En massa virus på en gång

4 augusti, 2010

Jag skulle tro att jag hade igång webläsaren för jag satt framför datorn när det dök upp. Minns inte vilken sida som var uppe. Kanske denna. Inget mysko i alla fall. Kanske var det Jogg.se. Minns faktiskt inte.

4 augusti, 2010

Vad tror du? Är det nåt elände kvar?

4 augusti, 2010

ComboFix-loggen indikerar att det finns något djupt liggande som inte borde finnas där.

1.

Spara denna fil på Skrivbordet:

http://rootrepeal.googlepages.com/RootRepeal.zip

Packa upp zip-filen (extrahera) så att du får en programfil.

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Starta RootRepeal (i Vista och Windows 7 som vanligt genom att högerklicka på ikonen och välja Kör som administratör).

Välj Report-fliken och tryck på Scan.

Bocka för alla sju valen och tryck sedan på Yes/Ja.

Välj C: och tryck Ok.

Det tar ett tag för RootRepeal att söka igenom C:.

När sökningen är klar så tryck på Save Report och spara den med namnet rootrepeal.log. Klistra in innehållet i rootrepeal.log i ditt svar.

2.

Starta om datorn.

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

4 augusti, 2010

När jag försökte bifoga rootrepeal.log stod det att jag inte hade behörighet att ladda upp den filtypen. Strax efter öppnade explorer ett nytt fönster och började ladda hem en internetsida från England. Helskumt.

4 augusti, 2010

När jag kollar surfhistoriken ser jag addresser som: clk.relestar.com, discuonttire.com, unitedstatesnewspapers.com. Det är idag, alltså de senaste 22 minutrarna. Har inte själv surfat dit direkt. Märkligt och obehagligt. Ser att man tar upp problemet på en tysk sida: www.trojaner-board.de.

4 augusti, 2010

Du får öppna RootRepeals logg i Anteckningar så att du kan kopiera innehållet och klistra in här.

4 augusti, 2010

När jag kollar surfhistoriken ser jag addresser som: clk.relestar.com, discuonttire.com, unitedstatesnewspapers.com. Det är idag, alltså de senaste 22 minutrarna. Har inte själv surfat dit direkt. Märkligt och obehagligt. Ser att man tar upp problemet på en tysk sida: www.trojaner-board.de.

Usch ja, jag hoppas att det snart visar sig vad som kan finnas i datorn.

4 augusti, 2010

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/08/04 23:41

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: dump_diskdump.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys

Address: 0xB40A0000 Size: 16384 File Visible: No Signed: -

Status: -

Name: dump_viamraid.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_viamraid.sys

Address: 0xB93C2000 Size: 61440 File Visible: No Signed: -

Status: -

Name: irinu.sys

Image Path: irinu.sys

Address: 0xBA0A8000 Size: 54016 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xBA308000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

==EOF==

4 augusti, 2010

Där har vi nog fulingen. Om Gmer tar lång tid på sig så stäng av programmet så får du försöka med följande:

Kopiera alla rader i rutan:

Killall::
Rootkit::
C:\WINDOWS\System32\Drivers\irinu.sys

och klistra in i Anteckningar. Kolla att det ser likadant ut.

Spara filen på Skrivbordet med namnet CFScript.

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Starta om datorn och kör RootRepeal igen. Klistra in dess logg.

5 augusti, 2010

Måste bara säga att det här va den häftigaste tråden jag sätt, inget illa menat till den utsatta:P

Cecilia är GRYM!

5 augusti, 2010

Håller med ovanstående.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-05 08:19:36

Windows 5.1.2600 Service Pack 2

Running: rng8i021.exe; Driver: C:\DOCUME~1\FAMZIN~1.TER\LOKALA~1\Temp\fxlcqpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB10AB360, 0x21B6ED, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0083000A

.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0084000A

.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0082000C

.text C:\WINDOWS\System32\svchost.exe[1252] ole32.dll!CoCreateInstance 774EFAC3 5 Bytes JMP 00BD000A

.text C:\WINDOWS\Explorer.EXE[2528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A

.text C:\WINDOWS\Explorer.EXE[2528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D4000A

.text C:\WINDOWS\Explorer.EXE[2528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CD000C

.text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C0000A

.text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A

.text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BF000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x56 0x34 0xFC 0xF7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE4 0x78 0x6C 0xFE ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0x75 0x86 0xFD ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAD 0x22 0x2C 0xC0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x77 0x98 0x69 0x0B ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA0 0x56 0xC1 0x16 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x56 0x34 0xFC 0xF7 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE4 0x78 0x6C 0xFE ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0x75 0x86 0xFD ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xAD 0x22 0x2C 0xC0 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x77 0x98 0x69 0x0B ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA0 0x56 0xC1 0x16 ...

