcsched.exe (Norman ASA)

PRC - C:\Program\NORMAN\nvc\bin\CClaw.exe (Norman ASA)

PRC - C:\Program\NORMAN\nvc\bin\Nvcoas.exe (Norman ASA)

PRC - C:\Program\NORMAN\npm\Bin\elogsvc.exe (Norman ASA)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)

PRC - C:\Program\DataStudio\PASPortal.exe (PASCO Scientific)

PRC - C:\Program\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)

PRC - C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\Program\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)

PRC - C:\Program\Novell\ZENworks\WM.EXE (Novell, Inc.)

PRC - C:\Program\Novell\ZENworks\WMRUNDLL.EXE (Novell, Inc.)

PRC - C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)

PRC - C:\WINDOWS\system32\nwtray.exe (Novell, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\bou\Skrivbord\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (PEVSystemStart) -- C:\ComboFix\PEV.cfx File not found

SRV - (fsssvc) -- C:\Program\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (SwitchBoard) -- C:\Program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (nsesvc) -- C:\PROGRAM\NORMAN\Nse\bin\NSESVC.EXE (Norman ASA)

SRV - (Norman NJeeves) -- C:\Program\NORMAN\npm\Bin\Njeeves.exe (Norman ASA)

SRV - (Norman ZANDA) -- C:\PROGRAM\NORMAN\npm\bin\zanda.exe (Norman ASA)

SRV - (NVCScheduler) -- C:\Program\NORMAN\nvc\bin\Nvcsched.exe (Norman ASA)

SRV - (nvcoas) -- C:\PROGRAM\NORMAN\Nvc\bin\nvcoas.exe (Norman ASA)

SRV - (eLoggerSvc6) -- C:\PROGRAM\NORMAN\Npm\bin\ELOGSVC.EXE (Norman ASA)

SRV - (CcmExec) -- C:\WINDOWS\system32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\WINDOWS\System32\CCM\TSManager.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)

SRV - (USB Drive Letter Mananger) -- C:\Program\USBDLM\USBDLM.exe (Uwe Sieber - www.uwe-sieber.de)

SRV - (MDM) -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (NALNTSERVICE) -- C:\Program\Novell\ZENworks\NALNTSRV.EXE (Novell, Inc.)

SRV - (ZFDWM) -- C:\Program\Novell\ZENworks\WM.EXE (Novell, Inc.)

SRV - (Remote Management Agent) -- C:\Program\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe (Novell, Inc.)

SRV - (cusrvc) -- C:\WINDOWS\system32\cusrvc.exe (Novell, Inc.)

SRV - (XTAgent) -- C:\WINDOWS\system32\Novell\xtagent.exe (Novell, Inc.)

SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (hgfs) -- C:\WINDOWS\System32\DRIVERS\hgfs.sys File not found

DRV - (catchme) -- C:\Temp\catchme.sys File not found

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (Ndiskio) -- C:\Program\NORMAN\Nse\Bin\Ndiskio.sys (Norman ASA)

DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)

DRV - (NGS) -- c:\Program\NORMAN\nvc\bin\ngs.sys (Norman ASA)

DRV - (prepdrvr) -- C:\WINDOWS\system32\CCM\PrepDrv.sys (Microsoft Corporation)

DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (smsmdd) -- C:\WINDOWS\system32\drivers\smsmdm.sys (Microsoft Corporation)

DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

DRV - (dmio) -- C:\WINDOWS\System32\drivers\dmio.sys ()

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)

DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)

DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (vmscsi) -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys (VMware, Inc.)

DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech Inc.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (NWDHCP) -- C:\WINDOWS\system32\NetWare\nwdhcp.sys (Novell, Inc.)

DRV - (NetwareWorkstation) -- C:\WINDOWS\system32\NetWare\nwfs.sys (Novell, Inc.)

DRV - (SRVLOC) -- C:\WINDOWS\system32\NetWare\srvloc.sys (Novell, Inc.)

DRV - (NWSIPX32) -- C:\WINDOWS\system32\NetWare\nwsipx32.sys (Novell, Inc.)

DRV - (NWHOST) -- C:\WINDOWS\system32\NetWare\nwhost.sys (Novell, Inc.)

DRV - (NWSNS) -- C:\WINDOWS\system32\NetWare\nwsns.sys (Novell, Inc.)

DRV - (NWDNS) -- C:\WINDOWS\system32\NetWare\nwdns.sys (Novell, Inc.)

DRV - (eabusb) -- C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Development Company, L.P.)

DRV - (eabfiltr) -- C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (AR5523) -- C:\WINDOWS\system32\drivers\WG11TND5.sys (NETGEAR, Inc.)

DRV - (NWFILTER) -- C:\WINDOWS\system32\NetWare\nwfilter.sys (Novell, Inc.)

