En massa virus på en gång

[Ziner]

Ja datorn har blivit bra mycket snabbare i alla fall.

Båda mapparna du först frågade om var tomma. Det fanns två mappar med namnet lokala inställningar, den ena inte lika färgstark, om du förstår vad jag menar.

rng8i021.exe är GMER.Ska kolla med Virus total.

[Cecilia]

Du kan ta bort de två tomma mapparna.

 

Då behöver du förstås inte kolla rng8i021 på virustotal-sidan.

[Ziner]

http://www.virustotal.com/sv/analisis/4c02161a70d1397cb51e10a70ff6a79b585d60528cb3613abcbdf801d7b340a3-1280169576

Fil 405518B7-56FA-4202-8D4E-8B8B0CBCB mottagen 2010.08.05 22:27:39 (UTC)Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2010.08.06.00 2010.08.05 -

AntiVir 8.2.4.32 2010.08.05 -

Antiy-AVL 2.0.3.7 2010.08.03 -

Authentium 5.2.0.5 2010.08.05 -

Avast 4.8.1351.0 2010.08.05 -

Avast5 5.0.332.0 2010.08.05 -

AVG 9.0.0.851 2010.08.05 -

BitDefender 7.2 2010.08.05 -

CAT-QuickHeal 11.00 2010.08.05 -

ClamAV 0.96.0.3-git 2010.08.05 -

Comodo 5659 2010.08.05 -

DrWeb 5.0.2.03300 2010.08.05 -

Emsisoft 5.0.0.36 2010.08.05 -

eSafe 7.0.17.0 2010.08.05 -

eTrust-Vet 36.1.7768 2010.08.05 -

F-Prot 4.6.1.107 2010.08.05 -

F-Secure 9.0.15370.0 2010.08.05 -

Fortinet 4.1.143.0 2010.08.05 -

GData 21 2010.08.05 -

Ikarus T3.1.1.84.0 2010.08.05 -

Jiangmin 13.0.900 2010.08.03 -

Kaspersky 7.0.0.125 2010.08.05 -

McAfee 5.400.0.1158 2010.08.06 -

McAfee-GW-Edition 2010.1 2010.08.05 -

Microsoft 1.6004 2010.08.05 -

NOD32 5345 2010.08.05 -

Norman 6.05.11 2010.08.05 -

nProtect 2010-08-05.01 2010.08.05 -

Panda 10.0.2.7 2010.08.05 -

PCTools 7.0.3.5 2010.08.04 -

Prevx 3.0 2010.08.06 -

Rising 22.59.03.04 2010.08.05 -

Sophos 4.56.0 2010.08.05 -

Sunbelt 6691 2010.08.05 -

SUPERAntiSpyware 4.40.0.1006 2010.08.05 -

Symantec 20101.1.1.7 2010.08.05 -

TheHacker 6.5.2.1.334 2010.08.05 -

TrendMicro 9.120.0.1004 2010.08.05 -

TrendMicro-HouseCall 9.120.0.1004 2010.08.05 -

VBA32 3.12.12.8 2010.08.04 -

ViRobot 2010.8.4.3971 2010.08.05 -

VirusBuster 5.0.27.0 2010.08.05 -

 

Övrig information

File size: 3264 bytes

MD5...: 76fb8cab2e8a5681ad2b4dece17f97e7

SHA1..: 5db4fdc1ad9edb286ef63160e75080485b82ea64

SHA256: 3d06d184fadc65e2029645f2b913ee4d351be220b76eba0d209f500e4305638b

ssdeep: 96:R72fP6kJAuU3xoJk2hwNZa9xrYWIaOcgAo1kmE3I0Gcd2C5:R7OP6kDhwSHrY<BR>WugmE3I0t2C5<BR>

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Unknown!

sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

 

http://www.virustotal.com/sv/analisis/db091219757f20daf074f7ba9cff6464a072c4b1a84253b88f890ef5c0423982-1249168150

 

http://www.virustotal.com/sv/analisis/25a319e7b2d510a6e8af5f6c728cf3e1d0f4b3e09c73105ffc07757d7e092960-1280988542

[Ziner]

Ja, loggboken verkar fungera. Något särskilt jag ska titta efter där?

[Cecilia]

Jag bara frågade om loggboken därför att det står så här i Extras.txt:

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

Det som du klistrade in i rutan i OTL blev oläsligt därför att alla radbrytningar försvann. Gör ett nytt försök.

 

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Under Standard Registry välj All.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna och att varje rad här blir en rad i rutan):

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

 

Tryck på Quick Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

[Ziner]

Ok, jag gjorde fel första gången. Ändrade inte om till rader i Otl. Nu gick det väl bättre. Såg i ett annat forum, tror det var Bleeping..., att en kille blev så galen på redirections till Blueseek att han formaterade datorn. Det ska väl inte behövas?

 

OTL logfile created on: 2010-08-06 11:56:15 - Run 3

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Fam.Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 55,88 Gb Total Space | 9,13 Gb Free Space | 16,33% Space Free | Partition Type: NTFS

Drive D: | 55,88 Gb Total Space | 8,49 Gb Free Space | 15,19% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 465,75 Gb Total Space | 43,47 Gb Free Space | 9,33% Space Free | Partition Type: NTFS

 

Computer Name: NYDATORN

Current User Name: Fam.

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Fam.\Skrivbord\OTL.exe (OldTimer Tools)

PRC - C:\Program\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\Voddler\service\voddler.exe (Voddler)

PRC - C:\Program\Voddler\service\VNetManager.exe ()

PRC - C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

PRC - C:\Program\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

PRC - C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

PRC - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe (Glocalnet AB)

PRC - C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

PRC - C:\Program\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

PRC - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

PRC - C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Fam.\Skrivbord\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\Program\CyberLink\PowerDVD\hodll.dll ()

MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avg9wd) -- C:\Program\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (VoddlerNet) -- C:\Program\Voddler\service\voddler.exe (Voddler)

SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (BredbandscenterDownloader) -- C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

SRV - (GlocalnetBredbandClientService) -- C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe (Glocalnet AB)

SRV - (usnjsvc) -- C:\Program\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (AdobeActiveFileMonitor4.0) -- C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

SRV - (IDriverT) -- C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (EPSONStatusAgent2) -- C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (MosIrUsb) -- C:\WINDOWS\system32\drivers\MosIrUsb.sys ()

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)

DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)

DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)

DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)

DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)

DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)

DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

O1 HOSTS File: ([2010-08-05 09:00:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [AVFX Engine] C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bredbandscenter] C:\Program\Glocalnet\Bredbandscenter\Launcher.exe (Glocalnet AB)

O4 - HKLM..\Run: [Genväg till egenskapssida för High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [instantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe ()

O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [Polar Sync] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WD Backup Monitor.lnk = C:\Program\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

O4 - Startup: C:\Documents and Settings\Fam.Start-meny\Program\Autostart\Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

O4 - Startup: C:\Documents and Settings\Fam.Start-meny\Program\Autostart\Nikon Monitor.lnk = C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} https://hembanken.danskebank.se/html/activex/OEB/Menu.cab (CSMenu Class)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.se/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147373208703 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} http://www.extrafilm.se/ImageUploader4.cab (Image Uploader)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://hembanken.danskebank.se/html/activex/e-Safekey/OEB/e-Safekey.cab (e-Safekey)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-08-06 00:59:39 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-08-06 00:59:40 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2007-12-04 07:31:08 | 000,000,000 | ---D | M] - J:\autorun -- [ NTFS ]

O32 - AutoRun File - [2010-08-06 00:59:40 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.wmv3 - C:\Program\Combined Community Codec Pack\Filters\wmv9vcm.dll (Microsoft Corporation)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (70945304882446336)

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-08-06 00:59:39 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010-08-05 22:09:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fam.\Skrivbord\OTL.exe

[2010-08-05 14:57:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-08-05 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010-08-04 15:07:42 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fam.\Skrivbord\TDSSKiller.exe

[2010-08-04 09:16:57 | 000,229,441 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Fam.\Skrivbord\Delnvc5.exe

[2010-08-03 06:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010-08-03 06:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Adobe

[2010-07-31 23:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\virtotal

[2010-07-31 11:51:04 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-07-31 11:45:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-07-31 11:45:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-07-31 11:45:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-07-31 11:45:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-07-31 11:45:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010-07-31 11:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-07-31 10:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010-07-31 10:36:42 | 000,000,000 | ---D | C] -- C:\Program\WinZip

[2010-07-31 10:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\dds

[2010-07-30 20:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\wd

[2010-07-20 13:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010-07-20 13:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\Malwarebytes

[2010-07-20 13:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-07-20 13:38:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-07-20 13:38:16 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2010-07-20 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010-07-20 13:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010-07-20 13:37:02 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fam.\Skrivbord\mbam-setup.exe

[2010-07-20 13:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010-07-20 13:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010-07-17 09:07:50 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-06-27 19:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\Sonic Solutions

