Opera, firefox och IE hänger sig

[putifar]

OTL

OTL logfile created on: 2011-01-09 19:27:04 - Run 2

OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Folke\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 29,81 Gb Total Space | 7,50 Gb Free Space | 25,17% Space Free | Partition Type: NTFS

Drive F: | 268,28 Gb Total Space | 51,43 Gb Free Space | 19,17% Space Free | Partition Type: NTFS

 

Computer Name: WOLKE | User Name: Folke | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Folke\Skrivbord\OTL.exe (OldTimer Tools)

PRC - C:\Program\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - F:\Program\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)

PRC - C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

PRC - C:\Program\Delade filer\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Program\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Folke\Skrivbord\OTL.exe (OldTimer Tools)

MOD - C:\Documents and Settings\All Users\Application Data\doasosubrim.tmp ()

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\pstorec.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\shfolder.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wsock32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (srservice) -- C:\WINDOWS\System32\srsvc.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AVGIDSAgent) -- C:\Program\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (SENS) -- C:\Documents and Settings\All Users\Application Data\doasosubrim.dat ()

SRV - (Apple Mobile Device) -- C:\Program\Delade filer\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (TunngleService) -- C:\Program\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)

SRV - (LVPrcSrv) -- C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program\WinPcap\rpcapd.exe (CACE Technologies)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (GGSAFERDriver) -- F:\Garena\safedrv.sys File not found

DRV - (cpuz132) -- C:\DOCUME~1\Folke\LOKALA~1\Temp\cpuz132\cpuz132_x32.sys File not found

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (GarenaPEngine) -- C:\Documents and Settings\Folke\Lokala inställningar\Temp\UMC206.tmp ()

DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()

DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)

DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)

DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)

DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)

DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (usbaudio) USB-ljuddrivrutiner (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (msloop) -- C:\WINDOWS\system32\drivers\loop.sys (Microsoft Corporation)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-10-13 00:38:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program\AVG\AVG10\Firefox\ [2010-12-28 13:13:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program\Java\jre6\lib\deploy\jqs\ff [2010-04-04 13:06:59 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2004-08-04 13:00:00 | 000,000,710 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Adress) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Länkar) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [ATICCC] C:\Program\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)

O4 - HKLM..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] F:\Program\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program\Delade filer\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [WinampAgent] F:\Winamp\winampa.exe ()

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Logitech Vid] F:\Program\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - HKCU..\Run: [msnmsgr] C:\Program\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKCU..\Run: [skype] C:\Program\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [uTorrent] F:\Program\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O9 - Extra Button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\Msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\Msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\doasosubrim.tmp) - C:\Documents and Settings\All Users\Application Data\doasosubrim.tmp ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-10-10 19:09:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010-05-04 01:26:49 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-05-04 01:26:49 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]

O33 - MountPoints2\{6cf612d8-101a-11e0-98dd-0015f261dc2f}\Shell - "" = AutoRun

O33 - MountPoints2\{6cf612d8-101a-11e0-98dd-0015f261dc2f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\Program\AVG\AVG10\avgchsvx.exe /sync) - C:\Program\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\Program\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Unable to start service SrService!

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-01-09 19:23:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011-01-09 19:22:40 | 000,000,000 | ---D | C] -- C:\Program\ERUNT

[2011-01-09 19:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\ERUNT

[2011-01-09 19:22:03 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Folke\Skrivbord\erunt-setup.exe

[2011-01-09 18:47:17 | 000,000,000 | -H-D | C] -- C:\$AVG

[2011-01-09 17:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\TDSSKILLER

[2011-01-09 15:03:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Folke\Skrivbord\OTL.exe

[2011-01-09 14:41:21 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Java

[2011-01-09 14:40:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011-01-09 14:40:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011-01-09 14:40:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011-01-09 02:35:50 | 153,229,464 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Folke\Skrivbord\avg_free_x86_all_2011_1191a3330.exe

[2011-01-09 02:14:01 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-01-08 23:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Mozilla