DRV - (BlankScr) -- C:\WINDOWS\System32\drivers\blankscr.sys (Novell Inc.)

DRV - (Darpan) -- C:\WINDOWS\system32\drivers\Darpan.sys (Novell, Inc.)

DRV - (NWSLP) -- C:\WINDOWS\system32\NetWare\nwslp.sys (Novell, Inc.)

DRV - (ATHFMWDL) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys (Windows ® 2000 DDK provider)

DRV - (NICM) -- C:\WINDOWS\system32\drivers\nicm.sys (Novell, Inc.)

DRV - (RESMGR) -- C:\WINDOWS\system32\NetWare\resmgr.sys (Novell, Inc.)

DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (SaiNtHid) -- C:\WINDOWS\system32\drivers\SaiNtHid.sys (Saitek)

DRV - (NWSAP) -- C:\WINDOWS\system32\NetWare\nwsap.sys ()

DRV - (es1371) Creative AudioPCI (ES1371,ES1373) (WDM) -- C:\WINDOWS\system32\drivers\es1371mp.sys (Creative Technology Ltd.)

DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)

DRV - (s3legacy) -- C:\WINDOWS\system32\drivers\s3legacy.sys (Microsoft Corporation)

DRV - (DC21x4) -- C:\WINDOWS\system32\drivers\dc21x4.sys (Intel Corporation.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/'>http://www.google.se/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.se/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www2.firesearch.com/"

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program\Mozilla Firefox\components [2010-05-25 22:58:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2010-07-25 01:25:03 | 000,000,000 | ---D | M]

 

[2010-06-03 21:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bou\Application Data\Mozilla\Extensions

[2010-06-26 02:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions

[2010-05-25 22:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010-05-25 22:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}

[2010-06-30 21:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

[2010-05-25 22:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}

[2010-05-25 22:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010-05-25 22:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bou\Application Data\Mozilla\Firefox\Profiles\9l2eva6x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(2)

[2010-05-25 22:58:47 | 000,000,000 | ---D | M] -- C:\Program\Mozilla Firefox\extensions

[2010-07-25 01:25:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010-06-22 04:36:30 | 000,423,656 | ---- | M] (Oracle) -- C:\Program\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2010-07-25 17:32:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Länkhjälp till Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program\Delade filer\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe (Novell, Inc.)

O4 - HKLM..\Run: [NNTray] C:\Program\Net Nanny\NNStart.exe (Net Nanny Software International, Inc.)

O4 - HKLM..\Run: [Norman ZANDA] C:\PROGRAM\NORMAN\Npm\bin\ZLH.EXE (Norman ASA)

O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)

O4 - HKLM..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program\Delade filer\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\NalView.lnk = C:\Program\Novell\ZENworks\NalView.exe (Novell, Inc)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\PASPortal.lnk = C:\WINDOWS\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe (InstallShield Software Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program\Novell\ZENworks\AxNalServer.dll (Novell, Inc)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program\Delade filer\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.nattstad.se/ImageUploader6.cab (Image Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.209.169.71 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\Novell\xtnotify.dll (Novell, Inc.)

O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - C:\WINDOWS\System32\TPSvc.dll (ThinPrint GmbH)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-02-16 11:27:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 180 Days ==========

 

[2010-07-26 13:04:44 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010-07-26 12:51:39 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bou\Skrivbord\OTL.exe

[2010-07-26 11:32:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Fonts

[2010-07-25 18:29:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-07-25 18:29:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010-07-25 17:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\RootRepeal

[2010-07-25 01:25:03 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

[2010-07-25 01:25:03 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe

[2010-07-25 01:25:03 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe

[2010-07-25 01:25:03 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe

[2010-07-23 23:28:27 | 000,000,000 | ---D | C] -- C:\Program\VirtualDJ

[2010-07-23 23:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\VirtualDJ

[2010-07-23 21:20:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-07-23 19:22:16 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-07-23 19:22:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-07-23 19:22:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-07-23 19:22:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-07-23 19:21:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010-07-23 19:21:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-07-22 18:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Tränings CD

[2010-07-22 00:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Build a PC

[2010-07-22 00:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Tattoo Flash 2 of 4 - More than 50k designs from great artists! GFXTRA.COM!