---- EOF - GMER 1.0.15 ----

5 augusti, 2010

Loggen från senaste Combofix. Precis när jag skulle skriva detta blev jag "redirected" och det kom upp någon Blueseek-sida eller liknande. Det härmed Blue seek har inträffat flera gånger de senaste dagarna. Blev det inte fixat med Combofix ändå? Ska köra det andra programmet nu.

ComboFix 10-08-03.04 - Fam.2010-08-05 8:45.11.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1585 [GMT 2:00]

Körs från: c:\documents and settings\Fam.Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

PEV Error: AppFolder

(((((((((((((((((((((((( Filer Skapade från 2010-07-05 till 2010-08-05 ))))))))))))))))))))))))))))))

.

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-20 10:58 . 2010-07-20 12:59 -------- d-----w- c:\documents and settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-03 04:43 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.Application Data\Spotify

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-19 12:15 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-06 14:50 . 2007-11-17 21:53 -------- d-----w- c:\program\Pettson3

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

2010-05-07 11:02 . 2010-05-07 11:02 655360 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-05-07 11:02 . 2010-05-07 11:02 282624 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-05-07 11:02 . 2010-05-07 11:02 208896 ----a-w- c:\documents and settings\Fam.\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Fam.Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

IE: &Yahoo! Search - file:///c:\program\Yahoo!\Common/ycsrch.htm

IE: E&xportera till Microsoft Excel - c:\program\MICROS~4\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program\Yahoo!\Common/ycsms.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-05 09:01

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A03B4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(696)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-05 09:12:09 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-05 07:12

ComboFix2.txt 2010-08-04 15:20

ComboFix3.txt 2010-08-04 13:47

ComboFix4.txt 2010-08-04 11:23

ComboFix5.txt 2010-08-05 06:33

Före genomsökningen: 9 840 545 792 byte ledigt

Efter genomsökningen: 9 860 571 136 byte ledigt

- - End Of File - - 25F54EE41F05304850612F0A4FFBB708

5 augusti, 2010

Ok, det var det. Vad tror du?

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/08/05 09:34

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP2

==================================================

Drivers

-------------------

Name: dump_diskdump.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys

Address: 0xB27C6000 Size: 16384 File Visible: No Signed: -

Status: -

Name: dump_viamraid.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_viamraid.sys

Address: 0xB538B000 Size: 61440 File Visible: No Signed: -

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB537B000 Size: 49152 File Visible: No Signed: -

Status: -

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

==EOF==

5 augusti, 2010

Helt klart är att datorn fortfarande lever ett eget liv och kopplar upp sig mot en massa olika sidor.

5 augusti, 2010

Har datorn varit infekterad längre än en månad?

Du har sedan du kom till Eforum i huvudsak tagit bort skadliga filer som kom in den 20 juli. Med DDS och ComboFix ser man framför allt sådant som har hänt i datorn senaste månaden men det finns andra program där man kan se längre tillbaks i tiden.

Spara ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

Ta fram Kommandotolken (Start - Program - Tillbehör) och skriv:

ipconfig /all

Kopiera resultatet och klistra in i ditt svar. Om det är svårt att kopiera så kan du nöja dig med att skriva av det som står på raderna med DNS-servrar.

5 augusti, 2010

Jag har inte lagt märke till tidigare att datorn gör egna sökningar på internet. Säkert minst ett års tid har symbolerna för hårddisk D samt den externa varit felaktiga. De har sett ut som vanliga mappar i Den Här Datorn och man har varit tvungen att öppna dem genom högerklick och öppna. Jag har inte trott det har varit virus bakom det.