[2010-06-11 22:03:20 | 000,000,000 | ---D | C] -- C:\Program\FLV Player

[2010-05-25 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\Bröllposlåtar

[2010-05-17 17:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Unity

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-08-06 11:22:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-08-06 09:31:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-08-06 09:30:49 | 000,045,039 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-08-06 09:30:12 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-08-06 09:30:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-08-06 09:29:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-08-06 09:29:54 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys

[2010-08-06 09:27:41 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Fam.\ntuser.dat

[2010-08-06 09:27:41 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Fam.\ntuser.ini

[2010-08-06 09:26:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-08-06 08:22:06 | 062,985,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-08-06 00:52:00 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Flash_Disinfector.exe

[2010-08-05 23:18:36 | 000,007,516 | ---- | M] () -- C:\Documents and Settings\Fam.\Application Data\wklnhst.dat

[2010-08-05 22:09:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fam.\Skrivbord\OTL.exe

[2010-08-05 09:03:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-08-05 09:00:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-08-05 00:35:13 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\rng8i021.exe

[2010-08-04 23:41:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\settings.dat

[2010-08-04 23:07:26 | 000,308,913 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Mieletvättmaskin.pdf

[2010-08-04 22:43:22 | 001,600,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium) (2).bmp

[2010-08-04 22:42:27 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös.bmp

[2010-08-04 22:26:41 | 001,600,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium).bmp

[2010-08-04 16:49:41 | 003,749,693 | R--- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\ComboFix.exe

[2010-08-04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fam.\Skrivbord\TDSSKiller.exe

[2010-08-04 09:16:58 | 000,229,441 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Fam.\Skrivbord\Delnvc5.exe

[2010-08-02 20:48:12 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-08-02 16:08:24 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp1

[2010-08-02 16:05:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\MBRCheck.exe

[2010-08-01 20:51:30 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Fam.\defogger_reenable

[2010-08-01 09:10:11 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp

[2010-07-31 23:02:06 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Fam.\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-31 23:02:06 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Fam.Skrivbord\Spybot - Search & Destroy.lnk

[2010-07-31 11:51:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-07-31 10:37:06 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk

[2010-07-31 09:59:17 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\dds.scr

[2010-07-30 20:05:03 | 000,143,872 | ---- | M] () -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-20 17:53:52 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Fam.Start-meny\Program\Autostart\Last.fm Helper.lnk

[2010-07-20 14:17:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2010-07-20 13:38:20 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2010-07-20 13:37:02 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fam.Skrivbord\mbam-setup.exe

[2010-07-20 13:28:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Fam.Skrivbord\rkill.com

[2010-07-20 13:00:21 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

[2010-07-20 11:41:21 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 9.lnk

[2010-07-17 09:07:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-07-17 09:07:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-07-17 09:07:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-07-13 14:02:06 | 000,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2010-06-27 17:45:50 | 004,209,504 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Fam.\Skrivbord\Spotify Installer.exe

[2010-06-25 20:03:26 | 001,150,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-25 20:03:26 | 000,493,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-25 20:03:26 | 000,465,410 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2010-06-25 20:03:26 | 000,101,610 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2010-06-25 20:03:26 | 000,093,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-17 22:47:17 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Vigselprogram.doc

[2010-06-14 12:04:14 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllopsmiddagsprogram.doc

[2010-06-14 00:55:09 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop barn.doc

[2010-06-10 20:55:14 | 000,285,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-10 20:37:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-10 20:35:58 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-06-08 18:13:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop program.doc

[2010-06-02 16:07:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-05-20 18:20:19 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Google Earth.lnk

[2010-05-14 18:16:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-05-14 12:40:34 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Bolibompa svt.se.url

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-08-06 00:51:59 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Flash_Disinfector.exe

[2010-08-05 08:41:39 | 2146,881,536 | -HS- | C] () -- C:\hiberfil.sys

[2010-08-05 00:35:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\rng8i021.exe

[2010-08-04 23:41:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\settings.dat

[2010-08-04 23:07:26 | 000,308,913 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Mieletvättmaskin.pdf

[2010-08-04 22:43:22 | 001,600,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium) (2).bmp

[2010-08-04 22:42:27 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös.bmp

[2010-08-04 22:26:41 | 001,600,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium).bmp

[2010-08-02 16:08:24 | 000,000,512 | ---- | C] () -- C:\mbrziner.dmp1

[2010-08-02 16:05:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\MBRCheck.exe

[2010-08-02 14:39:14 | 003,749,693 | R--- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\ComboFix.exe

[2010-08-01 20:14:04 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Fam.\defogger_reenable

[2010-08-01 09:10:11 | 000,000,512 | ---- | C] () -- C:\mbrziner.dmp

[2010-07-31 23:02:06 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Fam.\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-31 23:02:06 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Spybot - Search & Destroy.lnk

[2010-07-31 11:51:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010-07-31 11:51:09 | 000,260,784 | ---- | C] () -- C:\cmldr

[2010-07-31 11:45:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-07-31 11:45:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-07-31 11:45:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-07-31 11:45:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-07-31 11:45:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-07-31 10:37:06 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk

[2010-07-31 09:59:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\dds.scr

[2010-07-20 14:17:01 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm

[2010-07-20 14:07:36 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\405518B7-56FA-4202-8D4E-8B8B0CBCBAC9.txt

[2010-07-20 13:38:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2010-07-20 13:28:05 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\rkill.com

[2010-07-20 12:59:59 | 000,000,150 | ---- | C] () -- C:\zrpt.xml

[2010-06-27 23:16:34 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\Fam.ntuser.dat

[2010-06-17 22:15:03 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Fam.Mina dokument\Vigselprogram.doc

[2010-06-14 00:55:09 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fam.Mina dokument\Bröllop barn.doc

[2010-06-09 22:57:56 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllopsmiddagsprogram.doc

[2010-06-08 18:13:47 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop program.doc

[2010-05-20 18:20:19 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Google Earth.lnk

[2010-05-14 12:40:34 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Fam.Skrivbord\Bolibompa svt.se.url

[2010-04-06 20:31:11 | 000,020,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys

[2010-02-25 18:22:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\dbgmsgcfg.dll

[2009-11-18 17:40:07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\RRK.INI

[2009-11-15 10:45:00 | 000,000,864 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009-11-15 10:44:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2008-07-18 09:12:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2008-06-09 00:39:59 | 000,000,124 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2007-10-31 01:00:07 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2007-10-30 21:30:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2007-03-27 09:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006-12-12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006-11-12 17:50:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006-07-09 12:05:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2006-05-11 20:28:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006-05-11 20:28:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006-04-19 19:13:40 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-04-19 19:13:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-04-19 19:13:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-04-19 19:13:38 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-04-19 19:13:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006-04-19 19:02:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2006-04-19 19:02:34 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2006-04-19 18:40:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006-04-19 18:08:05 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

[2006-04-19 18:06:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

[2006-04-19 18:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

[2006-04-19 18:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

[2006-04-19 18:06:40 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2006-04-19 17:59:29 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006-04-19 17:29:39 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006-04-19 17:24:37 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003-04-08 11:35:24 | 000,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 

========== LOP Check ==========

 

[2010-07-31 08:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010-07-20 17:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009-05-17 20:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2007-08-10 11:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey

[2008-06-09 00:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp

[2006-11-10 23:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData

[2007-07-03 13:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2008-01-06 16:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2008-06-09 00:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon

[2008-06-09 00:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tables

[2008-06-09 00:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15

[2008-06-09 00:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\URLs

[2010-07-31 10:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2008-11-24 21:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2007-12-14 13:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Bioshock

[2008-01-17 16:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Glocalnet

[2007-07-25 13:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Glocalnet Bredband

[2008-10-05 13:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\GrabPro

[2007-08-04 15:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Leadertech

[2008-06-09 00:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Nikon

[2006-10-25 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Opera

[2008-10-18 15:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Orbit

[2006-10-19 15:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Personal

[2010-02-22 23:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Sony

[2010-02-22 23:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.Application Data\Sony Setup

[2010-07-21 13:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Spotify

[2009-04-15 22:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\TeamViewer

[2010-07-30 19:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\uTorrent

[2010-04-21 21:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.Application Data\VoddlerPlayer.22AA32E1C519F8FB77514A36DC6C2AE2C623240F.1

[2008-08-03 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fam.\Application Data\Vso

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006-04-19 19:18:57 | 000,001,058 | ---- | M] () -- C:\868000452104.dat

[2006-11-10 23:27:20 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt

[2007-12-03 19:38:09 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo

[2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT

[2006-05-10 21:26:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010-07-31 11:51:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004-08-03 23:00:18 | 000,260,784 | ---- | M] () -- C:\cmldr

[2010-08-05 09:12:12 | 000,017,414 | ---- | M] () -- C:\ComboFix.txt

[2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS

[2006-05-25 12:16:22 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin

[2006-05-10 21:27:26 | 000,000,027 | ---- | M] () -- C:\expand.txt

[2007-02-13 00:18:10 | 000,000,281 | ---- | M] () -- C:\Genväg till 000000 (D).lnk