[2010-07-21 15:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Website Buttons MegaPack #4

[2010-07-20 00:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Xilisoft Corporation

[2010-07-20 00:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\vlc

[2010-07-20 00:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inst�llningar

[2010-07-20 00:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Graboid

[2010-07-20 00:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Graboid_Inc

[2010-07-20 00:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Graboid

[2010-07-20 00:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\MozillaControl

[2010-07-20 00:01:57 | 000,000,000 | ---D | C] -- C:\Program\Mozilla ActiveX Control v1.7.12

[2010-07-19 23:57:51 | 000,000,000 | ---D | C] -- C:\Program\Graboid

[2010-07-18 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Lynda Photoshop Retouching

[2010-07-14 17:11:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010-07-13 21:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\wanted_demo

[2010-07-13 21:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\wanted_demo

[2010-07-13 20:48:05 | 000,000,000 | ---D | C] -- C:\Program\WarnerBros

[2010-07-13 19:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\baby

[2010-07-13 19:13:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bou\Recent

[2010-07-13 16:52:44 | 000,000,000 | ---D | C] -- C:\Program\AGEIA Technologies

[2010-07-13 16:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2010-07-13 16:46:24 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard

[2010-07-12 16:56:41 | 000,000,000 | ---D | C] -- C:\Program\Thomas Wright Consulting

[2010-07-11 13:08:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\BBSTORE

[2010-07-11 13:08:37 | 000,314,368 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe

[2010-07-11 12:51:23 | 000,000,000 | ---D | C] -- C:\Program\Telia

[2010-07-11 12:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Support.com

[2010-07-10 22:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\My Games

[2010-07-10 21:16:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell

[2010-07-10 21:16:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm

[2010-07-10 21:15:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$

[2010-07-10 16:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\5800_original_ringtones Mp3

[2010-07-10 16:17:02 | 000,000,000 | ---D | C] -- C:\Program\MAGIX

[2010-07-10 16:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX

[2010-07-10 15:53:58 | 000,000,000 | ---D | C] -- C:\Program\Ace Translator

[2010-07-10 13:57:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bou\Mina dokument\Mina videoklipp

[2010-07-10 13:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Boss Media

[2010-07-08 21:56:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\uninstall

[2010-07-08 19:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\Need for Speed World

[2010-07-08 18:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Electronic_Arts_Inc

[2010-07-08 18:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Cover

[2010-07-08 16:39:11 | 000,000,000 | ---D | C] -- C:\Program\Ask.com

[2010-07-08 16:39:02 | 000,000,000 | ---D | C] -- C:\Program\Adobe PhotoShop CS3

[2010-07-08 16:38:57 | 000,000,000 | ---D | C] -- C:\Program\Vuze_Remote

[2010-07-08 16:38:57 | 000,000,000 | ---D | C] -- C:\Program\Windows Desktop Search

[2010-07-08 16:38:57 | 000,000,000 | ---D | C] -- C:\Program\PhotoFiltre

[2010-07-08 16:38:56 | 000,000,000 | ---D | C] -- C:\Program\Xara

[2010-07-08 16:38:53 | 000,000,000 | ---D | C] -- C:\Program\Uniblue

[2010-07-08 16:38:52 | 000,000,000 | ---D | C] -- C:\Program\UnHackMe

[2010-07-08 16:38:51 | 000,000,000 | R--D | C] -- C:\Program\Net Nanny

[2010-07-08 16:36:30 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Adobe AIR

[2010-07-08 15:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

[2010-07-08 15:13:34 | 000,000,000 | ---D | C] -- C:\Program\AdobeSupportAdvisor

[2010-07-08 15:13:24 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Adobe AIR(3)

[2010-07-08 12:37:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bou\Mina dokument\Nedladdade filer

[2010-07-07 12:29:29 | 000,000,000 | ---D | C] -- C:\Program\Activision

[2010-07-06 20:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\DivX Movies

[2010-07-04 22:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\PlatinumHideIP

[2010-07-04 22:04:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlatinumHideIP

[2010-07-04 20:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\DVD Flick

[2010-07-04 20:40:59 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx

[2010-07-04 20:40:59 | 000,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx

[2010-07-04 20:40:59 | 000,000,000 | ---D | C] -- C:\Program\DVD Flick

[2010-07-01 21:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\CheeseSoft

[2010-07-01 21:53:39 | 000,000,000 | ---D | C] -- C:\Program\FinalUninstaller

[2010-06-30 21:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Photoshop format

[2010-06-30 20:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\Övrigt

[2010-06-30 20:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Skrivbord\Alla typer av texter

[2010-06-30 20:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Mina dokument\My Photo

[2010-06-27 17:36:35 | 000,000,000 | ---D | C] -- C:\Program\Spybot - Search & Destroy

[2010-06-27 17:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2010-06-26 02:06:16 | 000,000,000 | ---D | C] -- C:\Program\Conduit