Microsoft Windows XP [Version 5.1.2600]

C:\Documents and Settings\>ipconfig/all

IP-konfiguration för Windows

Värddatornamn . . . . . . . . . . : nydatorn

Primärt DNS-suffix . . . . . . . :

Nodtyp . . . . . . . . . . . . . : Okänd

IP-routning aktiverat . . . . . . : Nej

WINS-proxy aktiverat . . . . . . : Nej

Söklista för DNS-suffix . . . . . : lan

Ethernet-kort Trådlös nätverksanslutning:

Anslutningsspecifika DNS-suffix . : lan

Beskrivning . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network

Connection

Fysisk adress . . . . . . . . . . : 00-13-CE-B9-5C-7D

DHCP aktiverat . . . . . . . . . : Ja

Autokonfiguration aktiverat . . . : Ja

IP-adress . . . . . . . . . . . . : 192.168.0.64

Nätmask . . . . . . . . . . . . . : 255.255.255.0

Standard-gateway . . . . . . . . : 192.168.0.254

DHCP-server . . . . . . . . . . . : 192.168.0.254

DNS-servrar . . . . . . . . . . . : 192.168.0.254

Lånet erhölls . . . . . . . . . . : den 5 augusti 2010 09:26:42

Lånet upphör . . . . . . . . . . : den 6 augusti 2010 09:26:42

Ethernet-kort Anslutning till lokalt nätverk:

Medietillstånd . . . . . . . . . . : Mediet är frånkopplat

Beskrivning . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit

Ethernet NIC

Fysisk adress . . . . . . . . . . : 00-03-0D-3A-C6-54

C:\Documents and Settings\Fam.>

5 augusti, 2010

Blir det någon skillnad om datorn ansluts med nätverkskabel i stället för trådlöst?

Är det något problem med de andra datorer som använder samma router?

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Under Standard Registry välj All.

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Ändra 30 days till 90 days.

Tryck på Run Scan och låt programmet köra ostört.

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

5 augusti, 2010

Loggen från nya programmet. Glömde kopiera in alla raderna i rutan innan körningen. Får köra om.

5 augusti, 2010

Nya körningen på rätt sätt.

Har ytterligare en dator sedan knappt ett år. Uppkopplad med trådlöst på samma sätt och aldrig haft sådana här problem med den. Har inte provat köra uppkoppling med kabel.

OTL logfile created on: 2010-08-05 22:21:59 - Run 2

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Fam.Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 55,88 Gb Total Space | 9,06 Gb Free Space | 16,21% Space Free | Partition Type: NTFS

Drive D: | 55,88 Gb Total Space | 8,49 Gb Free Space | 15,19% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 465,75 Gb Total Space | 43,47 Gb Free Space | 9,33% Space Free | Partition Type: NTFS

Computer Name: NYDATORN

Current User Name: Fam.

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fam.Skrivbord\OTL.exe (OldTimer Tools)

PRC - C:\Program\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\Voddler\service\voddler.exe (Voddler)

PRC - C:\Program\Voddler\service\VNetManager.exe ()

PRC - C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

PRC - C:\Program\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)

PRC - C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

PRC - C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

PRC - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe (Glocalnet AB)

PRC - C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

PRC - C:\Program\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

PRC - C:\Program\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)

PRC - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

PRC - C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Fam.\Skrivbord\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avg9wd) -- C:\Program\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (VoddlerNet) -- C:\Program\Voddler\service\voddler.exe (Voddler)

SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (BredbandscenterDownloader) -- C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

SRV - (GlocalnetBredbandClientService) -- C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe (Glocalnet AB)

SRV - (usnjsvc) -- C:\Program\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (AdobeActiveFileMonitor4.0) -- C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

SRV - (IDriverT) -- C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (EPSONStatusAgent2) -- C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (MosIrUsb) -- C:\WINDOWS\system32\drivers\MosIrUsb.sys ()

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)

DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)

DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)

DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)

DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)

DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)

DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-08-15 09:24:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program\Java\jre6\lib\deploy\jqs\ff [2008-12-08 08:11:17 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010-08-05 09:00:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Länkar) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [AVFX Engine] C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bredbandscenter] C:\Program\Glocalnet\Bredbandscenter\Launcher.exe (Glocalnet AB)

O4 - HKLM..\Run: [Genväg till egenskapssida för High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [instantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe ()

O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Polar Sync] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WD Backup Monitor.lnk = C:\Program\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

O4 - Startup: C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

O4 - Startup: C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Nikon Monitor.lnk = C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\Fam.Start-meny\Program\Autostart\Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Yahoo! Search - C:\Program\Yahoo!\Common [2007-03-04 22:08:29 | 000,000,000 | ---D | M]

O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program\Yahoo!\Common [2007-03-04 22:08:29 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Yahoo! &Maps - C:\Program\Yahoo!\Common [2007-03-04 22:08:29 | 000,000,000 | ---D | M]

