Just nu i M3-nätverket
Jump to content

Rensa datorn, virus?


Smockan

Recommended Posts

Hej!

Jag känner att jag har gormat så mycket med datorn på sista tiden (ej så kunnig). Vill rensa ur den på onödiga program och minimera antal startprogram så mycket det går. Har lagt ned timmar sista månaden, men lärt mig att jag nog inte skall göra saker utan att veta vad man sysslar med. Jag skall även installera Norton 360 Antivirus och vill veta hur man avinstallerar Norman? Tacksam för hjälp.

/Daniel

 

Här kommer DDS:

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Daniel at 9:11:56,10 on 2011-02-20

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_23

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.2046.924 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Norman\Npm\bin\ELOGSVC.EXE

C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Norman\npm\bin\nvoy.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\FSC\Wireless Wheel Mouse\Mouse32A.exe

C:\Program Files\Norman\Npm\Bin\Zlh.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Norman\Npm\Bin\scheduler.exe

C:\Program Files\Norman\Npm\Bin\Njeeves.exe

C:\Program Files\Norman\nse\bin\NSESVC.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Norman\Nvc\bin\nvcoas.exe

C:\Program Files\Norman\Nvc\Bin\Nip.exe

C:\Program Files\Norman\Nvc\Bin\cclaw.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Daniel\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uURLSearchHooks: SearchHelper Class: {91c18ed5-5e1c-4ae5-a148-a861de8c8e16} - c:\program files\sgpsa\mtwb3sh.dll

BHO: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: vShare Toolbar: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LWBMOUSE] c:\program files\fsc\wireless wheel mouse\MOUSE32A.EXE

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

IE: &Search

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/11374/defaults/activex/ips/IPSUploader4.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://korthuset.seavus.com/ImageUploader4.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\injglxio.default\

FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df

FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll

FF - plugin: c:\users\daniel\appdata\roaming\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar

 

============= SERVICES / DRIVERS ===============

 

R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-21 25032]

R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2009-10-21 56136]

R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2009-10-16 24168]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv32mf.sys [2009-10-21 23392]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-2-8 217600]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-18 54632]

S3 nvcfsr;nvcfsr;c:\program files\norman\nvc\bin\Nvcfsr.sys [2009-10-21 9032]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-7 27192]

 

=============== Created Last 30 ================

 

2011-02-18 20:13:19 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1780652d-902c-4457-9169-6aa5b92f43d8}\mpengine.dll

2011-02-12 00:18:55 268800 ----a-w- c:\windows\system32\es.dll

2011-02-12 00:18:23 8704 ----a-w- c:\windows\system32\hcrstco.dll

2011-02-12 00:18:23 8704 ----a-w- c:\windows\system32\hccoin.dll

2011-02-12 00:18:23 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-02-12 00:18:23 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-02-12 00:18:23 224768 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-02-12 00:18:23 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-02-12 00:18:23 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-02-12 00:14:46 61440 ----a-w- c:\windows\system32\ntprint.exe

2011-02-12 00:14:46 220160 ----a-w- c:\windows\system32\ntprint.dll

2011-02-12 00:14:42 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2011-02-12 00:14:42 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll

2011-02-12 00:14:41 1984512 ----a-w- c:\windows\system32\authui.dll

2011-02-12 00:14:40 69632 ----a-w- c:\windows\system32\sendmail.dll

2011-02-12 00:14:39 8138240 ----a-w- c:\windows\system32\ssBranded.scr

2011-02-12 00:13:09 97800 ----a-w- c:\windows\system32\infocardapi.dll

2011-02-12 00:13:09 622080 ----a-w- c:\windows\system32\icardagt.exe

2011-02-12 00:13:09 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2011-02-12 00:13:09 11264 ----a-w- c:\windows\system32\icardres.dll

2011-02-12 00:13:07 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2011-02-12 00:13:06 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2011-02-12 00:13:06 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-02-12 00:13:06 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2011-02-11 23:59:54 96760 ----a-w- c:\windows\system32\dfshim.dll

2011-02-11 23:59:54 41984 ----a-w- c:\windows\system32\netfxperf.dll

2011-02-11 23:59:53 282112 ----a-w- c:\windows\system32\mscoree.dll

2011-02-11 23:59:53 158720 ----a-w- c:\windows\system32\mscorier.dll

2011-02-11 23:59:52 83968 ----a-w- c:\windows\system32\mscories.dll

2011-02-10 21:12:43 156672 ----a-w- c:\windows\system32\t2embed.dll

2011-02-10 21:12:42 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-02-10 21:12:42 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-10 21:12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2011-02-10 21:12:42 24064 ----a-w- c:\windows\system32\lpk.dll

2011-02-10 21:12:42 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-02-10 21:09:21 61440 ----a-w- c:\windows\system32\winipsec.dll

2011-02-10 21:09:21 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2011-02-10 21:09:21 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2011-02-10 21:09:21 272896 ----a-w- c:\windows\system32\polstore.dll

2011-02-10 21:08:23 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-10 21:08:23 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-10 21:07:25 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2011-02-10 21:07:25 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-02-10 21:07:25 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2011-02-10 21:06:25 87040 ----a-w- c:\windows\system32\msoert2.dll

2011-02-10 21:06:25 707072 ----a-w- c:\program files\common files\system\wab32.dll

2011-02-10 21:06:25 41984 ----a-w- c:\program files\windows mail\wabimp.dll

2011-02-10 21:06:25 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2011-02-10 21:06:25 205824 ----a-w- c:\windows\system32\msoeacct.dll

2011-02-10 21:06:25 1098752 ----a-w- c:\program files\common files\system\wab32res.dll

2011-02-10 21:06:24 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll

2011-02-10 21:06:24 1614848 ----a-w- c:\program files\windows mail\msoe.dll

2011-02-10 21:06:21 397312 ----a-w- c:\program files\windows mail\WinMail.exe

2011-02-10 21:06:21 24064 ----a-w- c:\program files\common files\system\DirectDB.dll

2011-02-10 21:06:20 81408 ----a-w- c:\program files\windows mail\oeimport.dll

2011-02-10 21:05:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-02-10 21:05:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-02-10 21:05:21 15360 ----a-w- c:\windows\system32\netevent.dll

2011-02-10 21:05:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-02-10 21:05:21 103936 ----a-w- c:\windows\system32\netiohlp.dll

2011-02-10 21:05:20 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-02-10 21:05:20 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-02-10 21:05:20 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-02-10 21:05:20 10240 ----a-w- c:\windows\system32\finger.exe

2011-02-10 21:04:09 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2011-02-10 21:04:08 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2011-02-10 21:04:07 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2011-02-10 21:04:07 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2011-02-10 21:04:05 542720 ----a-w- c:\windows\system32\sysmain.dll

2011-02-10 21:03:07 194560 ----a-w- c:\windows\system32\WebClnt.dll

2011-02-10 21:03:07 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2011-02-10 21:02:13 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2011-02-10 21:02:12 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2011-02-10 21:02:12 502272 ----a-w- c:\windows\system32\wlansvc.dll

2011-02-10 21:02:12 47104 ----a-w- c:\windows\system32\wlanapi.dll

2011-02-10 21:02:12 297984 ----a-w- c:\windows\system32\wlansec.dll

2011-02-10 21:02:12 290816 ----a-w- c:\windows\system32\wlanmsm.dll

2011-02-10 21:01:10 2048 ----a-w- c:\windows\system32\msxml6r.dll

2011-02-10 21:01:10 2048 ----a-w- c:\windows\system32\msxml3r.dll

2011-02-10 21:01:10 1406464 ----a-w- c:\windows\system32\msxml6.dll

2011-02-10 21:01:10 1260032 ----a-w- c:\windows\system32\msxml3.dll

2011-02-10 21:00:08 216576 ----a-w- c:\windows\system32\msv1_0.dll

2011-02-10 20:58:43 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-10 20:58:43 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-10 20:58:43 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-10 20:57:47 49664 ----a-w- c:\windows\system32\csrsrv.dll

2011-02-10 20:57:47 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-02-10 20:56:53 98816 ----a-w- c:\windows\system32\mfps.dll

2011-02-10 20:56:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe

2011-02-10 20:56:53 2855424 ----a-w- c:\windows\system32\mf.dll

2011-02-10 20:56:53 2048 ----a-w- c:\windows\system32\mferror.dll

2011-02-10 20:56:52 24576 ----a-w- c:\windows\system32\mfpmp.exe

2011-02-10 20:55:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-02-10 20:55:51 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-10 20:52:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-02-10 20:51:12 71680 ----a-w- c:\windows\system32\atl.dll

2011-02-10 20:49:28 297472 ----a-w- c:\windows\system32\gdi32.dll

2011-02-10 20:48:35 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

2011-02-10 20:48:35 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-02-10 20:46:37 500736 ----a-w- c:\windows\system32\msdtcprx.dll

2011-02-10 20:46:37 30208 ----a-w- c:\windows\system32\xolehlp.dll

2011-02-10 20:45:40 156160 ----a-w- c:\windows\system32\wkssvc.dll

2011-02-10 20:44:47 36352 ----a-w- c:\windows\system32\tsgqec.dll

2011-02-10 20:44:47 1871872 ----a-w- c:\windows\system32\mstscax.dll

2011-02-10 20:44:47 116736 ----a-w- c:\windows\system32\aaclient.dll

2011-02-10 20:43:49 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2011-02-10 20:42:04 414208 ----a-w- c:\windows\system32\msscp.dll

2011-02-10 20:41:14 713728 ----a-w- c:\windows\system32\timedate.cpl

2011-02-10 20:40:17 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll

2011-02-10 20:39:24 86016 ----a-w- c:\windows\system32\icfupgd.dll

2011-02-10 20:39:24 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2011-02-10 20:39:24 396800 ----a-w- c:\windows\system32\MPSSVC.dll