[2010-06-25 01:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\Unity

[2010-06-23 14:23:27 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll

[2010-06-23 14:23:27 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll

[2010-06-23 14:23:27 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll

[2010-06-23 14:23:26 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll

[2010-06-23 14:23:26 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll

[2010-06-23 14:23:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll

[2010-06-23 14:23:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll

[2010-06-23 14:23:25 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll

[2010-06-23 14:23:24 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2010-06-23 14:23:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2010-06-23 14:23:23 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2010-06-23 14:23:23 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2010-06-23 14:23:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2010-06-23 14:23:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2010-06-23 14:23:21 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2010-06-23 14:23:21 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2010-06-23 14:23:20 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2010-06-23 14:23:20 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2010-06-23 14:23:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2010-06-23 14:23:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll

[2010-06-23 14:23:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll

[2010-06-23 14:23:17 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll

[2010-06-23 14:23:16 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll

[2010-06-23 14:23:16 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll

[2010-06-23 14:23:16 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll

[2010-06-23 14:23:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll

[2010-06-23 14:23:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll

[2010-06-23 14:23:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll

[2010-06-23 14:23:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll

[2010-06-23 14:23:10 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll

[2010-06-23 14:23:10 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll

[2010-06-23 14:23:09 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll

[2010-06-23 14:23:09 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

[2010-06-23 14:23:08 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2010-06-23 14:23:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2010-06-23 14:23:08 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2010-06-23 14:23:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll

[2010-06-23 14:23:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll

[2010-06-23 14:23:06 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll

[2010-06-23 14:23:05 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll

[2010-06-23 14:23:05 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll

[2010-06-23 14:23:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll

[2010-06-23 14:23:04 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll

[2010-06-23 14:23:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll

[2010-06-23 14:23:03 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll

[2010-06-23 14:23:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll

[2010-06-23 14:23:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll

[2010-06-23 14:23:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll

[2010-06-23 14:23:01 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll

[2010-06-23 14:23:01 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2010-06-23 14:23:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll

[2010-06-23 14:23:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll

[2010-06-23 14:22:59 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll

[2010-06-23 14:22:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

[2010-06-23 14:22:58 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll

[2010-06-23 14:22:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll

[2010-06-23 14:22:57 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll

[2010-06-23 14:22:56 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2010-06-23 14:22:56 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll

[2010-06-23 14:22:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2010-06-23 14:22:55 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll

[2010-06-23 14:22:55 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll

[2010-06-23 14:22:54 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2010-06-23 14:22:54 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll

[2010-06-23 14:22:54 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2010-06-23 14:22:53 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll

[2010-06-23 14:22:51 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll

[2010-06-23 14:22:51 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll

[2010-06-23 14:22:50 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll

[2010-06-23 14:22:50 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll

[2010-06-23 14:22:50 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll

[2010-06-23 14:22:49 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2010-06-23 14:22:49 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2010-06-23 14:22:49 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2010-06-23 14:22:49 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2010-06-23 14:22:48 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2010-06-23 14:22:40 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2010-06-23 14:22:40 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2010-06-23 14:22:40 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2010-06-23 14:22:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2010-06-23 14:10:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp

[2010-06-23 14:10:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs

[2010-06-21 17:24:11 | 000,000,000 | ---D | C] -- C:\Program\PcMedik

[2010-06-19 14:08:06 | 000,184,320 | ---- | C] (Saitek plc) -- C:\WINDOWS\System32\PrfAct.exe

[2010-06-19 14:08:06 | 000,048,384 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiNtHid.sys

[2010-06-19 14:08:06 | 000,014,720 | ---- | C] (Saitek) -- C:\WINDOWS\System32\drivers\SaiMini.sys

[2010-06-19 14:08:06 | 000,006,656 | ---- | C] (Saitek) -- C:\WINDOWS\System32\REnum.exe

[2010-06-19 14:08:06 | 000,000,000 | ---D | C] -- C:\Program\Saitek

[2010-06-19 14:08:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll

[2010-06-17 12:44:32 | 000,000,000 | ---D | C] -- C:\Program\SystemRequirementsLab

[2010-06-17 12:16:57 | 000,000,000 | ---D | C] -- C:\Program\Microsoft Games

[2010-06-17 01:04:04 | 000,054,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fssfltr_tdi.sys

[2010-06-17 01:03:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll

[2010-06-17 01:03:04 | 000,000,000 | ---D | C] -- C:\Program\Microsoft SQL Server Compact Edition

[2010-06-16 19:38:31 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe

[2010-06-16 19:38:31 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe

[2010-06-16 19:38:31 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys

[2010-06-16 19:38:31 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys

[2010-06-16 19:38:30 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll

[2010-06-16 19:38:30 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll

[2010-06-16 19:38:30 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe

[2010-06-16 19:38:30 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe

[2010-06-16 19:38:30 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe

[2010-06-16 19:38:29 | 000,567,792 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll

[2010-06-16 19:38:29 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll

[2010-06-16 19:38:28 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll

[2010-06-16 19:38:27 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll

[2010-06-16 19:38:27 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll

[2010-06-16 19:37:37 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\DivX Shared

[2010-06-14 22:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bou\Application Data\DMCache

[2010-06-12 21:54:52 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

 

...