[2009-01-09 08:01:07 | 000,000,087 | ---- | M] () -- C:\gputest.txt

[2010-08-06 09:29:54 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys

[2009-04-15 22:36:49 | 000,000,342 | ---- | M] () -- C:\iepv.cfg

[2007-10-31 01:00:10 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG

[2006-04-19 17:26:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2004-11-01 15:07:18 | 000,000,019 | ---- | M] () -- C:\LANG.TXT

[2002-03-19 13:38:42 | 000,000,013 | ---- | M] () -- C:\Language.txt

[2010-04-10 22:38:00 | 000,002,777 | ---- | M] () -- C:\LGSInst.Log

[2010-08-01 09:10:11 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp

[2010-08-02 16:08:24 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp1

[2006-04-19 17:26:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008-09-17 07:12:52 | 000,250,560 | RHS- | M] () -- C:\ntldr

[2004-08-04 14:00:00 | 000,000,002 | ---- | M] () -- C:\oem.tag

[2010-08-06 09:29:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2006-04-19 19:18:59 | 000,017,201 | -H-- | M] () -- C:\Prodlog.txt

[2010-07-31 16:58:53 | 000,000,485 | ---- | M] () -- C:\rkill.log

[2010-08-04 23:55:45 | 000,001,920 | ---- | M] () -- C:\RootRepeal report 08-04-10 (23-55-45).txt

[2010-08-05 09:47:39 | 000,001,694 | ---- | M] () -- C:\RootRepeal report 08-05-10 (09-47-39).txt

[2007-02-02 23:33:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm

[2007-03-26 12:22:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2007-03-26 20:00:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2007-03-27 10:36:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2007-03-31 20:29:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2007-03-31 22:44:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2007-02-02 23:33:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2007-03-26 12:22:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2007-03-26 20:00:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2007-03-27 10:36:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2007-03-31 20:29:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2007-03-31 22:44:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2010-07-20 14:17:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009-04-15 22:30:54 | 001,880,648 | ---- | M] () -- C:\TeamViewer_Setup.exe

[2009-06-04 07:05:37 | 000,000,204 | ---- | M] () -- C:\UI_Fam..log

[2001-05-24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

[2007-03-04 22:07:52 | 000,000,146 | ---- | M] () -- C:\YServer.txt

[2010-07-20 13:00:21 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

 

< %systemroot%\system32\*.wt >

 

< %systemroot%\system32\*.ruy >

 

< %systemroot%\Fonts\*.com >

[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2006-04-19 17:26:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\Fonts\*.exe >

 

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

[2008-07-06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2007-04-09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

[2008-07-06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

 

< %systemroot%\REPAIR\*.bak1 >

 

< %systemroot%\REPAIR\*.ini >

 

< %systemroot%\system32\*.jpg >

 

< %systemroot%\*.jpg >

 

< %systemroot%\*.png >

 

< %systemroot%\*.scr >

[2005-04-12 15:45:56 | 000,656,896 | ---- | M] (Neoaspire.com) -- C:\WINDOWS\fsc-scr.scr

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

< %systemroot%\*._sy >

 

< %APPDATA%\Adobe\Update\*.* >

 

< %ALLUSERSPROFILE%\Favorites\*.* >

 

< %APPDATA%\Microsoft\*.* >

 

< %PROGRAMFILES%\*.* >

 

< %APPDATA%\Update\*.* >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

[2006-04-19 19:21:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006-04-19 19:21:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2006-04-19 19:21:40 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpda >

 

< te\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Windo >

 

< wsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Extras.Txt

[Cecilia]

Jag flyttade inlägget om din andra dator till en egen tråd så att jag inte börjar titta på fel loggar. //eforum.idg.se/topic/222221-ziner-dator-2-koll/

Du vill kanske redigera dina loggar så att efternamnen inte framgår. Det är ju trots allt ovanliga efternamn.

 

Jag vet inte om det blir nödvändigt med en formatering, min arsenal med verktyg är inte oändlig och hittills har det ju inte gått att hitta filen/filerna som orsakar problemet, men vi ska inte ge upp hoppet än

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

C:\WINDOWS\System32\appmgmts.dll

C:\WINDOWS\fsc-scr.scr

 

Ladda ner HijackThis från en av länkarna:

http://www.trendmicro.com/ftp/products/hijackthis/HiJackThis.msi (bästa alternativet)

http://www.filehippo.com/download_hijackthis/

http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

 

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna på varsin rad):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

 

Avbocka LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

[Cecilia]

Spara senaste MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

 

Det har gått några dagar sedan du laddade ner den senaste ComboFix-programmet så det kan vara dags för en ny version.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Hur man kör det kan du väl vid det här laget

[Ziner]

http://www.virustotal.com/sv/analisis/a0fb2d4ae0ec1f95777733ffbfdc829deddff1fca95c322b79e3694552956cb2-1264950070

 

Kunde inte hitta den andra filen under System32.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:46:39, on 2010-08-06

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\AVG\AVG9\avgchsvx.exe

C:\Program\AVG\AVG9\avgrsx.exe

C:\Program\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\AVG\AVG9\avgwdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe

C:\Program\AVG\AVG9\avgnsx.exe

C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\AVG\AVG9\avgtray.exe

C:\Program\Voddler\service\VNetManager.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\My Book\WD Backup\uBBMonitor.exe

C:\Program\WinZip\WZQKPICK.EXE

C:\Program\Last.fm\LastFMHelper.exe

C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe

C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Java\jre6\bin\jucheck.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\msiexec.exe

C:\Program\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVFX Engine] C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe

O4 - HKLM\..\Run: [bredbandscenter] "C:\Program\Glocalnet\Bredbandscenter\Launcher.exe" /winstart

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program\Creative\Shared Files\CamTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe

O4 - Startup: Nikon Monitor.lnk = C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe

O4 - Startup: Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: WD Backup Monitor.lnk = C:\Program\My Book\WD Backup\uBBMonitor.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program\Delade filer\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @c:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://hembanken.danskebank.se/html/activex/OEB/Menu.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147373208703

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://hembanken.danskebank.se/html/activex/e-Safekey/OEB/e-Safekey.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: BredbandscenterDownloader - Glocalnet AB - C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

O23 - Service: Glocalnet Bredband (GlocalnetBredbandClientService) - Glocalnet AB - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VoddlerNet - Voddler - C:\Program\Voddler\service\voddler.exe

 

--

End of file - 10857 bytes

[Cecilia]

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

[Ziner]

OTL logfile created on: 2010-08-06 15:53:17 - Run 4

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Fam.\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 55,88 Gb Total Space | 9,06 Gb Free Space | 16,22% Space Free | Partition Type: NTFS

Drive D: | 55,88 Gb Total Space | 8,49 Gb Free Space | 15,19% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive J: | 465,75 Gb Total Space | 43,47 Gb Free Space | 9,33% Space Free | Partition Type: NTFS

 

Computer Name: NYDATORN

Current User Name: Fam.

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 90 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Fam.\Skrivbord\OTL.exe (OldTimer Tools)

PRC - C:\Program\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\Voddler\service\voddler.exe (Voddler)

PRC - C:\Program\Voddler\service\VNetManager.exe ()

PRC - C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

PRC - C:\Program\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

PRC - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

PRC - C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

PRC - C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe (Glocalnet AB)

PRC - C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

PRC - C:\Program\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

PRC - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

PRC - C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

PRC - C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Fam.Skrivbord\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

MOD - C:\Program\CyberLink\PowerDVD\hodll.dll ()

MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (avg9wd) -- C:\Program\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (VoddlerNet) -- C:\Program\Voddler\service\voddler.exe (Voddler)

SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (BredbandscenterDownloader) -- C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe (Glocalnet AB)

SRV - (GlocalnetBredbandClientService) -- C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe (Glocalnet AB)

SRV - (usnjsvc) -- C:\Program\MSN Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (AdobeActiveFileMonitor4.0) -- C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe ()

SRV - (IDriverT) -- C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (EPSONStatusAgent2) -- C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (MosIrUsb) -- C:\WINDOWS\system32\drivers\MosIrUsb.sys ()

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (sea1unic) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM) -- C:\WINDOWS\system32\drivers\sea1unic.sys (MCCI)

DRV - (sea1obex) -- C:\WINDOWS\system32\drivers\sea1obex.sys (MCCI)

DRV - (sea1nd5) Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS) -- C:\WINDOWS\system32\drivers\sea1nd5.sys (MCCI)

DRV - (sea1mgmt) Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sea1mgmt.sys (MCCI)

DRV - (sea1mdm) -- C:\WINDOWS\system32\drivers\sea1mdm.sys (MCCI)

DRV - (sea1mdfl) -- C:\WINDOWS\system32\drivers\sea1mdfl.sys (MCCI)