[2011-01-07 02:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\SKIDROW

[2011-01-06 00:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\LucasArts

[2011-01-05 23:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Application Data\LucasArts

[2011-01-05 23:48:14 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll

[2011-01-05 23:48:14 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll

[2011-01-05 23:48:14 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll

[2011-01-05 23:48:13 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll

[2011-01-05 23:48:12 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll

[2011-01-05 23:48:12 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll

[2011-01-05 23:48:11 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll

[2011-01-05 23:48:11 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll

[2011-01-05 23:48:10 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

[2011-01-05 23:48:10 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

[2011-01-05 23:48:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

[2011-01-05 23:48:08 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

[2011-01-05 23:48:07 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll

[2011-01-05 23:48:07 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll

[2011-01-05 23:48:06 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll

[2011-01-05 23:48:04 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll

[2011-01-05 23:48:03 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll

[2011-01-05 23:48:02 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll

[2011-01-05 23:48:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll

[2011-01-05 23:48:01 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll

[2011-01-05 23:48:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll

[2011-01-05 23:48:00 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll

[2011-01-05 23:47:58 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll

[2011-01-05 23:47:58 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll

[2011-01-05 23:47:58 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll

[2011-01-05 23:47:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll

[2011-01-05 23:47:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll

[2011-01-05 23:47:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll

[2011-01-05 23:47:56 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll

[2011-01-05 23:47:55 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll

[2011-01-05 23:47:55 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll

[2011-01-05 23:47:54 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll

[2011-01-05 23:47:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll

[2011-01-05 23:47:53 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll

[2011-01-05 23:47:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll

[2011-01-05 23:47:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll

[2011-01-05 23:47:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll

[2011-01-05 23:47:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll

[2011-01-05 23:47:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll

[2011-01-05 23:47:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll

[2011-01-05 23:47:50 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll

[2011-01-05 23:47:50 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll

[2011-01-05 23:47:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll

[2011-01-05 23:47:49 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll

[2011-01-05 23:47:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll

[2011-01-05 23:47:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll

[2011-01-05 23:47:47 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll

[2011-01-05 23:47:47 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll

[2011-01-05 23:47:47 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll

[2011-01-05 23:47:46 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll

[2011-01-05 23:47:45 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll

[2011-01-05 23:47:45 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll

[2011-01-05 23:47:45 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll

[2011-01-05 23:47:44 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll

[2011-01-05 23:47:43 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2011-01-05 23:47:43 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll

[2011-01-05 23:47:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2011-01-05 23:47:42 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll

[2011-01-05 23:47:42 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll

[2011-01-05 23:47:41 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2011-01-05 23:47:41 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll

[2011-01-05 23:47:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2011-01-05 23:47:40 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll

[2011-01-05 23:47:39 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll

[2011-01-05 23:47:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll

[2011-01-05 23:47:38 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll

[2011-01-05 23:47:37 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll

[2011-01-05 23:47:37 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll

[2011-01-05 23:47:36 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll

[2011-01-05 23:47:36 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll

[2011-01-05 23:47:36 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll

[2011-01-05 23:47:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll

[2011-01-05 23:47:35 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2011-01-05 23:47:35 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2011-01-05 23:47:34 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2011-01-05 23:47:34 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2011-01-05 23:47:34 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2011-01-05 23:47:31 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2011-01-05 23:47:31 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2011-01-05 23:47:31 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2011-01-05 23:47:30 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2011-01-05 23:47:30 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2011-01-05 23:47:29 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2011-01-05 23:47:29 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2011-01-05 23:47:28 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2011-01-05 23:47:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

[2011-01-01 02:52:20 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2011-01-01 02:52:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2011-01-01 02:52:19 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2010-12-27 01:24:19 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\loop.sys

[2010-12-27 01:24:19 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys

[2010-12-18 23:47:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\MeepoBot

[2010-12-18 17:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\WC3Banlist

[2010-12-16 21:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Application Data\AVG10