 

[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

 

========== Files - Modified Within 180 Days ==========

 

[2010-07-26 13:05:48 | 000,243,712 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Downloads.doc

[2010-07-26 13:05:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-07-26 13:05:00 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job

[2010-07-26 13:02:31 | 000,001,272 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2010-07-26 12:51:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bou\Skrivbord\OTL.exe

[2010-07-26 12:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-07-26 11:42:02 | 000,079,328 | ---- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2010-07-26 11:33:11 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\PASPortal.lnk

[2010-07-26 11:33:03 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Xplorer GLX Simulator.lnk

[2010-07-26 11:33:03 | 000,001,642 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DataStudio.lnk

[2010-07-26 11:32:56 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job

[2010-07-26 11:30:19 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-07-26 11:30:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-07-26 11:29:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-07-26 00:24:40 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\bou\ntuser.dat

[2010-07-26 00:24:40 | 000,000,192 | -HS- | M] () -- C:\Documents and Settings\bou\ntuser.ini

[2010-07-25 18:26:52 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-07-25 17:54:07 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\qev9us82.exe

[2010-07-25 17:32:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-07-25 17:22:42 | 003,744,048 | R--- | M] () -- C:\Documents and Settings\bou\Skrivbord\ComboFix.exe

[2010-07-24 18:12:43 | 003,596,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-07-23 23:28:33 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Virtual DJ Trial.lnk

[2010-07-23 21:20:28 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-07-23 18:52:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-07-23 12:12:53 | 000,059,038 | ---- | M] () -- C:\ziswin.hst

[2010-07-23 01:38:38 | 000,007,184 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\msn.jpg

[2010-07-22 23:10:13 | 000,023,152 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Izabella-Scorupco4.jpg

[2010-07-20 00:25:18 | 000,000,140 | ---- | M] () -- C:\WINDOWS\wininit.ini

[2010-07-20 00:00:21 | 000,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\VLC media player.lnk

[2010-07-17 20:57:42 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\bou\Mina dokument\schema.doc

[2010-07-14 20:46:17 | 000,000,062 | ---- | M] () -- C:\WINDOWS\MyProg.ini

[2010-07-14 13:54:54 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\djscd.sys

[2010-07-12 21:32:40 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-12 16:56:43 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Software_KeyGen_Demo.exe11.lnk

[2010-07-12 00:57:03 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\AdobeSupportAdvisor.lnk

[2010-07-11 13:08:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SETUP32.INI

[2010-07-11 12:58:26 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\MagicISO.lnk

[2010-07-10 16:30:09 | 000,000,829 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-07-10 15:54:50 | 000,008,194 | ---- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\atrans.7

[2010-07-10 15:53:59 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Ace Translator.lnk

[2010-07-10 15:53:59 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Ace Translator.lnk

[2010-07-10 13:57:54 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\DivX Movies.lnk

[2010-07-10 13:57:33 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Player.lnk

[2010-07-05 02:32:12 | 003,227,756 | -H-- | M] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\IconCache.db

[2010-07-04 20:45:35 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\ImgBurn.lnk

[2010-07-04 20:41:07 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\DVD Flick.lnk

[2010-07-04 01:20:53 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-07-04 01:20:53 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\bou\Application Data\PnkBstrK.sys

[2010-07-04 01:20:34 | 002,434,856 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010-07-02 01:41:06 | 000,413,600 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100712-171721.backup

[2010-07-02 01:15:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010-07-01 21:53:42 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Final Uninstaller.lnk

[2010-06-30 15:33:09 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\CCleaner.lnk

[2010-06-28 20:21:38 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Spybot - Search & Destroy.lnk

[2010-06-28 14:17:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-06-26 21:39:21 | 000,002,578 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010-06-26 21:39:21 | 000,001,638 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT

[2010-06-26 21:39:21 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat

[2010-06-22 04:36:38 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe

[2010-06-22 04:36:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe

[2010-06-22 04:36:36 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe

[2010-06-22 04:36:29 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

[2010-06-22 02:24:28 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl

[2010-06-22 01:36:36 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\bou\Skrivbord\Free FLV Converter.lnk

[2010-06-21 21:14:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2010-06-21 21:14:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010-06-21 17:24:12 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\PcMedik 6.lnk

[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicug.exe

[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicuf.exe

[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicue.exe

[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicud.exe

[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicuc.exe

[2010-06-19 21:54:39 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicub.exe