DRV - (sea1bus) Sony Ericsson Device 0A1 driver (WDM) -- C:\WINDOWS\system32\drivers\sea1bus.sys (MCCI)

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (V0250Dev) -- C:\WINDOWS\system32\drivers\V0250Dev.sys (Creative Technology Ltd.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

O1 HOSTS File: ([2010-08-05 09:00:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program\AVG\AVG9\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [AVFX Engine] C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bredbandscenter] C:\Program\Glocalnet\Bredbandscenter\Launcher.exe (Glocalnet AB)

O4 - HKLM..\Run: [Genväg till egenskapssida för High Definition Audio] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [instantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)

O4 - HKLM..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe ()

O4 - HKCU..\Run: [Creative WebCam Tray] C:\Program\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)

O4 - HKCU..\Run: [Polar Sync] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WD Backup Monitor.lnk = C:\Program\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)

O4 - Startup: C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Last.fm Helper.lnk = C:\Program\Last.fm\LastFMHelper.exe (Last.fm)

O4 - Startup: C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Nikon Monitor.lnk = C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)

O4 - Startup: C:\Documents and Settings\Fam.\Start-meny\Program\Autostart\Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} https://hembanken.danskebank.se/html/activex/OEB/Menu.cab (CSMenu Class)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.extrafilm.se/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147373208703 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} http://www.extrafilm.se/ImageUploader4.cab (Image Uploader)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://hembanken.danskebank.se/html/activex/e-Safekey/OEB/e-Safekey.cab (e-Safekey)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Fam.Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-08-06 00:59:39 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-08-06 00:59:40 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2007-12-04 07:31:08 | 000,000,000 | ---D | M] - J:\autorun -- [ NTFS ]

O32 - AutoRun File - [2010-08-06 00:59:40 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (70945304882446336)

 

========== Files/Folders - Created Within 90 Days ==========

 

[2010-08-06 15:46:19 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro

[2010-08-06 00:59:39 | 000,000,000 | RHSD | C] -- C:\autorun.inf

[2010-08-05 22:09:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fam.\Skrivbord\OTL.exe

[2010-08-05 14:57:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010-08-05 14:56:08 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Fam.\Skrivbord\ATF-Cleaner.exe

[2010-08-05 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010-08-04 15:07:42 | 001,196,368 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fam.Skrivbord\TDSSKiller.exe

[2010-08-04 09:16:57 | 000,229,441 | ---- | C] (Norman ASA) -- C:\Documents and Settings\Fam.\Skrivbord\Delnvc5.exe

[2010-08-03 06:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2010-08-03 06:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Adobe

[2010-07-31 23:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\virtotal

[2010-07-31 11:51:04 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010-07-31 11:45:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010-07-31 11:45:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010-07-31 11:45:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010-07-31 11:45:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010-07-31 11:45:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010-07-31 11:39:28 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010-07-31 10:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2010-07-31 10:36:42 | 000,000,000 | ---D | C] -- C:\Program\WinZip

[2010-07-31 10:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\dds

[2010-07-30 20:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\wd

[2010-07-20 13:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010-07-20 13:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\Malwarebytes

[2010-07-20 13:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-07-20 13:38:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-07-20 13:38:16 | 000,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2010-07-20 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010-07-20 13:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010-07-20 13:37:02 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fam.\Skrivbord\mbam-setup.exe

[2010-07-20 13:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010-07-20 13:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010-07-17 09:07:50 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-06-27 19:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Application Data\Sonic Solutions

[2010-06-11 22:03:20 | 000,000,000 | ---D | C] -- C:\Program\FLV Player

[2010-06-10 16:56:34 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010-05-25 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Mina dokument\Bröllposlåtar

[2010-05-17 17:14:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\Unity

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 90 Days ==========

 

[2010-08-06 15:46:28 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\HiJackThis.lnk

[2010-08-06 15:45:41 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\HiJackThis.msi

[2010-08-06 15:22:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-08-06 09:31:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-08-06 09:30:49 | 000,045,039 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010-08-06 09:30:12 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-08-06 09:30:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-08-06 09:29:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-08-06 09:29:54 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys

[2010-08-06 09:27:41 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Fam.\ntuser.dat

[2010-08-06 09:27:41 | 000,000,304 | -HS- | M] () -- C:\Documents and Settings\Fam.\ntuser.ini

[2010-08-06 09:26:22 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010-08-06 08:22:06 | 062,985,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-08-06 00:52:00 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Flash_Disinfector.exe

[2010-08-05 23:18:36 | 000,007,516 | ---- | M] () -- C:\Documents and Settings\Fam.\Application Data\wklnhst.dat

[2010-08-05 22:09:11 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fam.\Skrivbord\OTL.exe

[2010-08-05 14:56:02 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Fam.\Skrivbord\ATF-Cleaner.exe

[2010-08-05 09:03:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010-08-05 09:00:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-08-05 00:35:13 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\rng8i021.exe

[2010-08-04 23:41:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\settings.dat

[2010-08-04 23:07:26 | 000,308,913 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Mieletvättmaskin.pdf

[2010-08-04 22:43:22 | 001,600,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium) (2).bmp

[2010-08-04 22:42:27 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös.bmp

[2010-08-04 22:26:41 | 001,600,054 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium).bmp

[2010-08-04 16:49:41 | 003,749,693 | R--- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\ComboFix.exe

[2010-08-04 15:07:42 | 001,196,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Fam.\Skrivbord\TDSSKiller.exe

[2010-08-04 09:16:58 | 000,229,441 | ---- | M] (Norman ASA) -- C:\Documents and Settings\Fam.\Skrivbord\Delnvc5.exe

[2010-08-02 20:48:12 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-08-02 16:08:24 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp1

[2010-08-02 16:05:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\FamSkrivbord\MBRCheck.exe

[2010-08-01 20:51:30 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Fam.\defogger_reenable

[2010-08-01 09:10:11 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp

[2010-07-31 23:02:06 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Fam.\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-31 23:02:06 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Fam.Skrivbord\Spybot - Search & Destroy.lnk

[2010-07-31 11:51:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010-07-31 10:37:06 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk

[2010-07-31 09:59:17 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Fam.Mina dokument\dds.scr

[2010-07-30 20:05:03 | 000,143,872 | ---- | M] () -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-07-20 17:53:52 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Fam.Start-meny\Program\Autostart\Last.fm Helper.lnk

[2010-07-20 14:17:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2010-07-20 13:38:20 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2010-07-20 13:37:02 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Fam.\Skrivbord\mbam-setup.exe

[2010-07-20 13:28:10 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\rkill.com

[2010-07-20 13:00:21 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

[2010-07-20 11:41:21 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Adobe Reader 9.lnk

[2010-07-17 09:07:52 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-07-17 09:07:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2010-07-17 09:07:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2010-07-13 14:02:06 | 000,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2010-06-27 17:45:50 | 004,209,504 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\Fam.\Skrivbord\Spotify Installer.exe

[2010-06-25 20:03:26 | 001,150,276 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-25 20:03:26 | 000,493,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-25 20:03:26 | 000,465,410 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2010-06-25 20:03:26 | 000,101,610 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2010-06-25 20:03:26 | 000,093,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-17 22:47:17 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Vigselprogram.doc

[2010-06-14 16:30:28 | 000,743,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010-06-14 12:04:14 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllopsmiddagsprogram.doc

[2010-06-14 00:55:09 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop barn.doc

[2010-06-10 20:55:14 | 000,285,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-10 20:37:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-10 20:35:58 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini

[2010-06-08 18:13:47 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop program.doc

[2010-06-02 16:07:43 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-05-20 18:20:19 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Google Earth.lnk

[2010-05-14 18:16:00 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010-05-14 12:40:34 | 000,000,196 | ---- | M] () -- C:\Documents and Settings\Fam.\Skrivbord\Bolibompa svt.se.url

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-08-06 15:46:19 | 000,002,439 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\HiJackThis.lnk

[2010-08-06 15:45:37 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\HiJackThis.msi

[2010-08-06 00:51:59 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Fam.Skrivbord\Flash_Disinfector.exe

[2010-08-05 08:41:39 | 2146,881,536 | -HS- | C] () -- C:\hiberfil.sys

[2010-08-05 00:35:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\rng8i021.exe

[2010-08-04 23:41:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\settings.dat

[2010-08-04 23:07:26 | 000,308,913 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Mieletvättmaskin.pdf

[2010-08-04 22:43:22 | 001,600,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium) (2).bmp

[2010-08-04 22:42:27 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös.bmp

[2010-08-04 22:26:41 | 001,600,054 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\namnlös (Medium).bmp

[2010-08-02 16:08:24 | 000,000,512 | ---- | C] () -- C:\mbrziner.dmp1

[2010-08-02 16:05:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\MBRCheck.exe

[2010-08-02 14:39:14 | 003,749,693 | R--- | C] () -- C:\Documents and Settings\Fam.Skrivbord\ComboFix.exe