[2010-12-16 21:00:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010-12-16 20:59:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\AVG 2011

[2010-12-16 20:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2010-12-16 20:59:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG

[2010-12-16 20:58:49 | 000,000,000 | ---D | C] -- C:\Program\AVG

[2010-12-16 20:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2010-12-16 19:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\War#2

[2010-12-16 19:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\War#1

[2010-12-16 19:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Folke\Skrivbord\Win BoT

[2010-12-11 01:37:01 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Skype

[2010-12-11 01:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Skype

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011-01-09 19:22:04 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Folke\Skrivbord\erunt-setup.exe

[2011-01-09 17:49:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-01-09 17:48:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat

[2011-01-09 17:48:15 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Folke\defogger_reenable

[2011-01-09 17:46:32 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Defogger.exe

[2011-01-09 15:46:10 | 000,041,472 | ---- | M] () -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-01-09 15:03:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Folke\Skrivbord\OTL.exe

[2011-01-09 14:42:02 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\mbr.exe

[2011-01-09 14:41:13 | 103,833,463 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011-01-09 02:35:50 | 153,229,464 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Folke\Skrivbord\avg_free_x86_all_2011_1191a3330.exe

[2011-01-09 02:31:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011-01-09 02:22:01 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job

[2011-01-09 02:09:41 | 004,150,950 | R--- | M] () -- C:\Documents and Settings\Folke\Skrivbord\ComboFix.exe

[2011-01-09 02:07:23 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\SystemLook.exe

[2011-01-09 00:40:49 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\dds.scr

[2011-01-08 23:51:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2011-01-08 17:34:32 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till CURSE.EXE.lnk

[2011-01-07 17:27:06 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till MISE.exe.lnk

[2011-01-04 15:16:10 | 000,002,987 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\CV.doc

[2011-01-03 23:48:01 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010-12-28 13:14:06 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\AVG 2011.lnk

[2010-12-24 01:16:03 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Skype.lnk

[2010-12-20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010-12-20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010-12-19 13:31:09 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Folke\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

[2010-12-19 13:31:09 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Opera.lnk

[2010-12-18 17:27:03 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\WC3Banlist.lnk

[2010-12-18 17:26:03 | 000,451,339 | ---- | M] () -- C:\Documents and Settings\Folke\Mina dokument\Bannspoon.xml

[2010-12-16 20:32:25 | 000,503,098 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2010-12-16 20:32:25 | 000,502,264 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-12-16 20:32:25 | 000,102,242 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2010-12-16 20:32:25 | 000,087,788 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-12-16 20:15:19 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch32.exe.lnk

[2010-12-16 20:15:06 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch3.exe.lnk

[2010-12-16 11:36:23 | 000,000,683 | ---- | M] () -- C:\Documents and Settings\Folke\Skrivbord\Kopia av Frozen Throne.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011-01-09 17:48:06 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Folke\defogger_reenable

[2011-01-09 17:46:37 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Defogger.exe

[2011-01-09 14:42:01 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\mbr.exe

[2011-01-09 14:41:13 | 103,833,463 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011-01-09 02:09:41 | 004,150,950 | R--- | C] () -- C:\Documents and Settings\Folke\Skrivbord\ComboFix.exe

[2011-01-09 02:07:23 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\SystemLook.exe

[2011-01-09 00:40:49 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\dds.scr

[2011-01-08 23:51:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011-01-08 17:34:32 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till CURSE.EXE.lnk

[2011-01-06 14:40:37 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till MISE.exe.lnk

[2010-12-18 17:27:03 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\WC3Banlist.lnk

[2010-12-18 17:26:03 | 000,451,339 | ---- | C] () -- C:\Documents and Settings\Folke\Mina dokument\Bannspoon.xml

[2010-12-16 20:59:59 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\AVG 2011.lnk

[2010-12-16 20:15:09 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch32.exe.lnk

[2010-12-16 20:14:58 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Genväg till TFTLaunch3.exe.lnk