2011-02-10 20:39:24 392192 ----a-w- c:\windows\system32\FirewallAPI.dll

2011-02-10 20:39:24 16896 ----a-w- c:\windows\system32\wfapigp.dll

2011-02-10 20:39:23 61952 ----a-w- c:\windows\system32\cmifw.dll

2011-02-10 20:37:42 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll

2011-02-10 20:37:42 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll

2011-02-10 20:37:42 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2011-02-10 20:37:42 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2011-02-10 20:35:50 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2011-02-10 20:35:50 1244672 ----a-w- c:\windows\system32\mcmde.dll

2011-02-10 20:35:49 80896 ----a-w- c:\windows\system32\MSNP.ax

2011-02-10 20:35:49 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-02-10 20:35:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-02-10 20:35:49 428032 ----a-w- c:\windows\system32\EncDec.dll

2011-02-10 20:35:49 292352 ----a-w- c:\windows\system32\psisdecd.dll

2011-02-10 20:35:49 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-02-10 20:33:28 2048 ----a-w- c:\windows\system32\tzres.dll

2011-02-10 20:32:36 696832 ----a-w- c:\windows\system32\localspl.dll

2011-02-10 20:31:51 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys

2011-02-10 20:31:51 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

2011-02-10 20:31:51 15928 ----a-w- c:\windows\system32\drivers\pciide.sys

2011-02-10 20:31:51 109624 ----a-w- c:\windows\system32\drivers\ataport.sys

2011-02-10 20:31:50 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-02-10 20:31:50 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys

2011-02-10 20:31:07 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2011-02-10 20:30:25 2923520 ----a-w- c:\windows\explorer.exe

2011-02-10 20:28:55 171520 ----a-w- c:\windows\system32\wintrust.dll

2011-02-10 20:28:09 7680 ----a-w- c:\windows\system32\lsass.exe

2011-02-10 20:28:09 72704 ----a-w- c:\windows\system32\secur32.dll

2011-02-10 20:28:09 494592 ----a-w- c:\windows\system32\kerberos.dll

2011-02-10 20:28:09 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-02-10 20:28:09 175104 ----a-w- c:\windows\system32\wdigest.dll

2011-02-10 20:28:09 1233920 ----a-w- c:\windows\system32\lsasrv.dll

2011-02-10 20:28:08 272384 ----a-w- c:\windows\system32\schannel.dll

2011-02-10 20:27:20 24064 ----a-w- c:\windows\system32\netcfg.exe

2011-02-10 20:24:07 549888 ----a-w- c:\windows\system32\rpcss.dll

2011-02-10 20:24:07 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-02-10 20:24:06 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-02-10 20:24:06 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-02-10 20:24:06 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2011-02-10 20:24:06 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

2011-02-10 20:24:06 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2011-02-10 20:24:05 97280 ----a-w- c:\windows\system32\iasrecst.dll

2011-02-10 20:24:05 53248 ----a-w- c:\windows\system32\iasads.dll

2011-02-10 20:24:05 37888 ----a-w- c:\windows\system32\iasdatastore.dll

2011-02-10 20:24:05 158720 ----a-w- c:\windows\system32\sdohlp.dll

2011-02-10 20:23:19 62464 ----a-w- c:\windows\system32\l3codeca.acm

2011-02-10 20:23:19 220672 ----a-w- c:\windows\system32\l3codecp.acm

2011-02-10 20:21:57 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-02-10 20:21:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2011-02-10 20:21:57 22016 ----a-w- c:\windows\system32\netiougc.exe

2011-02-10 20:21:57 213592 ----a-w- c:\windows\system32\drivers\netio.sys

2011-02-10 20:21:57 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2011-02-10 20:21:57 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2011-02-10 20:21:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2011-02-10 20:20:35 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2011-02-10 20:19:54 9728 ----a-w- c:\windows\system32\LAPRXY.DLL

2011-02-10 20:19:54 223232 ----a-w- c:\windows\system32\WMASF.DLL

2011-02-10 20:19:54 2048 ----a-w- c:\windows\system32\asferror.dll

2011-02-10 20:19:16 293376 ----a-w- c:\windows\system32\browserchoice.exe

2011-02-10 20:18:31 25600 ----a-w- c:\windows\system32\amxread.dll

2011-02-10 20:18:31 14848 ----a-w- c:\windows\system32\apilogen.dll

2011-02-10 20:17:48 268288 ----a-w- c:\windows\system32\mcbuilder.exe

2011-02-10 20:17:48 223232 ----a-w- c:\windows\system32\SLC.dll

2011-02-10 20:17:47 57856 ----a-w- c:\windows\system32\SLUINotify.dll

2011-02-10 20:17:47 566784 ----a-w- c:\windows\system32\SLCommDlg.dll

2011-02-10 20:17:47 351232 ----a-w- c:\windows\system32\SLUI.exe

2011-02-10 20:17:47 33280 ----a-w- c:\windows\system32\slwmi.dll

2011-02-10 20:17:47 186368 ----a-w- c:\windows\system32\SLLUA.exe

2011-02-10 20:17:46 39936 ----a-w- c:\windows\system32\slcinst.dll

2011-02-10 20:17:46 2605568 ----a-w- c:\windows\system32\SLsvc.exe

2011-02-10 20:17:00 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-02-10 20:16:59 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-02-10 20:16:59 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-02-10 20:16:15 97792 ----a-w- c:\windows\system32\cabview.dll

2011-02-10 20:15:36 441856 ----a-w- c:\windows\system32\win32spl.dll

2011-02-10 20:15:36 37376 ----a-w- c:\windows\system32\printcom.dll

2011-02-10 20:14:58 2031104 ----a-w- c:\windows\system32\win32k.sys

2011-02-10 20:13:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2011-02-10 20:13:42 14848 ----a-w- c:\windows\system32\wshrm.dll

2011-02-10 20:13:00 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-02-10 20:13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2011-02-10 20:13:00 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-02-10 20:12:05 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-02-10 20:12:05 515584 ----a-w- c:\windows\system32\RMActivate.exe

2011-02-10 20:12:05 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2011-02-10 20:12:05 472576 ----a-w- c:\windows\system32\secproc.dll

2011-02-10 20:12:05 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-02-10 20:12:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2011-02-10 20:12:05 312320 ----a-w- c:\windows\system32\msdrm.dll

2011-02-10 20:12:05 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-02-10 20:12:05 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-02-10 20:11:24 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll

2011-02-10 20:11:24 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe

2011-02-10 20:11:24 11776 ----a-w- c:\windows\system32\sbunattend.exe

2011-02-10 20:10:09 83968 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-10 20:10:09 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-02-10 20:09:35 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2011-02-10 20:07:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-02-10 20:07:46 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-02-10 20:07:46 1686528 ----a-w- c:\windows\system32\gameux.dll

2011-02-10 20:06:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2011-02-10 20:06:59 94720 ----a-w- c:\windows\system32\logagent.exe

2011-02-10 20:05:45 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-02-10 20:05:12 84480 ----a-w- c:\windows\system32\INETRES.dll

2011-02-10 20:05:12 737792 ----a-w- c:\windows\system32\inetcomm.dll

2011-02-10 20:04:37 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-02-10 20:04:03 1645568 ----a-w- c:\windows\system32\connect.dll

2011-02-10 20:03:26 5120 ----a-w- c:\windows\system32\wmi.dll

2011-02-10 20:03:26 152576 ----a-w- c:\windows\system32\imagehlp.dll

2011-02-10 20:03:26 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2011-02-10 20:02:54 788992 ----a-w- c:\windows\system32\rpcrt4.dll

2011-02-10 20:02:11 396800 ----a-w- c:\windows\system32\drivers\http.sys

2011-02-10 20:02:11 31232 ----a-w- c:\windows\system32\httpapi.dll

2011-02-10 20:02:11 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-02-10 20:00:56 130048 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-10 20:00:19 974336 ----a-w- c:\windows\system32\crypt32.dll

2011-02-10 19:59:44 274432 ----a-w- c:\windows\system32\raschap.dll

2011-02-10 19:59:44 232960 ----a-w- c:\windows\system32\rastls.dll

2011-02-10 19:59:07 321536 ----a-w- c:\windows\system32\WSDApi.dll

2011-02-10 19:57:55 633856 ----a-w- c:\windows\system32\user32.dll

2011-02-10 19:56:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2011-02-10 19:56:03 22528 ----a-w- c:\windows\system32\msyuv.dll

2011-02-10 19:56:03 1327616 ----a-w- c:\windows\system32\quartz.dll

2011-02-10 19:56:03 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2011-02-10 19:56:02 88576 ----a-w- c:\windows\system32\avifil32.dll

2011-02-10 19:56:02 82944 ----a-w- c:\windows\system32\mciavi32.dll

2011-02-10 19:56:02 65024 ----a-w- c:\windows\system32\avicap32.dll

2011-02-10 19:56:02 31232 ----a-w- c:\windows\system32\msvidc32.dll

2011-02-10 19:56:02 13312 ----a-w- c:\windows\system32\msrle32.dll

2011-02-10 19:56:02 123904 ----a-w- c:\windows\system32\msvfw32.dll

2011-02-10 19:55:22 750080 ----a-w- c:\windows\system32\qmgr.dll

2011-02-10 19:54:47 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-02-10 19:54:09 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2011-02-10 19:54:07 7680 ----a-w- c:\windows\system32\spwmp.dll

2011-02-10 19:54:07 4096 ----a-w- c:\windows\system32\dxmasf.dll

2011-02-10 19:54:07 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2011-02-10 19:54:07 107520 ----a-w- c:\program files\windows media player\wmpshare.exe