[2010-08-01 20:14:04 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Fam.defogger_reenable

[2010-08-01 09:10:11 | 000,000,512 | ---- | C] () -- C:\mbrziner.dmp

[2010-07-31 23:02:06 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Fam.\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2010-07-31 23:02:06 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\Spybot - Search & Destroy.lnk

[2010-07-31 11:51:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010-07-31 11:51:09 | 000,260,784 | ---- | C] () -- C:\cmldr

[2010-07-31 11:45:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010-07-31 11:45:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010-07-31 11:45:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010-07-31 11:45:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010-07-31 11:45:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010-07-31 10:37:06 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk

[2010-07-31 09:59:17 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\dds.scr

[2010-07-20 14:17:01 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | C] () -- C:\sqmdata06.sqm

[2010-07-20 14:07:36 | 000,003,264 | ---- | C] () -- C:\Documents and Settings\Fam.\Lokala inställningar\Application Data\405518B7-56FA-4202-8D4E-8B8B0CBCBAC9.txt

[2010-07-20 13:38:20 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2010-07-20 13:28:05 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Fam.\Skrivbord\rkill.com

[2010-07-20 12:59:59 | 000,000,150 | ---- | C] () -- C:\zrpt.xml

[2010-06-27 23:16:34 | 012,058,624 | ---- | C] () -- C:\Documents and Settings\Fam.\ntuser.dat

[2010-06-17 22:15:03 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Vigselprogram.doc

[2010-06-14 00:55:09 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop barn.doc

[2010-06-09 22:57:56 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllopsmiddagsprogram.doc

[2010-06-08 18:13:47 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Fam.\Mina dokument\Bröllop program.doc

[2010-05-20 18:20:19 | 000,001,877 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Google Earth.lnk

[2010-05-14 12:40:34 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Fam.Skrivbord\Bolibompa svt.se.url

[2010-04-06 20:31:11 | 000,020,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\MosIrUsb.sys

[2010-02-25 18:22:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\dbgmsgcfg.dll

[2009-11-18 17:40:07 | 000,005,824 | ---- | C] () -- C:\WINDOWS\RRK.INI

[2009-11-15 10:45:00 | 000,000,864 | ---- | C] () -- C:\WINDOWS\_delis32.ini

[2009-11-15 10:44:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI

[2008-07-18 09:12:30 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2008-06-09 00:39:59 | 000,000,124 | ---- | C] () -- C:\WINDOWS\ViewNX.INI

[2007-10-31 01:00:07 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI

[2007-10-30 21:30:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2007-03-27 09:55:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006-12-12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2006-11-12 17:50:39 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2006-07-09 12:05:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2006-05-11 20:28:34 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2006-05-11 20:28:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2006-04-19 19:13:40 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006-04-19 19:13:40 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006-04-19 19:13:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006-04-19 19:13:38 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006-04-19 19:13:18 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2006-04-19 19:02:58 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2006-04-19 19:02:34 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2006-04-19 18:40:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006-04-19 18:08:05 | 000,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll

[2006-04-19 18:06:55 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll

[2006-04-19 18:06:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll

[2006-04-19 18:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll

[2006-04-19 18:06:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll

[2006-04-19 18:06:40 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini

[2006-04-19 17:59:29 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006-04-19 17:29:39 | 000,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2006-04-19 17:24:37 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003-04-08 11:35:24 | 000,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006-04-19 19:18:57 | 000,001,058 | ---- | M] () -- C:\868000452104.dat

[2006-11-10 23:27:20 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt

[2007-12-03 19:38:09 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo

[2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () -- C:\AUTOEXEC.BAT

[2006-05-10 21:26:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010-07-31 11:51:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2004-08-04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004-08-03 23:00:18 | 000,260,784 | ---- | M] () -- C:\cmldr

[2010-08-05 09:12:12 | 000,017,414 | ---- | M] () -- C:\ComboFix.txt

[2006-04-19 17:26:51 | 000,000,000 | -HS- | M] () -- C:\CONFIG.SYS

[2006-05-25 12:16:22 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin

[2006-05-10 21:27:26 | 000,000,027 | ---- | M] () -- C:\expand.txt

[2007-02-13 00:18:10 | 000,000,281 | ---- | M] () -- C:\Genväg till 000000 (D).lnk

[2009-01-09 08:01:07 | 000,000,087 | ---- | M] () -- C:\gputest.txt

[2010-08-06 09:29:54 | 2146,881,536 | -HS- | M] () -- C:\hiberfil.sys

[2009-04-15 22:36:49 | 000,000,342 | ---- | M] () -- C:\iepv.cfg

[2007-10-31 01:00:10 | 000,001,119 | ---- | M] () -- C:\INSTALL.LOG

[2006-04-19 17:26:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2004-11-01 15:07:18 | 000,000,019 | ---- | M] () -- C:\LANG.TXT

[2002-03-19 13:38:42 | 000,000,013 | ---- | M] () -- C:\Language.txt

[2010-04-10 22:38:00 | 000,002,777 | ---- | M] () -- C:\LGSInst.Log

[2010-08-01 09:10:11 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp

[2010-08-02 16:08:24 | 000,000,512 | ---- | M] () -- C:\mbrziner.dmp1

[2006-04-19 17:26:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004-08-04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008-09-17 07:12:52 | 000,250,560 | RHS- | M] () -- C:\ntldr

[2004-08-04 14:00:00 | 000,000,002 | ---- | M] () -- C:\oem.tag

[2010-08-06 09:29:52 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2006-04-19 19:18:59 | 000,017,201 | -H-- | M] () -- C:\Prodlog.txt

[2010-07-31 16:58:53 | 000,000,485 | ---- | M] () -- C:\rkill.log

[2010-08-04 23:55:45 | 000,001,920 | ---- | M] () -- C:\RootRepeal report 08-04-10 (23-55-45).txt

[2010-08-05 09:47:39 | 000,001,694 | ---- | M] () -- C:\RootRepeal report 08-05-10 (09-47-39).txt

[2007-02-02 23:33:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm

[2007-03-26 12:22:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2007-03-26 20:00:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2007-03-27 10:36:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2007-03-31 20:29:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2007-03-31 22:44:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2010-07-20 14:17:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2007-02-02 23:33:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2007-03-26 12:22:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2007-03-26 20:00:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2007-03-27 10:36:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2007-03-31 20:29:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2007-03-31 22:44:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2010-07-20 14:17:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2009-04-15 22:30:54 | 001,880,648 | ---- | M] () -- C:\TeamViewer_Setup.exe

[2009-06-04 07:05:37 | 000,000,204 | ---- | M] () -- C:\UI_Fam..log

[2001-05-24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

[2007-03-04 22:07:52 | 000,000,146 | ---- | M] () -- C:\YServer.txt

[2010-07-20 13:00:21 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

 

 

< MD5 for: AGP440.SYS >

[2004-08-04 14:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008-09-17 07:08:56 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004-08-04 14:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2008-09-17 07:08:56 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008-04-13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\274285f55676ec83f9874949246f58fc\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004-08-04 14:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008-09-17 07:08:56 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004-08-04 14:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2008-09-17 07:08:56 | 023,884,604 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008-04-13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\274285f55676ec83f9874949246f58fc\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004-08-04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

 

< MD5 for: EVENTLOG.DLL >

[2008-04-14 18:04:38 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A6DF967AE8E836D053DB46398F603E5 -- C:\WINDOWS\SoftwareDistribution\Download\274285f55676ec83f9874949246f58fc\eventlog.dll

[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004-08-04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: IASTOR.SYS >

[2005-10-12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys

[2005-10-12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\OemDir\iaStor.sys

[2005-10-12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

 

< MD5 for: NETLOGON.DLL >

[2009-02-06 20:47:22 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=132A5BBF7FB14BAE44D8803A34E73A96 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2009-02-06 20:47:22 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=132A5BBF7FB14BAE44D8803A34E73A96 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2009-02-06 20:47:22 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=132A5BBF7FB14BAE44D8803A34E73A96 -- C:\WINDOWS\system32\netlogon.dll

[2008-04-14 18:04:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4F4A16EAEB932AE413E48923E6A400E0 -- C:\WINDOWS\SoftwareDistribution\Download\274285f55676ec83f9874949246f58fc\netlogon.dll

[2004-08-04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A6FD3341EC1A98A31B044C6E0DAF8F26 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2004-08-04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A6FD3341EC1A98A31B044C6E0DAF8F26 -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

 

< MD5 for: NVATABUS.SYS >

[2005-08-18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\I386\$oem$\textmode\nvatabus.sys

[2005-08-18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\OemDir\nvatabus.sys

[2005-08-18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys

 

< MD5 for: SCECLI.DLL >

[2004-08-04 14:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2004-08-04 14:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2004-08-04 14:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004-08-04 14:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\system32\scecli.dll