[2010-12-16 00:30:37 | 000,000,683 | ---- | C] () -- C:\Documents and Settings\Folke\Skrivbord\Kopia av Frozen Throne.lnk

[2010-11-12 13:24:30 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL

[2010-07-28 11:21:52 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2010-05-04 18:20:08 | 001,790,393 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\doasosubrim.dat

[2010-04-01 16:03:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\avitoiPodconverter.ini

[2010-02-15 18:13:48 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009-12-01 14:55:49 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI

[2009-10-11 23:25:57 | 000,041,472 | ---- | C] () -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-10 19:51:49 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009-10-10 19:17:34 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Folke\Lokala inställningar\Application Data\fusioncache.dat

[2009-10-10 19:13:24 | 000,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009-10-07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009-10-07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009-04-30 21:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2005-08-02 22:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2004-08-04 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009-10-10 19:09:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009-10-10 17:55:26 | 000,000,211 | -HS- | M] () -- C:\boot.ini

[2004-08-04 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2009-10-10 19:09:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2009-10-10 19:09:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010-05-03 22:06:48 | 000,000,110 | ---- | M] () -- C:\mbam-error.txt

[2009-10-10 19:09:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004-08-04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009-10-10 19:28:26 | 000,250,560 | RHS- | M] () -- C:\ntldr

[2011-01-09 17:49:06 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

[2004-08-04 13:00:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\poon.drv

[2010-05-04 01:25:18 | 000,000,371 | ---- | M] () -- C:\rkill.log

[2011-01-09 17:56:06 | 000,040,068 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_09.01.2011_17.55.29_log.txt

[2011-01-09 18:30:21 | 000,040,068 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_09.01.2011_18.30.05_log.txt

 

 

< MD5 for: AGP440.SYS >

[2004-08-04 13:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2008-04-13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\agp440.sys

 

< MD5 for: ATAPI.SYS >

[2004-08-04 13:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2008-04-13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\atapi.sys

[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004-08-04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys

[2004-08-03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys

 

< MD5 for: DISK.SYS >

[2004-08-04 13:00:00 | 018,778,343 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys

[2004-08-04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

[2008-04-13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\disk.sys

 

< MD5 for: EVENTLOG.DLL >

[2008-04-14 17:04:38 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=0A6DF967AE8E836D053DB46398F603E5 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\eventlog.dll

[2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\system32\dllcache\eventlog.dll

[2004-08-04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=264DBC116901E89565B830B0CC20F922 -- C:\WINDOWS\system32\eventlog.dll

 

< MD5 for: IASTOR.SYS >

[2004-09-26 14:24:54 | 000,477,952 | ---- | M] (Intel Corporation) MD5=DD19FDD8BB262F64A11C50CC23FC6F70 -- C:\WINDOWS\OEM\iaStor\iaStor.sys

 

< MD5 for: NETLOGON.DLL >

[2009-02-06 19:47:22 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=132A5BBF7FB14BAE44D8803A34E73A96 -- C:\WINDOWS\system32\dllcache\netlogon.dll

[2009-02-06 19:47:22 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=132A5BBF7FB14BAE44D8803A34E73A96 -- C:\WINDOWS\system32\netlogon.dll

[2008-04-14 17:04:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=4F4A16EAEB932AE413E48923E6A400E0 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\netlogon.dll

[2004-08-04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=A6FD3341EC1A98A31B044C6E0DAF8F26 -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

 

< MD5 for: NVATABUS.SYS >

[2004-09-02 08:24:38 | 000,082,816 | ---- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\OEM\nvatabus\nvatabus.sys

 

< MD5 for: SCECLI.DLL >

[2004-08-04 13:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\system32\dllcache\scecli.dll

[2004-08-04 13:00:00 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=24BADA1C3795CB877C67E0F2F8BBAD1F -- C:\WINDOWS\system32\scecli.dll

[2008-04-14 17:04:47 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=3B50B494647E60CE6AC516E3F5C82B25 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\scecli.dll

 