O8 - Extra context menu item: Yahoo! &SMS - C:\Program\Yahoo!\Common [2007-03-04 22:08:29 | 000,000,000 | ---D | M]

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\Msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\Msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} https://hembanken.danskebank.se/html/activex/OEB/Menu.cab (CSMenu Class)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.se/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147373208703 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} http://www.extrafilm.se/ImageUploader4.cab (Image Uploader)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://hembanken.danskebank.se/html/activex/e-Safekey/OEB/e-Safekey.cab (e-Safekey)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fam.Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007-12-04 07:31:08 | 000,000,000 | ---D | M] - J:\autorun -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

%SYSTEMDRIVE%\*.*/MD5STARTEVENTLOG.DLLSCECLI.DLLNETLOGON.DLLCNGAUDIT.DLLSCECLT.DLLNTELOGON.DLLLOGEVENT.DLLIASTOR.SYSNVSTOR.SYSATAPI.SYSIDECHNDR.SYSVIASRAID.SYSAGP440.SYSVAXSCSI.SYSNVATABUS.SYSVIAMRAID.SYSNVATA.SYSNVGTS.SYSIASTORV.SYSVIPRT.SYSENETHOOK.DLLAHCIX86.SYSKR10N.SYSNVSTOR32.SYSAHCIX86S.SYSNVRD32.SYS/MD5STOP%SYSTEMROOT%\*. /MP /S%SYSTEMROOT%\SYSTEM32\CONFIG\*.SAVCREATERESTOREPOINT%SYSTEMROOT%\SYSTEM32\*.DLL /LOCKEDFILES%SYSTEMROOT%\TASKS\*.JOB /LOCKEDFILES

Restore point Set: OTL Restore Point (70945304882446336)

========== Files/Folders - Created Within 90 Days ==========

[2010-08-05 22:09:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fam.Skrivbord\OTL.exe

[2010-08-05 14:57:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-08-05 14:56:08 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Fam.\Skrivbord\ATF-Cleaner.exe

[2010-08-05 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010-08-04 15:07:42 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fam.\Skrivbord\TDSSKiller.exe

[2010-08-04 09:16:57 | 000,229,441 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Fam.\Skrivbord\Delnvc5.exe

[2010-08-03 06:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010-08-03 06:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Adobe

[2010-07-31 23:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\virtotal

[2010-07-31 11:51:04 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-07-31 11:45:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-07-31 11:45:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-07-31 11:45:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-07-31 11:45:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-07-31 11:45:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010-07-31 11:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-07-31 10:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010-07-31 10:36:42 | 000,000,000 | ---D | C] -- C:\Program\WinZip

[2010-07-31 10:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\dds

[2010-07-30 20:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\wd

[2010-07-20 13:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010-07-20 13:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\Malwarebytes

[2010-07-20 13:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-07-20 13:38:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-07-20 13:38:16 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2010-07-20 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010-07-20 13:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010-07-20 13:37:02 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fam.\Skrivbord\mbam-setup.exe

[2010-07-20 13:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010-07-20 13:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010-07-20 12:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.Lokala inställningar\Application Data\aqmiylrhb

[2010-07-20 12:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\ECBA931296363342F00047F686F43CA9

[2010-07-17 09:07:50 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-06-27 19:58:13 | 000000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\Sonic Solutions

[2010-06-11 22:03:20 | 000,000,000 | ---D | C] -- C:\Program\FLV Player

[2010-06-10 16:56:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010-05-25 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\Bröllposlåtar

[2010-05-17 17:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Unity

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-08-05 22:22:02 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-08-05 22:09:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fam.\Skrivbord\OTL.exe

[2010-08-05 17:10:47 | 062,974,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-08-05 14:56:02 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Fam.\Skrivbord\ATF-Cleaner.exe

[2010-08-05 10:19:48 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-08-05 09:29:36 | 000,045,039 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-08-05 09:29:12 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-08-05 09:28:56 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-08-05 09:26:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-08-05 09:26:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-08-05 09:26:27 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys

[2010-08-05 09:25:16 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Fam.\ntuser.dat

[2010-08-05 09:25:16 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Fam.ntuser.ini

[2010-08-05 09:03:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-08-05 09:00:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-08-05 00:35:13 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\rng8i021.exe

[2010-08-04 23:41:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\settings.dat

[2010-08-04 23:07:26 | 000,308,913 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Mieletvättmaskin.pdf