[2010-06-19 21:53:48 | 000,168,448 | ---- | M] () -- C:\WINDOWS\Wpicua.exe

[2010-06-19 21:53:44 | 000,195,584 | ---- | M] () -- C:\WINDOWS\System32\SSHNAS21.DLL.del

[2010-06-18 13:40:29 | 001,059,284 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-18 13:40:29 | 000,446,102 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2010-06-18 13:40:29 | 000,443,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-18 13:40:29 | 000,084,650 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2010-06-18 13:40:29 | 000,072,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-17 12:18:07 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\RalliSport Challenge Trial Version.lnk

[2010-06-16 19:38:17 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Converter.lnk

[2010-06-14 16:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

 

...

 

[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-07-25 17:54:03 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\qev9us82.exe

[2010-07-23 23:28:33 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Virtual DJ Trial.lnk

[2010-07-23 21:20:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010-07-23 21:20:24 | 000,260,784 | ---- | C] () -- C:\cmldr

[2010-07-23 19:22:16 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-07-23 19:22:16 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-07-23 19:22:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-07-23 19:22:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-07-23 19:22:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-07-23 19:20:33 | 003,744,048 | R--- | C] () -- C:\Documents and Settings\bou\Skrivbord\ComboFix.exe

[2010-07-23 01:38:43 | 000,007,184 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\msn.jpg

[2010-07-22 23:10:19 | 000,023,152 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Izabella-Scorupco4.jpg

[2010-07-14 20:13:10 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini

[2010-07-14 17:08:47 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\bou\Mina dokument\schema.doc

[2010-07-14 13:11:04 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\djscd.sys

[2010-07-13 20:47:51 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\bou\ntuser.dat

[2010-07-12 16:56:43 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Software_KeyGen_Demo.exe11.lnk

[2010-07-11 13:08:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2010-07-11 12:58:26 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\MagicISO.lnk

[2010-07-10 15:54:50 | 000,008,194 | ---- | C] () -- C:\Documents and Settings\bou\Lokala inställningar\Application Data\atrans.7

[2010-07-10 15:53:59 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Ace Translator.lnk

[2010-07-10 15:53:59 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Ace Translator.lnk

[2010-07-10 13:57:54 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\DivX Movies.lnk

[2010-07-08 18:25:36 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\AdobeSupportAdvisor.lnk

[2010-07-04 20:45:35 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\ImgBurn.lnk

[2010-07-04 20:41:07 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\DVD Flick.lnk

[2010-07-04 01:20:53 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2010-07-04 01:20:53 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\PnkBstrK.sys

[2010-07-04 01:20:38 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe

[2010-07-04 01:20:35 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe

[2010-07-04 01:20:34 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe

[2010-07-01 21:53:42 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Final Uninstaller.lnk

[2010-06-27 17:36:44 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Spybot - Search & Destroy.lnk

[2010-06-26 21:39:21 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat

[2010-06-23 12:24:45 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicug.exe

[2010-06-22 14:01:58 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicuf.exe

[2010-06-22 01:49:31 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicue.exe

[2010-06-21 21:14:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf

[2010-06-21 21:14:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010-06-21 18:14:07 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicud.exe

[2010-06-21 17:24:12 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\PcMedik 6.lnk

[2010-06-21 11:02:17 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicuc.exe

[2010-06-20 21:10:14 | 000,243,712 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Downloads.doc

[2010-06-20 12:47:56 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicub.exe

[2010-06-19 21:53:59 | 000,168,448 | ---- | C] () -- C:\WINDOWS\Wpicua.exe

[2010-06-19 21:53:44 | 000,195,584 | ---- | C] () -- C:\WINDOWS\System32\SSHNAS21.DLL.del

[2010-06-19 14:08:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\NX.exe

[2010-06-19 14:08:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\E2.exe

[2010-06-19 14:08:05 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll

[2010-06-17 12:18:07 | 000,002,032 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\RalliSport Challenge Trial Version.lnk

[2010-06-16 19:39:00 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Player.lnk

[2010-06-16 19:38:17 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\DivX Plus Converter.lnk

[2010-06-16 18:45:20 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-06-16 18:45:19 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-06-13 21:27:35 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\CS5-inställningar för PNG-format i Adobe

[2010-06-03 22:25:06 | 000,059,038 | ---- | C] () -- C:\ziswin.hst

[2010-05-29 12:07:23 | 000,000,644 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Dream Aquarium.lnk

[2010-05-29 12:07:21 | 000,106,496 | ---- | C] () -- C:\WINDOWS\DreamAquarium.scr

[2010-05-29 11:55:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dance.ini

[2010-05-25 23:21:26 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\CCleaner.lnk