< MD5 for: SR.SYS >

[2008-04-14 16:45:51 | 000,073,344 | ---- | M] (Microsoft Corporation) MD5=1193EF00869F6367367E6E7CB96BE325 -- C:\WINDOWS\SoftwareDistribution\Download\9a14ca4b66ff797a73268961b6265296\sr.sys

[2004-08-04 13:00:00 | 000,073,344 | ---- | M] (Microsoft Corporation) MD5=125CCD7B6B7E4732A03B6F4D69F87F7B -- C:\WINDOWS\system32\dllcache\sr.sys

[2004-08-04 13:00:00 | 000,073,344 | ---- | M] (Microsoft Corporation) MD5=125CCD7B6B7E4732A03B6F4D69F87F7B -- C:\WINDOWS\system32\drivers\sr.sys

 

< MD5 for: VIAMRAID.SYS >

[2004-05-18 14:55:26 | 000,074,112 | ---- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- C:\WINDOWS\OEM\viapdsk\viamraid.sys

 

< End of report >

 

 

 

Extras.txt tror jag är samma som förut OTL står det Run2 men extras är det runtime -15:24,

 

Skall jag ta bort de gamla loggarna och köra scannen en gång till?

 

klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

I OTL är "extra regestry" på "none"

 

VIRUSTOTAL POONDRV

 

Jag vet inte hur MBR ska fungera, men datorn stängdes av och startade igen, och "datorn har återställts efter ett allvarligt fel."

blablabla - teknisk information om felrapporten :

C:\DOCUME~1\Folke\LOKALA~1\Temp\WERcabe.dir00\Mini010911-02.dmp

C:\DOCUME~1\Folke\LOKALA~1\Temp\WERcabe.dir00\sysdata.xml

och MBR loggen är tom.

prövar en gång till

 

provat en gång till, programmet verkar bara stänga av min dator

 

och det som står i mbr.log är:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

[putifar]

brukar bara göra "snabbscan" i mbam, ska jag göra en "full scan" ?

 

gör detta nu under disk C:

Inga illasinnade poster hittades.

 

Jag skulle kunna avinstallera AVG och köra combofix, jag har installfilen kvar efter jag installerade det.

Vägledning behövs

 

Vill ha gamla bettan fungerande igen!

[Cecilia]

Om en snabbskanning inte hittar något är det inte särskilt sannolikt att en fullständig skanning hittar något väsentligt. Har du kört MBAM förut i veckan och har programmet i så fall hittat något då? Du hittar gamla loggar på fliken Loggar i programmet.

 

Återkommer när jag har hunnit gå igenom OTL-loggen.

[putifar]

Sist MBAM hittade något var 20 oktober 2010

Infekterade registerdataposter:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Opera har kanske stängt ner någon gång ibland de senaste veckorna men aldrig hängt sig så som det gör nu

[Cecilia]

Kom du ihåg att uppdatera MBAM innan du sökte igenom förut idag?

 

Äldre loggar hittar jag i betalvarianten av AVG så här:

Menyvalet: History - Scan results

Kolla kolumnerna till höger för om något har hittats.

Markera ett resultat och klicka på "View details".

Klicka på texten "Export overview to file...".

 

Det här är standard Windows-filer som inte bara borde försvinna:

SRV - (srservice) -- C:\WINDOWS\System32\srsvc.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

Det är därför som jag undrar om något program, t ex AVG har tagit bort dem (de kan ju ha varit infekterade).

 

Ladda upp även C:\Documents and Settings\All Users\Application Data\doasosubrim.dat på virustotal-sidan.

[putifar]

Jag har inte haft AVG så länge, hade Avira Antivir innan och har inga loggar kvar, inget jag tänkte på att spara.

 

"Scan ""Whole computer scan"" completed."