[2010-08-04 22:43:22 | 001,600,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium) (2).bmp

[2010-08-04 22:42:27 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Fam.Skrivbord\namnlös.bmp

[2010-08-04 22:26:41 | 001,600,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium).bmp

[2010-08-04 16:49:41 | 003,749,693 | R--- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\ComboFix.exe

[2010-08-04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fam.\Skrivbord\TDSSKiller.exe

[2010-08-04 09:16:58 | 000,229,441 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Fam.\Skrivbord\Delnvc5.exe

[2010-08-02 20:48:12 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-08-02 16:08:24 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp1

[2010-08-02 16:05:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\MBRCheck.exe

[2010-08-01 20:51:30 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Fam.\defogger_reenable

[2010-08-01 09:10:11 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp

[2010-07-31 23:02:06 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Fam.\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-31 23:02:06 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Spybot - Search & Destroy.lnk

[2010-07-31 11:51:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-07-31 10:37:06 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk

[2010-07-31 09:59:17 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\dds.scr

[2010-07-30 20:05:03 | 000,143,872 | ---- | M] () -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-20 17:53:52 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Last.fm Helper.lnk

[2010-07-20 14:17:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2010-07-20 13:38:20 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2010-07-20 13:37:02 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fam.\Skrivbord\mbam-setup.exe

[2010-07-20 13:28:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\rkill.com

[2010-07-20 13:00:21 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

[2010-07-20 11:41:21 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 9.lnk

[2010-07-17 09:07:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-07-17 09:07:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-07-17 09:07:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-07-13 14:02:06 | 000,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2010-06-27 17:45:50 | 004,209,504 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Fam.Skrivbord\Spotify Installer.exe

[2010-06-25 20:03:26 | 001,150,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-25 20:03:26 | 000,493,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-25 20:03:26 | 000,465,410 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2010-06-25 20:03:26 | 000,101,610 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2010-06-25 20:03:26 | 000,093,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-19 14:15:21 | 000,007,516 | ---- | M] () -- C:\Documents and Settings\Fam.\Application Data\wklnhst.dat

[2010-06-17 22:47:17 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Vigselprogram.doc

[2010-06-14 16:30:28 | 000,743,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010-06-14 12:04:14 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllopsmiddagsprogram.doc

[2010-06-14 00:55:09 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop barn.doc

[2010-06-10 20:55:14 | 000,285,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-10 20:37:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-10 20:35:58 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-06-08 18:13:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop program.doc

[2010-06-02 16:07:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-05-20 18:20:19 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Google Earth.lnk

[2010-05-14 18:16:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-05-14 12:40:34 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Bolibompa svt.se.url

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-08-05 08:41:39 | 2146,881,536 | -HS- | C] () -- C:\hiberfil.sys

[2010-08-05 00:35:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\rng8i021.exe

[2010-08-04 23:41:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Fam.Skrivbord\settings.dat

[2010-08-04 23:07:26 | 000,308,913 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Mieletvättmaskin.pdf

[2010-08-04 22:43:22 | 001,600,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium) (2).bmp

[2010-08-04 22:42:27 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös.bmp

[2010-08-04 22:26:41 | 001,600,054 | ---- | C] () -- C:\Documents and Settings\Fam.Skrivbord\namnlös (Medium).bmp

[2010-08-02 16:08:24 | 000,000,512 | ---- | C] () -- C:\mbrziner.dmp1

[2010-08-02 16:05:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\MBRCheck.exe

[2010-08-02 14:39:14 | 003,749,693 | R--- | C] () -- C:\Documents and Settings\Fam.Skrivbord\ComboFix.exe

[2010-08-01 20:14:04 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Fam.\defogger_reenable

[2010-08-01 09:10:11 | 000,000,512 | ---- | C] () -- C:\mbrziner.dmp

[2010-07-31 23:02:06 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Fam.Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-31 23:02:06 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\Fam.Skrivbord\Spybot - Search & Destroy.lnk

[2010-07-31 11:51:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010-07-31 11:51:09 | 000,260,784 | ---- | C] () -- C:\cmldr

[2010-07-31 11:45:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-07-31 11:45:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-07-31 11:45:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-07-31 11:45:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-07-31 11:45:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-07-31 10:37:06 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk

[2010-07-31 09:59:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\dds.scr

[2010-07-20 14:17:01 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm

[2010-07-20 14:07:36 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\405518B7-56FA-4202-8D4E-8B8B0CBCBAC9.txt