[2008-04-14 18:04:47 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=3B50B494647E60CE6AC516E3F5C82B25 -- C:\WINDOWS\SoftwareDistribution\Download\274285f55676ec83f9874949246f58fc\scecli.dll

 

< MD5 for: VIAMRAID.SYS >

[2005-04-08 11:43:26 | 000,060,928 | ---- | M] (VIA Technologies inc,.ltd) MD5=0363E216E4EB5052969C96608934DBDE -- C:\WINDOWS\system32\drivers\viamraid.sys

[2005-11-23 11:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys

[2005-11-23 11:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\OemDir\viamraid.sys

[2005-11-23 11:12:12 | 000,092,672 | ---- | M] (VIA Technologies inc,.ltd) MD5=FBF18F9F5FB852C2976723587B44F346 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\viamraid.sys

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

[2006-04-19 19:21:40 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2006-04-19 19:21:40 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2006-04-19 19:21:40 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

Extras.Txt

[Ziner]

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 2 (build 2600)

Logical Drives Mask: 0x0000021c

 

Kernel Drivers (total 133):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D0000 \WINDOWS\system32\hal.dll

0x89BFD000 \WINDOWS\system32\KDCOM.DLL

0xBA4BC000 \WINDOWS\system32\BOOTVID.dll

0xB9F79000 ACPI.sys

0xBA5A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB9F68000 pci.sys

0xBA0A8000 isapnp.sys

0xBA0B8000 ohci1394.sys

0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xBA4C0000 compbatt.sys

0xBA4C4000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xBA670000 pciide.sys

0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xBA5AA000 intelide.sys

0xBA0D8000 MountMgr.sys

0xB9F49000 ftdisk.sys

0xBA4C8000 ACPIEC.sys

0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

0xBA330000 PartMgr.sys

0xBA0E8000 VolSnap.sys

0xB9F31000 atapi.sys

0xB9E5B000 iaStor.sys

0xBA0F8000 viamraid.sys

0xB9E43000 \WINDOWS\system32\drivers\SCSIPORT.SYS

0xB9E2C000 nvatabus.sys

0xB9E19000 nvraid.sys

0xBA108000 \WINDOWS\system32\drivers\CLASSPNP.SYS

0xBA338000 SiSRaid2.sys

0xBA118000 disk.sys

0xB9DF9000 fltMgr.sys

0xB9DE7000 sr.sys

0xBA128000 PxHelp20.sys

0xB9DD0000 KSecDD.sys

0xB9DBD000 WudfPf.sys

0xB9D30000 Ntfs.sys

0xB9D03000 NDIS.sys

0xB9CE9000 Mup.sys

0xB929C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB5E1A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB5E06000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB5DE1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xBA388000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB5DBE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xBA390000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB5BA2000 \SystemRoot\system32\DRIVERS\w29n51.sys

0xB6C97000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xB5B90000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys

0xB6C87000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xBA398000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB5B61000 \SystemRoot\system32\DRIVERS\SynTP.sys

0xBA5B8000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xBA3A0000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB6C77000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB6C67000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB6C57000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB5B3E000 \SystemRoot\system32\DRIVERS\ks.sys

0xB948A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xB9482000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xBA7C0000 \SystemRoot\system32\DRIVERS\audstub.sys

0xBA3A8000 \SystemRoot\system32\DRIVERS\rasirda.sys

0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB6C47000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xBA584000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB5B27000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB666A000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB665A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB5B16000 \SystemRoot\system32\DRIVERS\psched.sys

0xB664A000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xBA3B8000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xBA3C0000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB663A000 \SystemRoot\system32\DRIVERS\termdd.sys

0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB5ABD000 \SystemRoot\system32\DRIVERS\update.sys

0xBA58C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xBA590000 \SystemRoot\system32\drivers\WmBEnum.sys

0xB662A000 \SystemRoot\system32\drivers\WmXlCore.sys

0xB661A000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB9472000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xB39F0000 \SystemRoot\system32\DRIVERS\smserial.sys

0xBA3C8000 \SystemRoot\System32\Drivers\Modem.SYS

0xB3782000 \SystemRoot\system32\drivers\RtkHDAud.sys

0xB3760000 \SystemRoot\system32\drivers\portcls.sys

0xB660A000 \SystemRoot\system32\drivers\drmk.sys

0xB65EA000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xBA5C4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xBA77D000 \SystemRoot\System32\Drivers\Null.SYS

0xBA5C6000 \SystemRoot\System32\Drivers\Beep.SYS

0xBA3E8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xBA460000 \SystemRoot\System32\drivers\vga.sys

0xBA5C8000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xBA5CC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xBA3F8000 \SystemRoot\System32\Drivers\Msfs.SYS

0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB66D9000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB372D000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB36D4000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB369A000 \SystemRoot\System32\Drivers\avgtdix.sys

0xB3679000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB65DA000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB6223000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xB3629000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB3607000 \SystemRoot\System32\drivers\afd.sys

0xB6213000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB35DC000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB356D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB6203000 \SystemRoot\System32\Drivers\Fips.SYS

0xBA478000 \SystemRoot\System32\Drivers\avgmfx86.sys

0xB3539000 \SystemRoot\System32\Drivers\avgldx86.sys

0xBA488000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xBA490000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xBA54C000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xBA208000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB66DD000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0xBA298000 \SystemRoot\System32\Drivers\dump_viamraid.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xB3661000 \SystemRoot\System32\drivers\Dxapi.sys

0xBA428000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xBA6D1000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xA9D1A000 \SystemRoot\system32\DRIVERS\irda.sys

0xA9D98000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xA9336000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xA8A31000 \SystemRoot\system32\drivers\wdmaud.sys

0xB71BB000 \SystemRoot\system32\drivers\sysaudio.sys

0xA84DA000 \SystemRoot\system32\DRIVERS\srv.sys

0xA896B000 \SystemRoot\system32\DRIVERS\secdrv.sys

0xA7D69000 \SystemRoot\System32\Drivers\HTTP.sys

0xA32BA000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

 

Processes (total 60):

0 System Idle Process

4 System

808 C:\WINDOWS\system32\smss.exe

884 csrss.exe

908 C:\WINDOWS\system32\winlogon.exe

956 C:\WINDOWS\system32\services.exe

968 C:\WINDOWS\system32\lsass.exe

1120 C:\WINDOWS\system32\svchost.exe

1204 svchost.exe

1248 C:\WINDOWS\system32\svchost.exe

1296 C:\WINDOWS\system32\svchost.exe

1336 C:\Program\AVG\AVG9\avgchsvx.exe

1344 C:\Program\AVG\AVG9\avgrsx.exe

1432 svchost.exe

1556 svchost.exe

1596 C:\Program\AVG\AVG9\avgcsrvx.exe

236 C:\WINDOWS\system32\spoolsv.exe

388 svchost.exe

424 C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

460 C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

876 C:\Program\AVG\AVG9\avgwdsvc.exe

864 C:\WINDOWS\explorer.exe

1028 C:\Program\Bonjour\mDNSResponder.exe

1844 C:\Program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe

592 C:\Program\AVG\AVG9\avgnsx.exe

1664 C:\Program\Delade filer\EPSON\EBAPI\SAgent2.exe

2256 C:\Program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe

2348 C:\Program\Java\jre6\bin\jqs.exe

2432 C:\WINDOWS\system32\nvsvc32.exe

2664 C:\WINDOWS\system32\svchost.exe

2816 voddler.exe

2984 C:\WINDOWS\SOUNDMAN.EXE

3140 C:\Program\Synaptics\SynTP\SynTPLpr.exe

3212 C:\Program\Synaptics\SynTP\SynTPEnh.exe

3224 C:\Program\CyberLink\PowerDVD\PDVDServ.exe

3260 C:\WINDOWS\sm56hlpr.exe

3288 C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe

3316 C:\Program\Creative\Creative Live! Cam\VideoFX\StartFX.exe

3324 C:\WINDOWS\system32\WDBtnMgr.exe

3352 C:\Program\iTunes\iTunesHelper.exe

3360 C:\Program\AVG\AVG9\avgtray.exe

3432 C:\Program\Voddler\service\VNetManager.exe

3572 C:\Program\Java\jre6\bin\jusched.exe

3628 C:\WINDOWS\system32\ctfmon.exe

3760 C:\Program\Personal\bin\Personal.exe

3768 C:\Program\My Book\WD Backup\uBBMonitor.exe

3776 C:\Program\WinZip\WZQKPICK.EXE

3784 C:\Program\Last.fm\LastFMHelper.exe

3800 C:\Program\Delade filer\Nikon\Monitor\NkMonitor.exe

3820 C:\Program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

748 wmiprvse.exe

2972 alg.exe

3624 unsecapp.exe

1084 C:\Program\iPod\bin\iPodService.exe

684 C:\WINDOWS\system32\wuauclt.exe

608 C:\Program\Java\jre6\bin\jucheck.exe

1380 C:\Program\Internet Explorer\iexplore.exe

3476 C:\Program\Internet Explorer\iexplore.exe

4076 C:\Program\Internet Explorer\iexplore.exe

3488 C:\Documents and Settings\Fam.Zingmark.Terning\Skrivbord\MBRCheck.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\J: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

 

PhysicalDrive0 Model Number: FUJITSUMHT2060BH, Rev: 0000104B

PhysicalDrive1 Model Number: FUJITSUMHT2060BH, Rev: 0000104B

PhysicalDrive2 Model Number: WD5000AA External, Rev: 200i

 

Size Device Name MBR Status

--------------------------------------------

55 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: 0FB0E5D5B2D4EAA0D52CE3663A3D396AF9D9D241

55 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

465 GB \\.\PhysicalDrive2 RE: Unknown MBR code

SHA1: D90653CCC05EE39D4D44E1F67C33297D65F3ED4F

 

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Done!