2011-02-10 19:54:06 4096 ----a-w- c:\windows\system32\msdxm.ocx

2011-02-10 19:54:06 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe

2011-02-10 19:54:04 311296 ----a-w- c:\windows\system32\unregmp2.exe

2011-02-10 19:54:04 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe

2011-02-10 15:44:37 2421760 ----a-w- c:\windows\system32\wucltux.dll

2011-02-10 15:43:43 87552 ----a-w- c:\windows\system32\wudriver.dll

2011-02-10 15:43:23 33792 ----a-w- c:\windows\system32\wuapp.exe

2011-02-10 15:43:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2011-02-08 21:01:18 -------- d-----w- c:\windows\PCHEALTH

2011-02-08 08:15:17 516784 ----a-r- c:\windows\system32\XceedCry.dll

2011-02-08 08:10:25 -------- d-sh--we c:\program files\Delade filer

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Start-meny

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Skrivbord

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Mallar

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Favoriter

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Dokument

2011-02-08 07:34:51 353280 ----a-w- c:\windows\system32\idecoiins.dll

2011-02-08 07:34:51 353280 ----a-w- c:\windows\system32\idecoi.dll

2011-02-08 07:34:51 217600 ----a-w- c:\windows\system32\drivers\sis163u.sys

2011-02-08 07:34:51 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys

2011-02-08 07:33:59 -------- d-----w- c:\windows\system32\OEM

2011-02-08 07:33:58 -------- d-----w- c:\windows\PANTHER

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\wbem\sv-SE

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\sv

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\drivers\umdf\sv-SE

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\drivers\sv-SE

2011-02-08 07:33:01 -------- d-----w- c:\windows\sv-SE

2011-02-08 07:32:24 40960 ----a-w- c:\program files\common files\microsoft shared\ink\sv\Microsoft.Ink.Resources.dll

2011-02-08 07:32:15 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sv-se\LMPRTPRC.DLL.mui

2011-02-08 07:16:15 -------- d--h--w- C:\$WINDOWS.~Q

2011-02-08 07:09:32 -------- d--h--w- C:\$INPLACE.~TR

2011-02-07 22:51:19 -------- d-----w- c:\windows\system32\URTTEMP

2011-02-07 22:51:11 -------- d-sh--w- c:\windows\Installer

2011-02-07 22:46:48 0 ----a-w- c:\windows\ativpsrm.bin

2011-02-07 22:46:31 -------- d-----w- c:\windows\system32\RTCOM

2011-02-07 18:15:20 -------- d-----w- c:\progra~2\MFAData

2011-02-07 17:21:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-02-07 17:21:32 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2011-02-07 17:12:30 -------- d-----w- c:\users\daniel\appdata\local\VS Revo Group

2011-02-07 17:12:26 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-02-07 17:12:25 -------- d-----w- c:\program files\VS Revo Group

2011-02-07 14:05:05 -------- d-----w- c:\users\daniel\appdata\local\PackageAware

2011-02-07 13:14:11 -------- d-----w- c:\program files\ThreatExpert Memory Scanner

2011-02-04 18:39:17 -------- d-----w- c:\program files\MSECache

2011-01-30 13:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-01-30 13:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-01-21 18:32:36 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-01-21 18:29:00 83806056 ----a-w- c:\program files\common files\windows live\.cache\wlcF49D.tmp

 

==================== Find3M ====================

 

2011-02-12 00:17:58 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll

2011-02-10 21:11:13 72704 ----a-w- c:\windows\system32\admparse.dll

2011-02-10 21:11:12 832512 ----a-w- c:\windows\system32\wininet.dll

2011-02-10 21:11:12 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2011-02-10 21:11:09 389120 ----a-w- c:\windows\system32\html.iec

2011-02-10 21:11:08 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-02-10 21:11:08 48128 ----a-w- c:\windows\system32\mshtmler.dll

2011-02-10 21:11:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-10 21:11:06 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-10 21:11:04 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2011-02-10 21:11:02 56320 ----a-w- c:\windows\system32\iesetup.dll

2011-02-10 20:18:31 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2011-02-10 20:07:47 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2011-02-10 20:07:47 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-02-10 20:07:46 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-02-10 20:07:46 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-02-10 20:07:46 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6000 Disk: ST325082 rev.3.AA -> Harddisk0\DR0 -> \Device\0000004e

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys ndis.sys nvmfdx32.sys

c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce SATA Driver

c:\windows\system32\drivers\nvmfdx32.sys NVIDIA Corporation nvmfdx32

1 ntkrnlpa!IofCallDriver[0x81C27F3B] -> \Device\Harddisk0\DR0[0x856E2270]

3 nt[0x81CB07E2] -> ntkrnlpa!IofCallDriver[0x81C27F3B] -> [0x83E63F18]

5 acpi[0x8023232A] -> ntkrnlpa!IofCallDriver[0x81C27F3B] -> \Device\0000004c[0x8480FCA0]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

 

============= FINISH: 9:23:44,74 ===============

 

 

Attach.txt

Link to comment
Share on other sites

Vad har du för problem med datorn?

Om du har rört till för mycket kan det vara bäst att installera om Windows.

 

Avinstallera, med alla webbläsare avstängda:

vShare Plugin Orsak: http://www.systemlookup.com/CLSID/71837-vshare_toolbar_dll.html

Java™ 6 Update 2 Gamla versioner med säkerhetshål

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 6

Java™ 6 Update 7

 

Starta MBAM (Malwarebytes' Anti-Malware), välj att uppdatera programmet och gör sedan en snabbskanning. Klistra in loggen i ditt svar.

 

Stäng av så mycket program som möjligt och kör DDS. Klistra in DDS.txt också.

Link to comment
Share on other sites

Hej! jag provade att avinstallera Norman, gjorde allt som stod, men norman är ännu kvar. I språkfältet, på ikonen Norman, står "The resource provider is not running". jag har även installerat in Norton nu, utan problem.

 

Mina problem över lag är: Jag tycker att datorn blivit långsam överlag, antal processer som körs är 69 just nu. Började för några månader sedan att prova rensa bort dem som inte behövdes, men det blev bara sämre. Till slut fick jag installera om Windows bla. Ett program som gäckat mig är fast browser search, testat att avinstallera det, utan att lyckas. Lagt ned x antal timmar att söka på nätet och det står att det är svårt att bli av med.

Men allmänt tycker jag att jag skulle vilja bli av med program som jag inte behöver, bra tips på sida som förklarar vad allting är, så att ajg vet vad jag kan avinstallera, utan att förstöra.

 

Tack för att ni tar er tid :), hoppas ni kan hjälpa mig. Skall göra som du sagt.

Link to comment
Share on other sites

Jag har kört MBAM, hittade två infekterade, dem är borta. Körde DDS igen:

 

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Daniel at 12:29:15,81 on 2011-02-20

Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 1.6.0_23

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.2046.343 [GMT 1:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Norman\Ngs\Bin\Nprosec.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\FSC\Wireless Wheel Mouse\Mouse32A.exe

C:\Program Files\Norman\Npm\Bin\Zlh.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Norman\Npm\Bin\scheduler.exe

C:\Program Files\Norman\Npm\Bin\Njeeves.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe

C:\Program Files\Norman\nse\bin\NSESVC.EXE

C:\Windows\system32\DllHost.exe

C:\Program Files\Norman\Nvc\bin\nvcoas.exe

C:\Program Files\Norman\Nvc\Bin\Nip.exe

C:\Program Files\Norman\Nvc\Bin\cclaw.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Daniel\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uURLSearchHooks: SearchHelper Class: {91c18ed5-5e1c-4ae5-a148-a861de8c8e16} - c:\program files\sgpsa\mtwb3sh.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.1.0.32\IPSBHO.DLL

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll

TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"

mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"

mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [LWBMOUSE] c:\program files\fsc\wireless wheel mouse\MOUSE32A.EXE

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [Norman ZANDA] "c:\program files\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

IE: &Search

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujidirekt.se/aurigma/ImageUploader5.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/11374/defaults/activex/ips/IPSUploader4.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldsv-se.cab

DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://korthuset.seavus.com/ImageUploader4.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\injglxio.default\

FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df

FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\personal\bin\np_prsnl.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll

FF - plugin: c:\users\daniel\appdata\roaming\zylom\zylomgamesplayer\npzylomgamesplayer.dll

 

============= SERVICES / DRIVERS ===============

 

R?2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys [2011-2-20 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys [2011-2-20 172592]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100211.001\bhdrvx86.sys [2011-2-20 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2011-2-20 501888]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20091105.001\IDSVix86.sys [2011-2-20 343088]

R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-21 25032]

R1 NPROSEC;Norman Security driver;c:\program files\norman\ngs\bin\nprosec.sys [2009-10-21 56136]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\ironx86.sys [2011-2-20 116784]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0401000.020\symtdiv.sys [2011-2-20 340016]

R2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2009-10-16 24168]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-2-20 102448]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-19 36608]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv32mf.sys [2009-10-21 23392]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2011-2-8 217600]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-9-18 54632]

S3 nvcfsr;nvcfsr;c:\program files\norman\nvc\bin\Nvcfsr.sys [2009-10-21 9032]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-2-7 27192]

 

=============== Created Last 30 ================

 

2011-02-20 09:53:15 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-02-20 09:53:15 107368 ----a-r- c:\windows\system32\GEARAspi.dll

2011-02-20 09:53:11 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-02-20 09:52:55 -------- d-----w- c:\program files\Symantec

2011-02-20 09:52:45 43696 ----a-w- c:\windows\system32\drivers\n360\0401000.020\srtspx.sys

2011-02-20 09:52:45 340016 ----a-r- c:\windows\system32\drivers\n360\0401000.020\symtdiv.sys