"Warnings";"3";"3";"0"

"Folders selected for scanning:";"Whole computer scan"

"Scan started:";"den 9 januari 2011, 18:39:15"

"Scan finished:";"den 9 januari 2011, 19:07:33 (28 minute(s) 17 second(s))"

"Total object scanned:";"712205"

"User who launched the scan:";"Folke"

 

"Warnings"

"";"File";"Infection";"Result"

"";"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hardcore";"Found Dialer.Generic";"Moved to Virus Vault"

"";"C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Opera\Opera\temporary_downloads\SoftonicDownloader_for_directx.exe";"Corrupted executable file";"Moved to Virus Vault"

"";"C:\Documents and Settings\Folke\Lokala inställningar\Application Data\Opera\Opera\temporary_downloads\dxwebsetup.exe";"Corrupted executable file";"Moved to Virus Vault"

 

 

Virustotal

Här har vi något, ser ut som en häst

[Cecilia]

Jag tror att din dator har varit infekterad sedan i maj. Jag grundar det på i maj skapades det en C:\autorun.inf, vilket är ett tecken på en infektion som sprids via USB-minnen, externa hårddiskar och liknande. Även på F: finns en sådan fil. Vad är F:?

Samma dag skapas de två doasosubrim-filerna.

 

O32 - AutoRun File - [2010-05-04 01:26:49 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010-05-04 01:26:49 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]

c:\docume~1\alluse~1\applic~1\doasosubrim.tmp - File found and opened.

Created at 17:20 on 04/05/2010

c:\docume~1\alluse~1\applic~1\doasosubrim.dat - File found and opened.

Created at 17:20 on 04/05/2010

 

Denna långa tid i kombination med att väsentliga Windows-filer verkar saknas och att det enligt mbr-loggen är en djupt liggande och besvärlig rootkit-infektion gör att jag rekommenderar en ominstallation av Windows.

 

Vet du hur du installerar om Windows?

[putifar]

ojoj, Jag har gjort det men kan inte säga att jag kan, Det blir jobbigt eftersom jag inte har någon fungerande cdläsare.

F: är där jag har min musik, filmer, program spel etc.

genom att ominstallera försvinner allt detta?

 

C: och F: är samma hårddisk, partition eller vad det heter, Windows och några program ligger på C:

 

finns det inte någon "repair" funktion?

[Cecilia]

F: rörs inte av en ominstallation, men om du har installerat program på F: behöver de oftast installeras om ändå eftersom ett program vid installationen lägger in information i registret och det ligger på C:. Om du har installationsfiler liggande på C:, t ex till AVG, så flytta över dem till F:. Likaså sånt som ligger på Skrivbordet och du vill ha kvar. Favoriterna i Internet Explorer finns normalt också på C: (C:\Documents and Settings\Folke\Favoriter). Hur det är med bokmärken och inställningar i Opera vet jag inte, men kolla om det finns några export-funktioner i Opera.

 

Det är väl en dator från Fujitsu Siemens du har. Kom den med XP från början?

Det ser ut som att XP installerades oktober 2009.

 

Kan du ta bort filerna C:\autorun.inf och F:\autorun.inf?

Den är markerad som både dold fil och systemfil så du behöver göra följande för att se den:

I Den här datorn/Utforskaren:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

[putifar]

jag har även en extern hårddisk från stenåldern där jag har tillfälliga grejer, där ligger också autorun.inf

Filen har samma ikon som en mapp och när jag går in i den så är det en fil som heter

lpt3.This folder was created by Flash_Disinfector

 

 

när jag försöker ta bort filen kommer det upp: Fel vid borttagning av fil/mapp

Det går inte att ta bort lpt3.This folder was created by Flash Disinfectorr inte att hita filen

Kontrollera att du angett rätt sökväg och filnamn

 

jag har en såndär simens ja, och produktnyckeln står på chassit

[putifar]

hittade en tråd om autorun.inf

 

autorun.inf -removal

 

fanns visst ganska många

[Cecilia]

Okej, i så fall är inte autorun.inf något skadligt utan ett skydd som Flash Disinfector har lagt in för att hårddisken inte ska bli smittad av en sådan mask som sprids via autorun-filer.

[putifar]

Fujitsu Siemens scaleo, Hur ominstallerar jag utan någon Cd-läsare?