[2010-07-20 13:38:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2010-07-20 13:28:05 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\rkill.com

[2010-07-20 12:59:59 | 000,000,150 | ---- | C] () -- C:\zrpt.xml

[2010-06-27 23:16:34 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\Fam.\ntuser.dat

[2010-06-17 22:15:03 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Vigselprogram.doc

[2010-06-14 00:55:09 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop barn.doc

[2010-06-09 22:57:56 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllopsmiddagsprogram.doc

[2010-06-08 18:13:47 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop program.doc

[2010-05-20 18:20:19 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Google Earth.lnk

[2010-05-14 12:40:34 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Bolibompa svt.se.url

[2010-04-06 20:31:11 | 000,020,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys

[2010-02-25 18:22:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\dbgmsgcfg.dll

[2009-11-18 17:40:07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\RRK.INI

[2009-11-15 10:45:00 | 000,000,864 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009-11-15 10:44:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2008-07-18 09:12:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2008-06-09 00:39:59 | 000,000,124 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2007-10-31 01:00:07 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2007-10-30 21:30:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2007-03-27 09:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006-12-12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006-11-12 17:50:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006-07-09 12:05:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2006-05-11 20:28:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006-05-11 20:28:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006-04-19 19:13:40 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-04-19 19:13:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-04-19 19:13:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-04-19 19:13:38 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-04-19 19:13:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006-04-19 19:02:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2006-04-19 19:02:34 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2006-04-19 18:40:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006-04-19 18:08:05 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

[2006-04-19 18:06:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

[2006-04-19 18:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

[2006-04-19 18:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

[2006-04-19 18:06:40 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2006-04-19 17:59:29 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006-04-19 17:29:39 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006-04-19 17:24:37 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003-04-08 11:35:24 | 000,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Extras.Txt

5 augusti, 2010

Kontrollpanelen - Internetalternativ - fliken Avancerat

Klicka på knappen för att återställa alla inställningar för Internet Explorer.

Starta om datorn.

Någon förbättring?

5 augusti, 2010

Ska det vara "återställ avancerade inställningar" eller bara knappen "återställ"?

5 augusti, 2010

Återställ

Det blir en total återställning av allt som har med IE att göra.

5 augusti, 2010

Ok. Har gjort det nu. Jag kommer inte att kunna säga på en gång om det inneburit förbättring. Det har varit lugnare med datorn nu de senaste timmarna.Att den öppnar sidor på egen hand kanske går mer i perioder? Såg du något skumt i senaste körningen?

5 augusti, 2010

Så nu har jag gått igenom loggarna

Vad finns det för filer i dessa mappar?

[2010-07-20 12:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.Zingmark.Terning\Lokala inställningar\Application Data\aqmiylrhb

[2010-07-20 12:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.Zingmark.Terning\Application Data\ECBA931296363342F00047F686F43CA9

För att kunna se dem kan du behöva göra dessa inställningar:

Ställ in Den här datorn eller Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

C:\Documents and Settings\Fam.Zingmark.Terning\Skrivbord\rng8i021.exe (eller vet du vad det är för fil?)

C:\zrpt.xml

C:\Documents and Settings\Fam.Zingmark.Terning\Lokala inställningar\Application Data\405518B7-56FA-4202-8D4E-8B8B0CBCBAC9.txt

C:\WINDOWS\dbgmsgcfg.dll

C:\WINDOWS\System32\qt-dx331.dll

Eftersom du har en extern hårddisk så är det bäst att göra följande för att vara säker på att den inte sprider någon smitta. Likaså om du har USB-minnen som varit anslutna till datorn. Spara Flash Disinfector by sUBs på Skrivbordet:

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in den externa hårddisken och USB-minnen.

När allt är klart så avsluta programmet och starta om datorn.

Fungerar Loggboken?

Kontrollpanelen - Administrationsverktyg - Loggboken

5 augusti, 2010

Nä, samma elände igen. Redirected. Nåt med Blueseek igen. Suck. :thumbsdown:

En massa virus på en gång

Rekommendera Poster

Ziner

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

ZendaEbbe

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Cecilia

Länk till kommentar

Dela på andra webbplatser

Ziner

Länk till kommentar

Dela på andra webbplatser

Arkiverat

Vem är online 0 Medlemmar, 0 anonym, 14 gäster (Visa hela listan)

Populära medlemmar