2011-02-20 09:52:45 328752 ----a-r- c:\windows\system32\drivers\n360\0401000.020\symds.sys

2011-02-20 09:52:45 172592 ----a-r- c:\windows\system32\drivers\n360\0401000.020\symefa.sys

2011-02-20 09:52:44 501888 ----a-w- c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys

2011-02-20 09:52:44 325680 ----a-w- c:\windows\system32\drivers\n360\0401000.020\srtsp.sys

2011-02-20 09:52:44 116784 ----a-w- c:\windows\system32\drivers\n360\0401000.020\ironx86.sys

2011-02-20 09:51:12 -------- d-----w- c:\windows\system32\drivers\n360\0401000.020

2011-02-20 09:50:40 -------- d-----w- c:\windows\system32\drivers\N360

2011-02-20 09:50:37 -------- d-----w- c:\program files\Norton 360

2011-02-20 09:49:28 -------- d-----w- c:\progra~2\Norton

2011-02-20 09:48:35 -------- d-----w- c:\program files\NortonInstaller

2011-02-20 09:48:35 -------- d-----w- c:\progra~2\NortonInstaller

2011-02-18 20:13:19 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1780652d-902c-4457-9169-6aa5b92f43d8}\mpengine.dll

2011-02-12 00:18:55 268800 ----a-w- c:\windows\system32\es.dll

2011-02-12 00:18:23 8704 ----a-w- c:\windows\system32\hcrstco.dll

2011-02-12 00:18:23 8704 ----a-w- c:\windows\system32\hccoin.dll

2011-02-12 00:18:23 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-02-12 00:18:23 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-02-12 00:18:23 224768 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-02-12 00:18:23 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-02-12 00:18:23 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-02-12 00:14:46 61440 ----a-w- c:\windows\system32\ntprint.exe

2011-02-12 00:14:46 220160 ----a-w- c:\windows\system32\ntprint.dll

2011-02-12 00:14:42 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2011-02-12 00:14:42 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll

2011-02-12 00:14:41 1984512 ----a-w- c:\windows\system32\authui.dll

2011-02-12 00:14:40 69632 ----a-w- c:\windows\system32\sendmail.dll

2011-02-12 00:14:39 8138240 ----a-w- c:\windows\system32\ssBranded.scr

2011-02-12 00:13:09 97800 ----a-w- c:\windows\system32\infocardapi.dll

2011-02-12 00:13:09 622080 ----a-w- c:\windows\system32\icardagt.exe

2011-02-12 00:13:09 37384 ----a-w- c:\windows\system32\infocardcpl.cpl

2011-02-12 00:13:09 11264 ----a-w- c:\windows\system32\icardres.dll

2011-02-12 00:13:07 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2011-02-12 00:13:06 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2011-02-12 00:13:06 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-02-12 00:13:06 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2011-02-11 23:59:54 96760 ----a-w- c:\windows\system32\dfshim.dll

2011-02-11 23:59:54 41984 ----a-w- c:\windows\system32\netfxperf.dll

2011-02-11 23:59:53 282112 ----a-w- c:\windows\system32\mscoree.dll

2011-02-11 23:59:53 158720 ----a-w- c:\windows\system32\mscorier.dll

2011-02-11 23:59:52 83968 ----a-w- c:\windows\system32\mscories.dll

2011-02-10 21:12:43 156672 ----a-w- c:\windows\system32\t2embed.dll

2011-02-10 21:12:42 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-02-10 21:12:42 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-10 21:12:42 289792 ----a-w- c:\windows\system32\atmfd.dll

2011-02-10 21:12:42 24064 ----a-w- c:\windows\system32\lpk.dll

2011-02-10 21:12:42 10240 ----a-w- c:\windows\system32\dciman32.dll

2011-02-10 21:09:21 61440 ----a-w- c:\windows\system32\winipsec.dll

2011-02-10 21:09:21 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2011-02-10 21:09:21 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2011-02-10 21:09:21 272896 ----a-w- c:\windows\system32\polstore.dll

2011-02-10 21:08:23 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-10 21:08:23 306688 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-10 21:07:25 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2011-02-10 21:07:25 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-02-10 21:07:25 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2011-02-10 21:06:25 87040 ----a-w- c:\windows\system32\msoert2.dll

2011-02-10 21:06:25 707072 ----a-w- c:\program files\common files\system\wab32.dll

2011-02-10 21:06:25 41984 ----a-w- c:\program files\windows mail\wabimp.dll

2011-02-10 21:06:25 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2011-02-10 21:06:25 205824 ----a-w- c:\windows\system32\msoeacct.dll

2011-02-10 21:06:25 1098752 ----a-w- c:\program files\common files\system\wab32res.dll

2011-02-10 21:06:24 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll

2011-02-10 21:06:24 1614848 ----a-w- c:\program files\windows mail\msoe.dll

2011-02-10 21:06:21 397312 ----a-w- c:\program files\windows mail\WinMail.exe

2011-02-10 21:06:21 24064 ----a-w- c:\program files\common files\system\DirectDB.dll

2011-02-10 21:06:20 81408 ----a-w- c:\program files\windows mail\oeimport.dll

2011-02-10 21:05:21 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2011-02-10 21:05:21 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2011-02-10 21:05:21 15360 ----a-w- c:\windows\system32\netevent.dll

2011-02-10 21:05:21 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2011-02-10 21:05:21 103936 ----a-w- c:\windows\system32\netiohlp.dll

2011-02-10 21:05:20 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2011-02-10 21:05:20 19968 ----a-w- c:\windows\system32\ARP.EXE

2011-02-10 21:05:20 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2011-02-10 21:05:20 10240 ----a-w- c:\windows\system32\finger.exe

2011-02-10 21:04:09 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr

2011-02-10 21:04:08 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll

2011-02-10 21:04:07 258232 ----a-w- c:\windows\system32\drivers\acpi.sys

2011-02-10 21:04:07 24064 ----a-w- c:\windows\system32\wtsapi32.dll

2011-02-10 21:04:05 542720 ----a-w- c:\windows\system32\sysmain.dll

2011-02-10 21:03:07 194560 ----a-w- c:\windows\system32\WebClnt.dll

2011-02-10 21:03:07 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2011-02-10 21:02:13 123904 ----a-w- c:\windows\system32\L2SecHC.dll

2011-02-10 21:02:12 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2011-02-10 21:02:12 502272 ----a-w- c:\windows\system32\wlansvc.dll

2011-02-10 21:02:12 47104 ----a-w- c:\windows\system32\wlanapi.dll

2011-02-10 21:02:12 297984 ----a-w- c:\windows\system32\wlansec.dll

2011-02-10 21:02:12 290816 ----a-w- c:\windows\system32\wlanmsm.dll

2011-02-10 21:01:10 2048 ----a-w- c:\windows\system32\msxml6r.dll

2011-02-10 21:01:10 2048 ----a-w- c:\windows\system32\msxml3r.dll

2011-02-10 21:01:10 1406464 ----a-w- c:\windows\system32\msxml6.dll

2011-02-10 21:01:10 1260032 ----a-w- c:\windows\system32\msxml3.dll

2011-02-10 21:00:08 216576 ----a-w- c:\windows\system32\msv1_0.dll

2011-02-10 20:58:43 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-10 20:58:43 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-10 20:58:43 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-10 20:57:47 49664 ----a-w- c:\windows\system32\csrsrv.dll

2011-02-10 20:57:47 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-02-10 20:56:53 98816 ----a-w- c:\windows\system32\mfps.dll

2011-02-10 20:56:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe

2011-02-10 20:56:53 2855424 ----a-w- c:\windows\system32\mf.dll

2011-02-10 20:56:53 2048 ----a-w- c:\windows\system32\mferror.dll

2011-02-10 20:56:52 24576 ----a-w- c:\windows\system32\mfpmp.exe

2011-02-10 20:55:51 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-02-10 20:55:51 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-10 20:52:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-02-10 20:51:12 71680 ----a-w- c:\windows\system32\atl.dll

2011-02-10 20:49:28 297472 ----a-w- c:\windows\system32\gdi32.dll

2011-02-10 20:48:35 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

2011-02-10 20:48:35 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys

2011-02-10 20:46:37 500736 ----a-w- c:\windows\system32\msdtcprx.dll

2011-02-10 20:46:37 30208 ----a-w- c:\windows\system32\xolehlp.dll

2011-02-10 20:45:40 156160 ----a-w- c:\windows\system32\wkssvc.dll

2011-02-10 20:44:47 36352 ----a-w- c:\windows\system32\tsgqec.dll

2011-02-10 20:44:47 1871872 ----a-w- c:\windows\system32\mstscax.dll

2011-02-10 20:44:47 116736 ----a-w- c:\windows\system32\aaclient.dll

2011-02-10 20:43:49 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2011-02-10 20:42:04 414208 ----a-w- c:\windows\system32\msscp.dll

2011-02-10 20:41:14 713728 ----a-w- c:\windows\system32\timedate.cpl

2011-02-10 20:40:17 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll

2011-02-10 20:39:24 86016 ----a-w- c:\windows\system32\icfupgd.dll

2011-02-10 20:39:24 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2011-02-10 20:39:24 396800 ----a-w- c:\windows\system32\MPSSVC.dll

2011-02-10 20:39:24 392192 ----a-w- c:\windows\system32\FirewallAPI.dll

2011-02-10 20:39:24 16896 ----a-w- c:\windows\system32\wfapigp.dll

2011-02-10 20:39:23 61952 ----a-w- c:\windows\system32\cmifw.dll

2011-02-10 20:37:42 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll

2011-02-10 20:37:42 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll

2011-02-10 20:37:42 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2011-02-10 20:37:42 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2011-02-10 20:35:50 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2011-02-10 20:35:50 1244672 ----a-w- c:\windows\system32\mcmde.dll