 

Kvarstår problemen efter en ominstallation?

 

Och är det bara at kopiera mapparna från C:\program till F:\program

[Cecilia]

För att hitta en manual måste man ha datormodellen eller serienumret.

http://se.fujitsu.com/support/manuals.html

Till höger finns länkar för att hitta serienumret.

 

Detta då under förutsättningen att datorn kom installerad med XP.

[putifar]

skrev in mitt serienummer på sidan, laddade hem en manual, och det står att den hade förinstallrat operativsystem

 

Orginalhårddisken gick sönder. kanske inte spelar någon roll, den hårddisken jag har nu kom iallafall inte med datorn.

Jag köpte datorn av en vän, men under omständigheterna att jag köpte en hårddisk till datorn, minns ej hur han installerade windows på den, för jag ville ha den fungerande och är inte superhaj på hur såntdär fungerar. jag hoppas inte detta kommer vara ett problem för ominstallationen

[Cecilia]

Det är ju bra om du kan ta kontakt med vännen som installerade Windows åt dig och höra dig för.

 

Då får du kolla om det finns en återställningspartition på det här viset:

Högerklick på Den här datorn - Hantera - Diskhantering

 

Se till att rutan/fönstret med diskhantering är aktivt/överst, tryck på Alt+PrntScreen

Starta Paint

Redigera - Klistra in

Arkiv - Spara som

Välj png eller jpg som filformat, ange t ex Skrivbordet och skriv in ett filnamn och spara.

Skriv ett svar här genom att använda knappen Skriv nytt inlägg i tråden och under rubriken Bilagor hittar du en knapp för att bläddra fram bilden du sparade och därefter trycker du på Bifoga denna fil.

[putifar]

[putifar]

kunde inte bifoga

[putifar]

eftersom hårddisken var helt tom när vi satte in den fanns det ju ingen förinstallationspartiton med, så vi installerade nog via cdskiva. Tror jag

[Cecilia]

Tyvärr ingen återställningspartition.

 

Några guider och liknande som handlar om att installera XP genom att lägga installationsprogrammet på ett USB-minne, måste förstås göras på en dator med en CD/DVD-läsare (om du inte kan låna en CD/DVD-läsare till denna dator av någon):

http://www.sweclockers.com/artikel/6015-installera-windows-xp-med-ett-usb-minne/1

http://wintoflash.com/home/en/

http://www.msfn.org/board/topic/120444-how-to-install-windows-from-usb-winsetupfromusb-with-gui/

[putifar]

Alltså jag har en cdläsare, men den förstår inte att det är en cdskiva i, det kanske kan va fel på drivrutiner eller något?

[Cecilia]

Kolla hur det ser ut i Enhetshanteraran:

Högerklick på Den här datorn - Hantera

Några utrops- eller frågetecken?

 

Fungerar DVD-skivor?

[putifar]

DVD skivor fungerade

 

inga utropstäcken

[Cecilia]

Det är delvis olika delar i en CD- och DVD-läsare som används för de två typerna, bland annat kan det vara olika linser. Om det beror på linsen kan en rengöringsskiva hjälpa, typ http://www.webhallen.com/hardvara/84025-deltaco_dvd_linsrengoring Brukar finnas i många datorbutiker. En ny läsare kostar från 185 kronor på Webhallen, gäller förstås att det är rätt anslutningstyp, http://www.webhallen.com/hardvara/datorkomponenter/cd_och_dvd-enheter/dvdr_intern/pris

[putifar]

Några guider och liknande som handlar om att installera XP genom att lägga installationsprogrammet på ett USB-minne, måste förstås göras på en dator med en CD/DVD-läsare (om du inte kan låna en CD/DVD-läsare till denna dator av någon):

 

 

Att installera om sin dator klarar nog de flesta på SweClockers av. Det enda som behövs är en cd-skiva med det önskade operativsystemet samt en optisk enhet. Men om nu datorn saknar en optisk enhet, som faktiskt är fallet hos många bärbara datorer, hur gör man då? Jo, man använder ett USB-minne!