[2010-04-29 12:06:31 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini

[2010-04-29 12:06:31 | 000,000,621 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.h

[2010-04-25 16:07:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\tdlp32.ini

[2010-04-25 10:27:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-04-17 20:42:11 | 000,000,119 | ---- | C] () -- C:\WINDOWS\NNS.INI

[2010-04-17 20:08:14 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\D59F6963CD.dll

[2010-04-17 19:41:13 | 000,000,067 | ---- | C] () -- C:\WINDOWS\System32\keylappini.ini

[2010-04-08 23:02:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggflt_01007.Wdf

[2010-04-01 09:37:15 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Starta webbläsaren Internet Explorer.lnk

[2010-03-31 21:14:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2010-03-31 21:14:02 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll

[2010-03-31 21:14:02 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax

[2010-03-31 21:14:02 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax

[2010-03-31 21:14:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax

[2010-03-31 21:14:02 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax

[2010-03-31 21:14:00 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll

[2010-03-31 21:14:00 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax

[2010-03-31 21:14:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll

[2010-03-31 21:13:59 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll

[2010-03-31 21:13:59 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll

[2010-03-31 21:12:31 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Play Ghost Recon Advanced Warfighter.lnk

[2010-03-29 18:49:24 | 000,059,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010-03-29 17:01:19 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010-03-28 19:18:28 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Sothink SWF Decompiler.lnk

[2010-03-26 22:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010-03-26 22:57:34 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\bou\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010-03-26 22:57:34 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk

[2010-03-24 22:19:15 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Free FLV Converter.lnk

[2010-03-24 22:19:13 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx

[2010-03-24 22:19:13 | 000,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb

[2010-03-24 22:19:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx

[2010-03-11 22:53:51 | 000,001,667 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Telia_Smartfire_FW_3.14.0.log

[2010-03-04 12:52:39 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{695BC004-ABC9-4A06-ADF4-485202981975}.job

[2010-02-28 21:02:35 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\bou\.recently-used.xbel

[2010-02-27 00:21:31 | 000,000,406 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3D3AEC52-0069-4C6A-A4F2-9862916322C8}.job

[2010-02-25 18:36:06 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Media Go.lnk

[2010-02-25 18:31:08 | 000,000,858 | ---- | C] () -- C:\Documents and Settings\bou\Skrivbord\Update Service.lnk

[2010-02-25 17:56:46 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ggsemc_01007.Wdf

[2010-02-25 17:56:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

[2010-02-23 23:17:03 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Convert AVI to MP4.lnk

[2010-02-23 19:40:32 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2010-02-23 19:39:46 | 000,001,950 | ---- | C] () -- C:\WINDOWS\System32\pid.inf

[2010-02-23 19:39:09 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2010-02-23 19:38:51 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2010-02-23 18:18:07 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 8.lnk

[2010-02-22 22:47:29 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-02-12 17:49:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2010-01-19 16:03:30 | 000,000,180 | ---- | C] () -- C:\WINDOWS\hpbafd.ini

[2009-08-03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009-01-05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008-05-08 11:33:30 | 000,063,488 | ---- | C] () -- C:\WINDOWS\XOBGLU16.DLL

[2008-05-08 11:33:30 | 000,023,552 | ---- | C] () -- C:\WINDOWS\XOBGLU32.DLL

[2008-05-08 11:22:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\AVTC.ini

[2008-05-08 04:17:42 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008-05-08 04:17:41 | 000,612,864 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2008-05-08 04:17:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008-05-08 04:17:40 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008-05-08 04:17:40 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008-05-08 04:17:39 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008-05-08 04:17:39 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007-12-12 13:32:25 | 000,000,475 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007-12-11 15:15:36 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\peimg.ini

[2007-06-06 08:51:10 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll

[2007-06-06 08:49:26 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll

[2007-06-06 08:20:04 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL

[2007-06-05 15:02:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll

[2007-06-05 15:02:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

[2007-06-05 15:02:06 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll

[2007-06-05 15:01:59 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini

[2007-06-05 15:01:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll

[2007-06-05 15:01:40 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll

[2007-06-05 15:01:37 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll

[2007-06-05 15:01:36 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll

[2007-06-05 15:01:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\dplgnw32.dll

[2007-06-05 15:01:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll

[2007-06-04 15:34:17 | 000,000,140 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007-04-27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2006-10-03 11:51:18 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006-10-03 11:51:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006-05-26 13:45:54 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-05-26 13:25:29 | 000,005,237 | ---- | C] () -- C:\WINDOWS\System32\kTool.ini

[2006-03-22 08:58:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Bknpci.dll

[2004-08-04 14:00:00 | 000,153,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmio.sys

[2004-07-09 11:31:18 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL

[2004-03-16 14:09:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll

[2004-03-16 14:08:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll

[2002-04-17 14:21:44 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL

[1999-08-07 01:05:16 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5

< End of report >

Link to comment
Share on other sites

ComboFix tog bort filerna precis som den skulle.