2011-02-10 20:35:49 80896 ----a-w- c:\windows\system32\MSNP.ax

2011-02-10 20:35:49 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-02-10 20:35:49 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-02-10 20:35:49 428032 ----a-w- c:\windows\system32\EncDec.dll

2011-02-10 20:35:49 292352 ----a-w- c:\windows\system32\psisdecd.dll

2011-02-10 20:35:49 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-02-10 20:33:28 2048 ----a-w- c:\windows\system32\tzres.dll

2011-02-10 20:32:36 696832 ----a-w- c:\windows\system32\localspl.dll

2011-02-10 20:31:51 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys

2011-02-10 20:31:51 21560 ----a-w- c:\windows\system32\drivers\atapi.sys

2011-02-10 20:31:51 15928 ----a-w- c:\windows\system32\drivers\pciide.sys

2011-02-10 20:31:51 109624 ----a-w- c:\windows\system32\drivers\ataport.sys

2011-02-10 20:31:50 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-02-10 20:31:50 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys

2011-02-10 20:31:07 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2011-02-10 20:30:25 2923520 ----a-w- c:\windows\explorer.exe

2011-02-10 20:28:55 171520 ----a-w- c:\windows\system32\wintrust.dll

2011-02-10 20:28:09 7680 ----a-w- c:\windows\system32\lsass.exe

2011-02-10 20:28:09 72704 ----a-w- c:\windows\system32\secur32.dll

2011-02-10 20:28:09 494592 ----a-w- c:\windows\system32\kerberos.dll

2011-02-10 20:28:09 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2011-02-10 20:28:09 175104 ----a-w- c:\windows\system32\wdigest.dll

2011-02-10 20:28:09 1233920 ----a-w- c:\windows\system32\lsasrv.dll

2011-02-10 20:28:08 272384 ----a-w- c:\windows\system32\schannel.dll

2011-02-10 20:27:20 24064 ----a-w- c:\windows\system32\netcfg.exe

2011-02-10 20:24:07 549888 ----a-w- c:\windows\system32\rpcss.dll

2011-02-10 20:24:07 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2011-02-10 20:24:06 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2011-02-10 20:24:06 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2011-02-10 20:24:06 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2011-02-10 20:24:06 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

2011-02-10 20:24:06 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2011-02-10 20:24:05 97280 ----a-w- c:\windows\system32\iasrecst.dll

2011-02-10 20:24:05 53248 ----a-w- c:\windows\system32\iasads.dll

2011-02-10 20:24:05 37888 ----a-w- c:\windows\system32\iasdatastore.dll

2011-02-10 20:24:05 158720 ----a-w- c:\windows\system32\sdohlp.dll

2011-02-10 20:23:19 62464 ----a-w- c:\windows\system32\l3codeca.acm

2011-02-10 20:23:19 220672 ----a-w- c:\windows\system32\l3codecp.acm

2011-02-10 20:21:57 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-02-10 20:21:57 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2011-02-10 20:21:57 22016 ----a-w- c:\windows\system32\netiougc.exe

2011-02-10 20:21:57 213592 ----a-w- c:\windows\system32\drivers\netio.sys

2011-02-10 20:21:57 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2011-02-10 20:21:57 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2011-02-10 20:21:57 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2011-02-10 20:20:35 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll

2011-02-10 20:19:54 9728 ----a-w- c:\windows\system32\LAPRXY.DLL

2011-02-10 20:19:54 223232 ----a-w- c:\windows\system32\WMASF.DLL

2011-02-10 20:19:54 2048 ----a-w- c:\windows\system32\asferror.dll

2011-02-10 20:19:16 293376 ----a-w- c:\windows\system32\browserchoice.exe

2011-02-10 20:18:31 25600 ----a-w- c:\windows\system32\amxread.dll

2011-02-10 20:18:31 14848 ----a-w- c:\windows\system32\apilogen.dll

2011-02-10 20:17:48 268288 ----a-w- c:\windows\system32\mcbuilder.exe

2011-02-10 20:17:48 223232 ----a-w- c:\windows\system32\SLC.dll

2011-02-10 20:17:47 57856 ----a-w- c:\windows\system32\SLUINotify.dll

2011-02-10 20:17:47 566784 ----a-w- c:\windows\system32\SLCommDlg.dll

2011-02-10 20:17:47 351232 ----a-w- c:\windows\system32\SLUI.exe

2011-02-10 20:17:47 33280 ----a-w- c:\windows\system32\slwmi.dll

2011-02-10 20:17:47 186368 ----a-w- c:\windows\system32\SLLUA.exe

2011-02-10 20:17:46 39936 ----a-w- c:\windows\system32\slcinst.dll

2011-02-10 20:17:46 2605568 ----a-w- c:\windows\system32\SLsvc.exe

2011-02-10 20:17:00 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-02-10 20:16:59 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-02-10 20:16:59 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-02-10 20:16:15 97792 ----a-w- c:\windows\system32\cabview.dll

2011-02-10 20:15:36 441856 ----a-w- c:\windows\system32\win32spl.dll

2011-02-10 20:15:36 37376 ----a-w- c:\windows\system32\printcom.dll

2011-02-10 20:14:58 2031104 ----a-w- c:\windows\system32\win32k.sys

2011-02-10 20:13:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2011-02-10 20:13:42 14848 ----a-w- c:\windows\system32\wshrm.dll

2011-02-10 20:13:00 43520 ----a-w- c:\windows\system32\msdxm.tlb

2011-02-10 20:13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2011-02-10 20:13:00 18432 ----a-w- c:\windows\system32\amcompat.tlb

2011-02-10 20:12:05 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-02-10 20:12:05 515584 ----a-w- c:\windows\system32\RMActivate.exe

2011-02-10 20:12:05 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2011-02-10 20:12:05 472576 ----a-w- c:\windows\system32\secproc.dll

2011-02-10 20:12:05 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-02-10 20:12:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2011-02-10 20:12:05 312320 ----a-w- c:\windows\system32\msdrm.dll

2011-02-10 20:12:05 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-02-10 20:12:05 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-02-10 20:11:24 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll

2011-02-10 20:11:24 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe

2011-02-10 20:11:24 11776 ----a-w- c:\windows\system32\sbunattend.exe

2011-02-10 20:10:09 83968 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-02-10 20:10:09 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-02-10 20:09:35 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2011-02-10 20:07:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-02-10 20:07:46 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-02-10 20:07:46 1686528 ----a-w- c:\windows\system32\gameux.dll

2011-02-10 20:06:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll

2011-02-10 20:06:59 94720 ----a-w- c:\windows\system32\logagent.exe

2011-02-10 20:05:45 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-02-10 20:05:12 84480 ----a-w- c:\windows\system32\INETRES.dll

2011-02-10 20:05:12 737792 ----a-w- c:\windows\system32\inetcomm.dll

2011-02-10 20:04:37 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-02-10 20:04:03 1645568 ----a-w- c:\windows\system32\connect.dll

2011-02-10 20:03:26 5120 ----a-w- c:\windows\system32\wmi.dll

2011-02-10 20:03:26 152576 ----a-w- c:\windows\system32\imagehlp.dll

2011-02-10 20:03:26 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2011-02-10 20:02:54 788992 ----a-w- c:\windows\system32\rpcrt4.dll

2011-02-10 20:02:11 396800 ----a-w- c:\windows\system32\drivers\http.sys

2011-02-10 20:02:11 31232 ----a-w- c:\windows\system32\httpapi.dll

2011-02-10 20:02:11 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-02-10 20:00:56 130048 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-10 20:00:19 974336 ----a-w- c:\windows\system32\crypt32.dll

2011-02-10 19:59:44 274432 ----a-w- c:\windows\system32\raschap.dll

2011-02-10 19:59:44 232960 ----a-w- c:\windows\system32\rastls.dll

2011-02-10 19:59:07 321536 ----a-w- c:\windows\system32\WSDApi.dll

2011-02-10 19:57:55 633856 ----a-w- c:\windows\system32\user32.dll

2011-02-10 19:56:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2011-02-10 19:56:03 22528 ----a-w- c:\windows\system32\msyuv.dll

2011-02-10 19:56:03 1327616 ----a-w- c:\windows\system32\quartz.dll

2011-02-10 19:56:03 11776 ----a-w- c:\windows\system32\tsbyuv.dll

2011-02-10 19:56:02 88576 ----a-w- c:\windows\system32\avifil32.dll

2011-02-10 19:56:02 82944 ----a-w- c:\windows\system32\mciavi32.dll

2011-02-10 19:56:02 65024 ----a-w- c:\windows\system32\avicap32.dll

2011-02-10 19:56:02 31232 ----a-w- c:\windows\system32\msvidc32.dll

2011-02-10 19:56:02 13312 ----a-w- c:\windows\system32\msrle32.dll

2011-02-10 19:56:02 123904 ----a-w- c:\windows\system32\msvfw32.dll

2011-02-10 19:55:22 750080 ----a-w- c:\windows\system32\qmgr.dll

2011-02-10 19:54:47 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-02-10 19:54:09 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2011-02-10 19:54:07 7680 ----a-w- c:\windows\system32\spwmp.dll

2011-02-10 19:54:07 4096 ----a-w- c:\windows\system32\dxmasf.dll

2011-02-10 19:54:07 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2011-02-10 19:54:07 107520 ----a-w- c:\program files\windows media player\wmpshare.exe