[Ziner]

Ny körning med Combofix, uppdaterad. Rotaktivitet. Sen var explorer inte längre vald som standardläsare konstigt nog.

ComboFix 10-08-05.06 - Fam. 2010-08-06 16:51:35.12.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1590 [GMT 2:00]

Körs från: c:\documents and settings\Fam.\Skrivbord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-06 till 2010-08-06 ))))))))))))))))))))))))))))))

.

 

2010-08-06 13:46 . 2010-08-06 13:46 388096 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-06 13:46 . 2010-08-06 13:46 -------- d-----w- c:\program\Trend Micro

2010-08-06 04:47 . 2010-08-06 04:47 -------- d-----r- c:\documents and settings\NetworkService\Favoriter

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 07:26 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-05 21:18 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-08-01_15.26.27 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-08-06 14:44 . 2010-08-06 14:44 16384 c:\windows\temp\Perflib_Perfdata_78c.dat

+ 2010-08-06 13:46 . 2010-08-06 13:46 1094656 c:\windows\Installer\1591429.msi

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

Toolbar-Locked - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-06 17:02

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x89B5EB4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Sluttid: 2010-08-06 17:08:29

ComboFix-quarantined-files.txt 2010-08-06 15:08

ComboFix2.txt 2010-08-05 07:12

ComboFix3.txt 2010-08-04 15:20

ComboFix4.txt 2010-08-04 13:47

ComboFix5.txt 2010-08-06 14:24

 

Före genomsökningen: 9 666 035 712 byte ledigt

Efter genomsökningen: 9 682 567 168 byte ledigt

 

- - End Of File - - 01172F6600352D350DC5AA0FA0FAD379

te längre standardläsare av nån anledning.

[Cecilia]

Att det ska vara så svårt att hitta var den där rootkit-aktiviteten ligger någonstans.

 

Kopiera alla rader i rutan:

Killall::
FCopy::
C:\WINDOWS\system32\drivers\viamraid.sys | C:\viamraid.sys
C:\WINDOWS\system32\netlogon.dll | C:\netlogon.dll

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Starta om datorn.

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här.

C:\868000452104.dat

C:\viamraid.sys

C:\netlogon.dll

[Ziner]

Ny Combofixkörning.

 

 

ComboFix 10-08-06.01 - Fam. 2010-08-06 20:37:58.13.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1548 [GMT 2:00]

Körs från: c:\documents and settings\Fam.Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

(((((((((((((((((((((((( Filer Skapade från 2010-07-06 till 2010-08-06 ))))))))))))))))))))))))))))))

.

 

2010-08-06 13:46 . 2010-08-06 13:46 -------- d-----w- c:\program\Trend Micro

2010-08-06 04:47 . 2010-08-06 04:47 -------- d-----r- c:\documents and settings\NetworkService\Favoriter

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 13:46 . 2010-08-06 13:46 388096 ----a-r- c:\documents and settings\Fam.Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-06 07:26 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-05 21:18 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\Fam.\Application Data\uTorrent

2010-07-21 11:11 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.Application Data\Spotify

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\Fam.\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-06 21:00

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A15B4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(2636)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program\Bonjour\mdnsNSP.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-06 21:12:02 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-06 19:11

ComboFix2.txt 2010-08-06 15:08

ComboFix3.txt 2010-08-05 07:12

ComboFix4.txt 2010-08-04 15:20

ComboFix5.txt 2010-08-06 17:57

 

Före genomsökningen: 9 674 100 736 byte ledigt

Efter genomsökningen: 9 667 964 928 byte ledigt

 

- - End Of File - - E9BA84267756EA350E8E5FA13A581CC9

[Cecilia]

Något problem med virustotal?

[Ziner]

Fil 868000452104.dat mottagen 2010.08.06 21:20:13 (UTC)Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2010.08.07.00 2010.08.06 -

AntiVir 8.2.4.34 2010.08.06 -

Antiy-AVL 2.0.3.7 2010.08.06 -

Authentium 5.2.0.5 2010.08.06 -

Avast 4.8.1351.0 2010.08.06 -

Avast5 5.0.332.0 2010.08.06 -

BitDefender 7.2 2010.08.06 -

CAT-QuickHeal 11.00 2010.08.06 -

ClamAV 0.96.0.3-git 2010.08.06 -

Comodo 5669 2010.08.06 -

Emsisoft 5.0.0.36 2010.08.06 -

eSafe 7.0.17.0 2010.08.05 -

eTrust-Vet 36.1.7771 2010.08.06 -

F-Prot 4.6.1.107 2010.08.06 -

Fortinet 4.1.143.0 2010.08.06 -

GData 21 2010.08.06 -

Ikarus T3.1.1.84.0 2010.08.06 -

Jiangmin 13.0.900 2010.08.03 -

Kaspersky 7.0.0.125 2010.08.06 -

McAfee 5.400.0.1158 2010.08.06 -

McAfee-GW-Edition 2010.1 2010.08.06 -

Microsoft 1.6004 2010.08.06 -

NOD32 5348 2010.08.06 -

nProtect 2010-08-06.01 2010.08.06 -

Panda 10.0.2.7 2010.08.06 -

Prevx 3.0 2010.08.06 -

Rising 22.59.04.04 2010.08.06 -

Sophos 4.56.0 2010.08.06 -

SUPERAntiSpyware 4.40.0.1006 2010.08.06 -

TheHacker 6.5.2.1.335 2010.08.06 -

TrendMicro 9.120.0.1004 2010.08.06 -

TrendMicro-HouseCall 9.120.0.1004 2010.08.06 -

VBA32 3.12.12.8 2010.08.04 -

ViRobot 2010.7.29.3961 2010.08.06 -

VirusBuster 5.0.27.0 2010.08.06 -

 

Övrig information

File size: 1058 bytes

MD5...: 31fdc94c199770ba9942f30588fb89df

SHA1..: d63afff40ae99f8669476a9909b7b6605485b91b

SHA256: 397782aa9911a12bb45a3bc38f2ddfddeabde0be77de0ec0057ab1e6e9d78edf

ssdeep: 24:jJzBPmmRK25zd4b4bsZRxNLEnZskNMx5O7v7NrCut:BBTN5RoT4swNt<BR>

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set<BR>-

pdfid.: -

trid..: Unknown!

sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

 

 

Kunde inte hitta Viamraid eller netlogon

[Cecilia]

Då gick inte senaste CFScript bra. Gör om inlägg 89 och var noga med att CFScript verkligen ser ut som i rutan.

[Ziner]

Ok. Nu tar vi nya tag. Gjorde om 89. Rootkitaktivitet i vanlig ordning.

 

ComboFix 10-08-06.01 - Fam. 2010-08-09 10:30:40.14.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.46.1053.18.2047.1588 [GMT 2:00]

Körs från: c:\documents and settings\Fam.\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Fam.\Skrivbord\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

--------------- FCopy ---------------

 

c:\windows\system32\drivers\viamraid.sys --> C:\viamraid.sys

c:\windows\system32\netlogon.dll --> C:\netlogon.dll

.

(((((((((((((((((((((((( Filer Skapade från 2010-07-09 till 2010-08-09 ))))))))))))))))))))))))))))))

.