 

OTL blev lite onödigt lång därför att du valde 180 dagar i stället för 90 dagar samt att i alla fall den bifogade OTL.txt innehåller loggen två gånger. Jag tog bort det som gällde filer skapade eller modifierade innan 14 juni och klistrade in resten.

 

ok hur ser den ut då?

Link to comment
Share on other sites

Körde du ComboFix efter att du hade kört OTL? Bara så jag vet, eftersom filerna som ComboFix skulle ta bort finns kvar i OTL-loggen.

 

Kolla upp dessa filer på virustotal-sidan:

C:\WINDOWS\System32\NX.exe

C:\WINDOWS\System32\E2.exe

C:\WINDOWS\System32\SaiCfg.dll

C:\WINDOWS\System32\D59F6963CD.dll

 

Avinstallera:

Java™ 6 Update 4 (gammal version med säkerhetshål)

FinalUninstaller (olämpligt program att ha, se http://www.mywot.com/sv/scorecard/finaluninstaller.com )

 

PcMedik verkar inte heller vara något att ha med tanke på betygen på http://download.cnet.com/PCMedik/3000-18512_4-10062573.html

 

Ta bort mapparna:

C:\Program\Ask.com

C:\Documents and Settings\bou\Application Data\CheeseSoft

C:\Program\FinalUninstaller (om kvar efter avinstallationen)

C:\Program\Conduit

 

Ta bort filen:

C:\WINDOWS\System32\SSHNAS21.DLL.del

Link to comment
Share on other sites

Körde du ComboFix efter att du hade kört OTL? Bara så jag vet, eftersom filerna som ComboFix skulle ta bort finns kvar i OTL-loggen.

 

Kolla upp dessa filer på virustotal-sidan:

C:\WINDOWS\System32\NX.exe

C:\WINDOWS\System32\E2.exe

C:\WINDOWS\System32\SaiCfg.dll

C:\WINDOWS\System32\D59F6963CD.dll

 

Avinstallera:

Java 6 Update 4 (gammal version med säkerhetshål)

FinalUninstaller (olämpligt program att ha, se http://www.mywot.com/sv/scorecard/finaluninstaller.com )

 

PcMedik verkar inte heller vara något att ha med tanke på betygen på http://download.cnet.com/PCMedik/3000-18512_4-10062573.html

 

Ta bort mapparna:

C:\Program\Ask.com

C:\Documents and Settings\bou\Application Data\CheeseSoft

C:\Program\FinalUninstaller (om kvar efter avinstallationen)

C:\Program\Conduit

 

Ta bort filen:

C:\WINDOWS\System32\SSHNAS21.DLL.del

 

Här kommer resultatet från sökningen på Virtualsidan:

Lämk 1: http://www.virustotal.com/sv/analisis/b56c0b3091a2494c2b0549f12de1dd466ff7dda2a633697345d857538caea169-1250523943

Länk 2: http://www.virustotal.com/sv/analisis/3adc1fc089df1167d15576d4610c277b7c86f3005a4135425492a715bf64db7d-1280172366

Länk 3: http://www.virustotal.com/sv/analisis/187e7e24524c6197d45217654f116cd0aafd4c9c3ae172abf3d8b30b12ea67ce-1273518744

Länk 4: http://www.virustotal.com/sv/analisis/742ac021f3d05d40282569ece8001feca9179af2c0c076734303d7881e10ea98-1277581762

 

Jag kanske har gjort det, kanske körde först Combofix o OTL därefter :/

Nu har jag tagit bort alla de program borde fåsbort!

Link to comment
Share on other sites

 

Jag ville bara tilläga en sak, att min internet har blivi sjuukt segt, förut var det

mycket mycket bättre än nu hmm, undrar om det är något som har hänt eller?

Link to comment
Share on other sites

Har du någon känsla för när internetanslutningen blev så seg? Efter du hade gjort vad?

Link to comment
Share on other sites

Har du någon känsla för när internetanslutningen blev så seg? Efter du hade gjort vad?

 

ingen aning, men kan vara combofix när jag kör det för första gngen, tror jag

Link to comment
Share on other sites

Har du i Enhetshanteraren (högerklick på Den här datorn - Hantera) några symboler, t ex utropstecken?

 

1.

Spara ATF-Cleaner på Skrivbordet:

 

http://www.atribune.org/ccount/click.php?id=1

 

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

2.

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.
×
×
  • Create New...