2011-02-10 19:54:06 4096 ----a-w- c:\windows\system32\msdxm.ocx

2011-02-10 19:54:06 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe

2011-02-10 19:54:04 311296 ----a-w- c:\windows\system32\unregmp2.exe

2011-02-10 19:54:04 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe

2011-02-10 15:44:37 2421760 ----a-w- c:\windows\system32\wucltux.dll

2011-02-10 15:43:43 87552 ----a-w- c:\windows\system32\wudriver.dll

2011-02-10 15:43:23 33792 ----a-w- c:\windows\system32\wuapp.exe

2011-02-10 15:43:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2011-02-08 21:01:18 -------- d-----w- c:\windows\PCHEALTH

2011-02-08 08:15:17 516784 ----a-r- c:\windows\system32\XceedCry.dll

2011-02-08 08:10:25 -------- d-sh--we c:\program files\Delade filer

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Start-meny

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Skrivbord

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Mallar

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Favoriter

2011-02-08 08:10:24 -------- d-sh--we c:\progra~2\Dokument

2011-02-08 07:34:51 353280 ----a-w- c:\windows\system32\idecoiins.dll

2011-02-08 07:34:51 353280 ----a-w- c:\windows\system32\idecoi.dll

2011-02-08 07:34:51 217600 ----a-w- c:\windows\system32\drivers\sis163u.sys

2011-02-08 07:34:51 110624 ----a-w- c:\windows\system32\drivers\nvstor32.sys

2011-02-08 07:33:59 -------- d-----w- c:\windows\system32\OEM

2011-02-08 07:33:58 -------- d-----w- c:\windows\PANTHER

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\wbem\sv-SE

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\sv

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\drivers\umdf\sv-SE

2011-02-08 07:33:01 -------- d-----w- c:\windows\system32\drivers\sv-SE

2011-02-08 07:33:01 -------- d-----w- c:\windows\sv-SE

2011-02-08 07:32:24 40960 ----a-w- c:\program files\common files\microsoft shared\ink\sv\Microsoft.Ink.Resources.dll

2011-02-08 07:32:15 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\sv-se\LMPRTPRC.DLL.mui

2011-02-08 07:16:15 -------- d--h--w- C:\$WINDOWS.~Q

2011-02-08 07:09:32 -------- d--h--w- C:\$INPLACE.~TR

2011-02-07 22:51:19 -------- d-----w- c:\windows\system32\URTTEMP

2011-02-07 22:51:11 -------- d-sh--w- c:\windows\Installer

2011-02-07 22:46:48 0 ----a-w- c:\windows\ativpsrm.bin

2011-02-07 22:46:31 -------- d-----w- c:\windows\system32\RTCOM

2011-02-07 18:15:20 -------- d-----w- c:\progra~2\MFAData

2011-02-07 17:21:32 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-02-07 17:21:32 -------- d-----w- c:\progra~2\Spybot - Search & Destroy

2011-02-07 17:12:30 -------- d-----w- c:\users\daniel\appdata\local\VS Revo Group

2011-02-07 17:12:26 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-02-07 17:12:25 -------- d-----w- c:\program files\VS Revo Group

2011-02-07 14:05:05 -------- d-----w- c:\users\daniel\appdata\local\PackageAware

2011-02-07 13:14:11 -------- d-----w- c:\program files\ThreatExpert Memory Scanner

2011-02-04 18:39:17 -------- d-----w- c:\program files\MSECache

2011-01-30 13:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-01-30 13:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-01-21 18:32:36 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2011-01-21 18:29:00 83806056 ----a-w- c:\program files\common files\windows live\.cache\wlcF49D.tmp

 

==================== Find3M ====================

 

2011-02-12 00:17:58 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll

2011-02-10 21:11:13 72704 ----a-w- c:\windows\system32\admparse.dll

2011-02-10 21:11:12 832512 ----a-w- c:\windows\system32\wininet.dll

2011-02-10 21:11:12 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2011-02-10 21:11:09 389120 ----a-w- c:\windows\system32\html.iec

2011-02-10 21:11:08 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-02-10 21:11:08 48128 ----a-w- c:\windows\system32\mshtmler.dll

2011-02-10 21:11:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-10 21:11:06 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-10 21:11:04 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2011-02-10 21:11:02 56320 ----a-w- c:\windows\system32\iesetup.dll

2011-02-10 20:18:31 40960 ----a-w- c:\windows\apppatch\apihex86.dll

2011-02-10 20:07:47 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2011-02-10 20:07:47 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2011-02-10 20:07:46 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2011-02-10 20:07:46 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2011-02-10 20:07:46 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.0.6000 Disk: ST325082 rev.3.AA -> Harddisk0\DR0 -> \Device\0000005a

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys ndis.sys nvmfdx32.sys

c:\windows\system32\drivers\nvstor32.sys NVIDIA Corporation NVIDIA nForce SATA Driver

c:\windows\system32\drivers\nvmfdx32.sys NVIDIA Corporation nvmfdx32

1 ntkrnlpa!IofCallDriver[0x81C27F3B] -> \Device\Harddisk0\DR0[0x8551DAD8]

3 nt[0x81CB07E2] -> ntkrnlpa!IofCallDriver[0x81C27F3B] -> [0x8460ADC0]

5 acpi[0x8022432A] -> ntkrnlpa!IofCallDriver[0x81C27F3B] -> \Device\00000058[0x8460B6F8]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

user != kernel MBR !!!

 

============= FINISH: 12:40:42,00 ===============

 

 

 

Link to comment
Share on other sites

Starta MBAM och på fliken Loggar hittar du tidigare loggar. Öppna den som skapades förut idag, kopiera resultatet och klistra in i ditt svar.

 

Kör Normans program igen och efter att du har startat om datorn tar du bort mappen C:\Program\Norman.

 

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

Link to comment
Share on other sites

Här kommer MBAM-loggen:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 5817

 

Windows 6.0.6000

Internet Explorer 7.0.6000.16982

 

2011-02-20 11:47:24

mbam-log-2011-02-20 (11-47-24).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 157066

Förfluten tid: 18 minut(er), 39 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\$Recycle.Bin\s-1-5-21-58593925-2796991136-2474863720-1000\$RNXM71Q\searchguardplus.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.

c:\$Recycle.Bin\s-1-5-21-58593925-2796991136-2474863720-1000\$RNXM71Q\update.exe (PUP.Fbsearch) -> Quarantined and deleted successfully.

 

 

Gör sedan resten på en stund.

 

 

Link to comment
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: (build 6000), 32-bit

Base Board Manufacturer: FUJITSU SIEMENS

BIOS Manufacturer: FUJITSU SIEMENS // Phoenix Technologies Ltd.

System Manufacturer: FUJITSU SIEMENS

System Product Name: D2470-A1

Logical Drives Mask: 0x00000ffc

 

Kernel Drivers (total 157):

0x81C00000 \SystemRoot\system32\ntkrnlpa.exe

0x81FA1000 \SystemRoot\system32\hal.dll

0x802C6000 \SystemRoot\system32\kdcom.dll

0x802BD000 \SystemRoot\system32\PSHED.dll

0x802B5000 \SystemRoot\system32\BOOTVID.dll

0x8027A000 \SystemRoot\system32\CLFS.SYS

0x8051F000 \SystemRoot\system32\CI.dll

0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8022A000 \SystemRoot\system32\drivers\acpi.sys

0x80221000 \SystemRoot\system32\drivers\WMILIB.SYS

0x80219000 \SystemRoot\system32\drivers\msisadrv.sys

0x8047F000 \SystemRoot\system32\drivers\pci.sys

0x8020A000 \SystemRoot\system32\drivers\volmgr.sys

0x8046F000 \SystemRoot\System32\drivers\mountmgr.sys

0x80203000 \SystemRoot\system32\drivers\pciide.sys

0x80461000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x80417000 \SystemRoot\System32\drivers\volmgrx.sys

0x8040F000 \SystemRoot\system32\drivers\atapi.sys

0x807E2000 \SystemRoot\system32\drivers\ataport.SYS

0x807C5000 \SystemRoot\system32\drivers\nvstor32.sys

0x80785000 \SystemRoot\system32\drivers\storport.sys

0x80754000 \SystemRoot\system32\drivers\fltmgr.sys

0x806FE000 \SystemRoot\system32\drivers\N360\0401000.020\SYMDS.SYS

0x806EE000 \SystemRoot\system32\drivers\fileinfo.sys

0x806C1000 \SystemRoot\system32\drivers\N360\0401000.020\SYMEFA.SYS

0x80406000 \SystemRoot\system32\Drivers\PxHelp20.sys

0x81AFC000 \SystemRoot\system32\drivers\ndis.sys

0x80696000 \SystemRoot\system32\drivers\msrpc.sys

0x8065D000 \SystemRoot\system32\drivers\NETIO.SYS

0x824F8000 \SystemRoot\System32\Drivers\Ntfs.sys

0x81A92000 \SystemRoot\System32\Drivers\ksecdd.sys

0x80627000 \SystemRoot\system32\drivers\volsnap.sys

0x8061F000 \SystemRoot\System32\Drivers\spldr.sys

0x80610000 \SystemRoot\System32\drivers\partmgr.sys

0x80601000 \SystemRoot\System32\Drivers\mup.sys

0x81A6D000 \SystemRoot\System32\drivers\ecache.sys

0x81A5C000 \SystemRoot\system32\drivers\disk.sys

0x81A3B000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x81A32000 \SystemRoot\system32\drivers\crcdisk.sys

0x8840E000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x8B320000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x88470000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x88404000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x8B2E3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x89C22000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x89C0A000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x89C48000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0x89DB0000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x8B2C5000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x8B2B3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8BCFD000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys

0x8C65D000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x8BC60000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x8B206000 \SystemRoot\System32\drivers\watchdog.sys

0x8BC35000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8B3F5000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8B3DE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8BC2A000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8BC07000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8847F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8C64A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8848E000 \SystemRoot\system32\DRIVERS\termdd.sys