 

2010-08-09 08:30 . 2009-02-06 18:47 408064 ----a-w- C:\netlogon.dll

2010-08-09 08:30 . 2005-04-08 09:43 60928 ----a-w- C:\viamraid.sys

2010-08-06 13:46 . 2010-08-06 13:46 388096 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-06 13:46 . 2010-08-06 13:46 -------- d-----w- c:\program\Trend Micro

2010-08-06 04:47 . 2010-08-06 04:47 -------- d-----r- c:\documents and settings\NetworkService\Favoriter

2010-07-31 08:36 . 2010-07-31 08:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip

2010-07-21 06:59 . 2010-07-21 06:59 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll

2010-07-21 06:59 . 2010-07-21 06:59 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll

2010-07-21 06:59 . 2010-07-21 06:59 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\Fam.\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\program\Malwarebytes' Anti-Malware

2010-07-20 11:38 . 2010-07-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-20 11:38 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-20 11:05 . 2010-07-20 11:05 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-----r- c:\documents and settings\LocalService\Favoriter

2010-07-20 11:03 . 2010-07-20 11:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-07-17 07:08 . 2010-07-17 07:08 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-17 07:08 . 2010-07-17 07:08 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-17 07:07 . 2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-17 07:06 . 2010-07-17 07:06 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-17 07:06 . 2010-07-17 07:06 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-17 07:06 . 2010-07-17 07:06 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-17 07:06 . 2010-07-17 07:06 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-06 21:23 . 2009-11-29 15:02 -------- d-----w- c:\documents and settings\Fam.\Application Data\Spotify

2010-08-06 07:26 . 2006-09-28 19:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-05 21:18 . 2006-05-15 11:34 7516 ----a-w- c:\documents and settings\Fam.\Application Data\wklnhst.dat

2010-08-01 06:56 . 2006-09-15 08:08 -------- d-----w- c:\program\Spybot - Search & Destroy

2010-07-31 21:03 . 2006-09-15 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-07-31 06:40 . 2009-06-22 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-07-30 18:19 . 2007-12-03 17:32 10134 ----a-r- c:\documents and settings\Fam.\Application Data\Microsoft\Installer\{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}\ARPPRODUCTICON.exe

2010-07-30 17:57 . 2006-05-14 22:15 -------- d-----w- c:\documents and settings\F\Application Data\uTorrent

2010-07-20 15:51 . 2009-11-03 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-17 07:07 . 2009-06-22 08:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-17 07:07 . 2009-06-22 08:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-27 17:58 . 2010-06-27 17:58 -------- d-----w- c:\documents and settings\F\Application Data\Sonic Solutions

2010-06-25 18:03 . 2006-04-19 17:02 465410 ----a-w- c:\windows\system32\perfh01D.dat

2010-06-25 18:03 . 2006-04-19 17:02 101610 ----a-w- c:\windows\system32\perfc01D.dat

2010-06-14 14:30 . 2006-04-19 15:25 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-11 20:03 . 2010-06-11 20:03 -------- d-----w- c:\program\FLV Player

2010-06-02 14:07 . 2009-06-22 08:36 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-25 11:12 . 2010-05-25 11:12 503808 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcp71.dll

2010-05-25 11:12 . 2010-05-25 11:12 499712 ----a-w- c:\documents and settings\Fam.Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\jmc.dll

2010-05-25 11:12 . 2010-05-25 11:12 348160 ----a-w- c:\documents and settings\Fam.\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-7bf9c098-n\msvcr71.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 12:01 1230080 ----a-w- c:\program\AVG\AVG9\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Creative WebCam Tray"="c:\program\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

"Polar Sync"="" [bU]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" [2005-01-07 61952]

"SoundMan"="SOUNDMAN.EXE" [2005-03-10 90112]

"AlcWzrd"="ALCWZRD.EXE" [2005-03-10 2803712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-19 7405568]

"nwiz"="nwiz.exe" [2008-05-19 1519616]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]

"SMSERIAL"="sm56hlpr.exe" [2005-08-01 544768]

"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]

"Adobe Photo Downloader"="c:\program\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-15 57344]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"AVFX Engine"="c:\program\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-19 20480]

"WD Button Manager"="WDBtnMgr.exe" [2007-12-03 364544]

"Bredbandscenter"="c:\program\Glocalnet\Bredbandscenter\Launcher.exe" [2008-01-29 808104]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"AVG9_TRAY"="c:\program\AVG\AVG9\avgtray.exe" [2010-07-17 2065760]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2009-11-10 417792]

"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2010-04-09 579784]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

c:\documents and settings\Fam.\Start-meny\Program\Autostart\

Last.fm Helper.lnk - c:\program\Last.fm\LastFMHelper.exe [2008-1-5 106496]

Nikon Monitor.lnk - c:\program\Delade filer\Nikon\Monitor\NkMonitor.exe [2007-6-14 479232]

Picture Motion Browser verktyg f”r mediekontroll.lnk - c:\program\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-5 385024]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BankID s„kerhetsprogram.lnk - c:\program\Personal\bin\Personal.exe [2009-9-4 939920]

WD Backup Monitor.lnk - c:\program\My Book\WD Backup\uBBMonitor.exe [2007-12-3 98304]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2010-4-5 494920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-17 07:07 12536 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\utorrent.exe"=

"c:\\Program\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Documents and Settings\\Fam.\\Skrivbord\\Spotify Installer.exe"=

"c:\\Program\\Voddler\\service\\voddler.exe"=

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-06-22 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-06-22 243024]

R2 avg9wd;AVG Free WatchDog;c:\program\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136]

R2 BredbandscenterDownloader;BredbandscenterDownloader;c:\program\Glocalnet\Bredbandscenter\BredbandscenterUpdater.exe [2008-01-17 1055912]

R2 GlocalnetBredbandClientService;Glocalnet Bredband;c:\program\Glocalnet Bredband\Bredbandsklienten\GlocalnetBredbandService.exe [2007-07-25 1034240]

R2 VoddlerNet;VoddlerNet;c:\program\Voddler\service\voddler.exe [2010-04-09 867536]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 135664]

S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [2010-04-06 20736]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [2007-08-04 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [2007-08-04 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [2007-08-04 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [2007-08-04 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [2007-08-04 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [2007-08-04 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [2007-08-04 90800]

S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [2007-01-25 163840]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2006-09-06 643072]

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

 

2010-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-03-14 06:07]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} - hxxps://hembanken.danskebank.se/html/activex/OEB/Menu.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2010-08-09 10:45

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A10B4C]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3

\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8

\Driver\atapi -> atapi.sys @ 0xb9f377b4

\Driver\iaStor -> iaStor.sys @ 0xb9e6db58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80578cb6

NDIS: Intel® PRO/Wireless 2200BG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d18ba0

PacketIndicateHandler -> NDIS.sys @ 0xb9d25b21

SendHandler -> NDIS.sys @ 0xb9d0387b

user & kernel MBR OK

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-667845635-2202822803-230670660-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:11,da,6a,1f,18,4e,79,a5,b3,e0,fa,c5,00,be,95,3a,95,1f,e6,2a,43,16,b0,

0b,b7,15,6e,ad,1d,0a,f6,46,98,3e,9e,e1,e6,45,98,21,40,77,c2,47,8e,ff,b9,bd,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'explorer.exe'(560)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\program\Bonjour\mdnsNSP.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\AVG\AVG9\avgchsvx.exe

c:\program\AVG\AVG9\avgrsx.exe

c:\program\AVG\AVG9\avgcsrvx.exe

c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Delade filer\EPSON\EBAPI\SAgent2.exe

c:\program\AVG\AVG9\avgnsx.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\SOUNDMAN.EXE

c:\windows\sm56hlpr.exe

c:\windows\system32\WDBtnMgr.exe

c:\program\iPod\bin\iPodService.exe

.

**************************************************************************

.

Sluttid: 2010-08-09 10:55:51 - datorn startades om.

ComboFix-quarantined-files.txt 2010-08-09 08:55

ComboFix2.txt 2010-08-06 19:12

ComboFix3.txt 2010-08-06 15:08

ComboFix4.txt 2010-08-05 07:12

ComboFix5.txt 2010-08-09 08:16

 

Före genomsökningen: 9 606 684 672 byte ledigt

Efter genomsökningen: 9 622 327 296 byte ledigt

 

- - End Of File - - 3A2AABE70AE173DECA3810F6A544964B

[Cecilia]

Ja, nu gick kopieringen bra

Då kan du kolla upp

C:\viamraid.sys

C:\netlogon.dll

på virustotal-sidan.

 

Är "Polar Sync" fortfarande installerat? Startar det automatiskt?

Det genererar en del knepiga rader i loggarna.

[Ziner]

http://www.virustotal.com/sv/analisis/0b6b60909e464294ae4aaa243c522365b88fb8fcddc57dba1eb96dd524c90c7e-1271756858

 

http://www.virustotal.com/sv/analisis/1650fc68c2b7f8abd709ce3527fe9b7705238ce4d8bbe0f40b80c681ad6e2cd3-1250234236

 

Polarprogrammet startar inte automatiskt när jag startar datorn.

[Cecilia]

Start - msconfig - Autostart

Hittar du något med Polar där? I så fall avbocka den raden, starta om datorn och kör ComboFix igen.

[Ziner]

Nej, hittar inget med polar där!

[Cecilia]

Kolla upp samma två filer på virustotal-sidan och denna gång trycker du på Omanalysera fil så vi får färska resultat.

 

Ta bort den combofix du har och ladda ner senaste versionen.

 

Kopiera alla rader i rutan:

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Polar Sync"=-

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

[Cecilia]

Innan du kör ComboFix starta om datorn i felsäkert läge så får vi se om det går bättre för programmet att hitta något där.

 

Felsäkert läge innebär att du trycker F8 upprepade gånger under uppstarten och väljer felsäkert läge i menyn som kommer upp.