0x8C632000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8C627000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x8857E000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8C5FD000 \SystemRoot\system32\DRIVERS\ks.sys

0x8C5EF000 \SystemRoot\system32\DRIVERS\circlass.sys

0x8B28B000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8C63D000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8C4EB000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x82441000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8C06A000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8C03D000 \SystemRoot\system32\drivers\portcls.sys

0x8C018000 \SystemRoot\system32\drivers\drmk.sys

0x8B383000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x89CD6000 \SystemRoot\System32\Drivers\Null.SYS

0x89CDD000 \SystemRoot\System32\Drivers\Beep.SYS

0x89CE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x8C00C000 \SystemRoot\System32\drivers\vga.sys

0x8C48A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x826E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x82698000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8C001000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8C45C000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8B395000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8C387000 \SystemRoot\System32\drivers\tcpip.sys

0x8C36E000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C359000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8C300000 \SystemRoot\system32\drivers\N360\0401000.020\SYMTDIV.SYS

0x8C2DB000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS

0x8C2C7000 \SystemRoot\system32\DRIVERS\smb.sys

0x8C280000 \SystemRoot\system32\drivers\afd.sys

0x8C24E000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8C238000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8C22A000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8C217000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8D3E1000 \SystemRoot\system32\drivers\N360\0401000.020\Ironx86.SYS

0x8C205000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x8857A000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8D3AB000 \SystemRoot\system32\DRIVERS\sis163u.sys

0x8D385000 \SystemRoot\system32\DRIVERS\usbcir.sys

0x8D37A000 \SystemRoot\system32\DRIVERS\hidir.sys

0x89D00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x8B39E000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x826B0000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x8D2E3000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x8B3A7000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x8B295000 \SystemRoot\system32\drivers\N360\0401000.020\SRTSPX.SYS

0x8D29D000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8B29F000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8B3B0000 \??\c:\program files\norman\ngs\bin\ngs.sys

0x8D202000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110218.003\IDSvix86.sys

0x8E1A2000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0x8E177000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0x8E160000 \SystemRoot\System32\Drivers\dfsc.sys

0x8E0E1000 \SystemRoot\system32\drivers\N360\0401000.020\ccHPx86.sys

0x8E035000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys

0x88420000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x8C52C000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8B213000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0x8F0F3000 \SystemRoot\System32\Drivers\dump_nvstor32.sys

0x97800000 \SystemRoot\System32\win32k.sys

0x8B227000 \SystemRoot\System32\drivers\Dxapi.sys

0x88542000 \SystemRoot\system32\DRIVERS\monitor.sys

0x98000000 \SystemRoot\System32\TSDDD.dll

0x98010000 \SystemRoot\System32\cdd.dll

0x98CF0000 \SystemRoot\system32\drivers\luafv.sys

0x99012000 \SystemRoot\system32\drivers\spsys.sys

0x8F080000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x9A8E7000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x8B231000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x9A8D4000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9EC97000 \SystemRoot\system32\drivers\HTTP.sys

0x99115000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9B600000 \SystemRoot\system32\DRIVERS\bowser.sys

0x9EC83000 \SystemRoot\System32\drivers\mpsdrv.sys

0x9EC63000 \SystemRoot\system32\drivers\mrxdav.sys

0x9EC45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9EC0C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0xA03EE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0xA038A000 \SystemRoot\System32\DRIVERS\srv2.sys

0xA0339000 \SystemRoot\System32\DRIVERS\srv.sys

0xA5322000 \SystemRoot\system32\drivers\peauth.sys

0x8B2A9000 \SystemRoot\System32\Drivers\secdrv.SYS

0x9B66F000 \SystemRoot\System32\drivers\tcpipreg.sys

0xA500A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0xA506A000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

0x9917F000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

0x9B6D2000 \SystemRoot\system32\drivers\tdtcp.sys

0x8E029000 \SystemRoot\System32\DRIVERS\tssecsrv.sys

0xA600A000 \SystemRoot\System32\Drivers\RDPWD.SYS

0x8B332000 \??\C:\Windows\system32\FsUsbExDisk.SYS

0xA7D29000 \SystemRoot\system32\drivers\N360\0401000.020\SRTSP.SYS

0xB7FB5000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110220.002\NAVEX15.SYS

0x8F096000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110220.002\NAVENG.SYS

0x76E40000 \Windows\System32\ntdll.dll

 

Processes (total 67):

0 System Idle Process

4 SYSTEM

416 C:\Windows\System32\smss.exe

480 csrss.exe

536 C:\Windows\System32\wininit.exe

544 csrss.exe

580 C:\Windows\System32\services.exe

592 C:\Windows\System32\lsass.exe

600 C:\Windows\System32\lsm.exe

640 C:\Windows\System32\winlogon.exe

792 C:\Windows\System32\svchost.exe

848 C:\Windows\System32\svchost.exe

984 C:\Windows\System32\Ati2evxx.exe

1004 C:\Windows\System32\svchost.exe

1028 C:\Windows\System32\svchost.exe

1068 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

1084 C:\Windows\System32\svchost.exe

1136 C:\Windows\System32\audiodg.exe

1160 C:\Windows\System32\SLsvc.exe

1208 C:\Windows\System32\svchost.exe

1352 C:\Windows\System32\Ati2evxx.exe

1472 C:\Windows\System32\svchost.exe

1704 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

1772 C:\Windows\System32\dwm.exe

1804 C:\Windows\explorer.exe

428 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

408 C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

596 C:\Program Files\Logitech\QuickCam\Quickcam.exe

1036 C:\Program Files\FSC\Wireless Wheel Mouse\Mouse32A.exe

1688 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

1732 C:\Program Files\Windows Sidebar\sidebar.exe

844 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

976 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

1680 C:\Program Files\Personal\bin\Personal.exe

1668 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

1588 C:\Windows\System32\spoolsv.exe

1600 C:\Windows\System32\taskeng.exe

260 C:\Windows\System32\svchost.exe

2080 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

2108 C:\Program Files\Bonjour\mDNSResponder.exe

2156 C:\Windows\System32\FsUsbExService.Exe

2336 C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe

2400 C:\Windows\System32\svchost.exe

2484 C:\Windows\System32\svchost.exe

2564 C:\Windows\System32\svchost.exe

2624 C:\Windows\System32\SearchIndexer.exe

2744 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

2852 WUDFHost.exe

3284 C:\Windows\System32\taskeng.exe

3132 C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe

3964 dllhost.exe

1480 C:\Windows\System32\mobsync.exe

2868 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

5160 C:\Windows\System32\msiexec.exe

5572 C:\Windows\servicing\TrustedInstaller.exe

6036 C:\Program Files\Internet Explorer\ieuser.exe

6068 C:\Program Files\Internet Explorer\iexplore.exe

4048 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe

5548 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

5920 C:\Windows\System32\notepad.exe

4968 C:\Windows\System32\SearchProtocolHost.exe

740 C:\Windows\System32\SearchFilterHost.exe

5428 C:\Windows\System32\dllhost.exe

5388 dllhost.exe

5596 dllhost.exe

5620 C:\Users\Daniel\Desktop\MBRCheck.exe

5156 C:\Windows\System32\conime.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000 (NTFS)

\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002e`ea800000 (NTFS)

 

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AA

PhysicalDrive1 Model Number: ST3250820AS, Rev: 3.AA

 

Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

232 GB \\.\PhysicalDrive1 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

 

 

Done!

 

Jag tror att Norman är avinstallerat nu...

Vore jättebra om du kunde tipsa om några program som absolut inte behöver användas samt minska antal startprogram...Tack för hjälpen än så länge...

Link to comment
Share on other sites

Innan vi tittar på vilka program som startas automatiskt tycker jag nog att vi ska få datorn ren.

 

1.

Avinstallera Ad-Aware, det är en mycket gammal version så den gör ingen större nytta längre och den kan störa de förändringar som behövs.

 

2.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

 

3.

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Link to comment
Share on other sites

Jag har börjat avinstallera ad-aware. En fråga...När du menar att stänga av program, gör jag det via aktivitetshanteraren? Eller går det att göra på ett annat sätt?

Link to comment
Share on other sites

Det räcker att du ser till öppnar alla program som ligger längs nederkanten av skärmen och väljer att avsluta dem i Arkiv-menyn eller klickar på krysset i övre högra hörnet av programmets fönster. Om det finns ikoner vid klockan så kan du högerklicka på dem och välja Avsluta/Exit eller liknande om det finns något sådant, om inte så låt dem vara kvar.

 

En sak till: Starta om datorn efter att du har klistrat i loggen från TDSSKiller och innan du laddar ner ComboFix.

Link to comment
Share on other sites

Hej igen...mycket jobb i veckan...här kommer loggen från tdssKiller:

 

2011/02/23 20:48:50.0258 4980 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/23 20:48:52.0301 4980 ================================================================================

2011/02/23 20:48:52.0301 4980 SystemInfo:

2011/02/23 20:48:52.0301 4980

2011/02/23 20:48:52.0301 4980 OS Version: 6.0.6000 ServicePack: 0.0

2011/02/23 20:48:52.0301 4980 Product type: Workstation

2011/02/23 20:48:52.0301 4980 ComputerName: DANIEL-DATOR

2011/02/23 20:48:52.0301 4980 UserName: Daniel

2011/02/23 20:48:52.0301 4980 Windows directory: C:\Windows

2011/02/23 20:48:52.0301 4980 System windows directory: C:\Windows

2011/02/23 20:48:52.0301 4980 Processor architecture: Intel x86

2011/02/23 20:48:52.0301 4980 Number of processors: 2

2011/02/23 20:48:52.0301 4980 Page size: 0x1000

2011/02/23 20:48:52.0301 4980 Boot type: Normal boot

2011/02/23 20:48:52.0301 4980 ================================================================================

2011/02/23 20:48:53.0191 4980 Initialize success

2011/02/23 20:48:56.0654 5224 ================================================================================

2011/02/23 20:48:56.0654 5224 Scan started

2011/02/23 20:48:56.0654 5224 Mode: Manual;

2011/02/23 20:48:56.0654 5224 ================================================================================

2011/02/23 20:48:57.0465 5224 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/02/23 20:48:57.0543 5224 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/02/23 20:48:57.0637 5224 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/02/23 20:48:57.0761 5224 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/02/23 20:48:57.0824 5224 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/02/23 20:48:57.0980 5224 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/02/23 20:48:58.0058 5224 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/02/23 20:48:58.0105 5224 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/02/23 20:48:58.0245 5224 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/02/23 20:48:58.0307 5224 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/02/23 20:48:58.0339 5224 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/02/23 20:48:58.0417 5224 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/02/23 20:48:58.0448 5224 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys

2011/02/23 20:48:58.0541 5224 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/02/23 20:48:58.0604 5224 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/02/23 20:48:58.0760 5224 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/02/23 20:48:58.0869 5224 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

2011/02/23 20:48:59.0041 5224 atikmdag (ed29acf556ff827cb35c0d07ed4ab8d0) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/02/23 20:48:59.0275 5224 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/02/23 20:48:59.0524 5224 BHDrvx86 (83a2fec59a0a0fc73bf6598e901b2fbd) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys

2011/02/23 20:48:59.0821 5224 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/02/23 20:48:59.0977 5224 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/02/23 20:49:00.0039 5224 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/02/23 20:49:00.0179 5224 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/02/23 20:49:00.0273 5224 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/02/23 20:49:00.0320 5224 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/02/23 20:49:00.0367 5224 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/02/23 20:49:00.0491 5224 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/02/23 20:49:00.0601 5224 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys

2011/02/23 20:49:00.0803 5224 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/02/23 20:49:00.0850 5224 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/02/23 20:49:00.0897 5224 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys

2011/02/23 20:49:00.0944 5224 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/02/23 20:49:01.0100 5224 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/02/23 20:49:01.0147 5224 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/02/23 20:49:01.0193 5224 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/02/23 20:49:01.0256 5224 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/02/23 20:49:01.0459 5224 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/02/23 20:49:01.0693 5224 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/02/23 20:49:01.0849 5224 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/02/23 20:49:01.0895 5224 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/02/23 20:49:02.0051 5224 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/02/23 20:49:02.0114 5224 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/02/23 20:49:02.0223 5224 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/02/23 20:49:02.0395 5224 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/02/23 20:49:02.0519 5224 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/02/23 20:49:02.0675 5224 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/02/23 20:49:02.0738 5224 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/02/23 20:49:02.0847 5224 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/02/23 20:49:02.0894 5224 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/02/23 20:49:02.0972 5224 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/02/23 20:49:03.0112 5224 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/02/23 20:49:03.0206 5224 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys

2011/02/23 20:49:03.0315 5224 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

2011/02/23 20:49:03.0393 5224 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/02/23 20:49:03.0502 5224 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/02/23 20:49:03.0549 5224 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/02/23 20:49:03.0596 5224 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/02/23 20:49:03.0674 5224 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/02/23 20:49:03.0736 5224 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys

2011/02/23 20:49:03.0783 5224 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/02/23 20:49:03.0814 5224 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/02/23 20:49:03.0892 5224 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/02/23 20:49:03.0955 5224 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/02/23 20:49:04.0048 5224 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/02/23 20:49:04.0126 5224 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/02/23 20:49:04.0345 5224 IDSVix86 (33ca0e61eab15d439a1f592ddc020712) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110221.001\IDSvix86.sys

2011/02/23 20:49:04.0532 5224 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/02/23 20:49:04.0672 5224 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys

2011/02/23 20:49:04.0813 5224 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/02/23 20:49:04.0875 5224 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/02/23 20:49:04.0984 5224 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/02/23 20:49:05.0062 5224 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/02/23 20:49:05.0156 5224 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/02/23 20:49:05.0234 5224 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/02/23 20:49:05.0374 5224 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/02/23 20:49:05.0499 5224 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/02/23 20:49:05.0546 5224 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/02/23 20:49:05.0671 5224 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/02/23 20:49:05.0764 5224 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/02/23 20:49:05.0905 5224 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/02/23 20:49:05.0998 5224 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/02/23 20:49:06.0154 5224 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/02/23 20:49:06.0435 5224 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/02/23 20:49:06.0638 5224 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/02/23 20:49:06.0778 5224 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/02/23 20:49:06.0841 5224 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/02/23 20:49:07.0574 5224 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys

2011/02/23 20:49:08.0525 5224 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys

2011/02/23 20:49:08.0900 5224 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

2011/02/23 20:49:09.0087 5224 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/02/23 20:49:09.0337 5224 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/02/23 20:49:09.0493 5224 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/02/23 20:49:09.0727 5224 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/02/23 20:49:09.0929 5224 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/02/23 20:49:10.0007 5224 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/02/23 20:49:10.0179 5224 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/02/23 20:49:10.0553 5224 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/02/23 20:49:10.0850 5224 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/02/23 20:49:10.0912 5224 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/02/23 20:49:10.0975 5224 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/02/23 20:49:11.0068 5224 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/02/23 20:49:11.0146 5224 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/02/23 20:49:11.0271 5224 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/02/23 20:49:11.0349 5224 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/02/23 20:49:11.0630 5224 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/02/23 20:49:11.0879 5224 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

2011/02/23 20:49:12.0316 5224 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/02/23 20:49:12.0441 5224 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/02/23 20:49:12.0488 5224 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/02/23 20:49:12.0566 5224 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/02/23 20:49:12.0878 5224 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/02/23 20:49:12.0925 5224 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/02/23 20:49:13.0018 5224 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/02/23 20:49:13.0112 5224 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/02/23 20:49:13.0471 5224 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110223.002\NAVENG.SYS

2011/02/23 20:49:13.0907 5224 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110223.002\NAVEX15.SYS

2011/02/23 20:49:14.0329 5224 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

2011/02/23 20:49:14.0609 5224 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/02/23 20:49:14.0953 5224 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/02/23 20:49:15.0265 5224 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/02/23 20:49:15.0358 5224 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/02/23 20:49:15.0639 5224 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/02/23 20:49:15.0733 5224 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/02/23 20:49:16.0076 5224 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/02/23 20:49:16.0279 5224 NGS (72798cd0f757e80d791b7e087d9be3f6) c:\program files\norman\ngs\bin\ngs.sys

2011/02/23 20:49:16.0684 5224 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/02/23 20:49:16.0965 5224 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/02/23 20:49:17.0464 5224 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/02/23 20:49:17.0807 5224 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/02/23 20:49:17.0963 5224 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/02/23 20:49:18.0073 5224 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys

2011/02/23 20:49:18.0775 5224 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys

2011/02/23 20:49:19.0087 5224 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

2011/02/23 20:49:19.0165 5224 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

2011/02/23 20:49:19.0352 5224 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\drivers\nvstor32.sys

2011/02/23 20:49:19.0555 5224 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/02/23 20:49:19.0695 5224 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/02/23 20:49:19.0804 5224 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/02/23 20:49:19.0929 5224 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/02/23 20:49:19.0960 5224 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/02/23 20:49:20.0038 5224 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys

2011/02/23 20:49:20.0085 5224 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

2011/02/23 20:49:20.0163 5224 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys

2011/02/23 20:49:20.0257 5224 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/02/23 20:49:20.0350 5224 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/02/23 20:49:20.0553 5224 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

2011/02/23 20:49:20.0600 5224 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/02/23 20:49:20.0740 5224 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/02/23 20:49:20.0818 5224 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys

2011/02/23 20:49:20.0896 5224 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/02/23 20:49:20.0990 5224 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/02/23 20:49:21.0068 5224 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/02/23 20:49:21.0130 5224 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/02/23 20:49:21.0161 5224 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/02/23 20:49:21.0208 5224 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/02/23 20:49:21.0255 5224 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/02/23 20:49:21.0349 5224 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/02/23 20:49:21.0442 5224 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/02/23 20:49:21.0536 5224 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/02/23 20:49:21.0598 5224 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/02/23 20:49:21.0707 5224 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys

2011/02/23 20:49:21.0785 5224 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/02/23 20:49:21.0863 5224 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/02/23 20:49:22.0066 5224 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/02/23 20:49:22.0175 5224 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/02/23 20:49:22.0253 5224 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/02/23 20:49:22.0331 5224 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

2011/02/23 20:49:22.0519 5224 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/02/23 20:49:22.0597 5224 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/02/23 20:49:22.0628 5224 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/02/23 20:49:22.0753 5224 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/02/23 20:49:22.0940 5224 SIS163u (15e6a5a0650b500f63f33c5c0fd021ed) C:\Windows\system32\DRIVERS\sis163u.sys

2011/02/23 20:49:23.0018 5224 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/02/23 20:49:23.0096 5224 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/02/23 20:49:23.0174 5224 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/02/23 20:49:23.0314 5224 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/02/23 20:49:23.0392 5224 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/02/23 20:49:23.0548 5224 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS

2011/02/23 20:49:23.0735 5224 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS

2011/02/23 20:49:23.0876 5224 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/02/23 20:49:23.0954 5224 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/02/23 20:49:24.0079 5224 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/02/23 20:49:24.0157 5224 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

2011/02/23 20:49:24.0235 5224 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/02/23 20:49:24.0375 5224 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS

2011/02/23 20:49:24.0547 5224 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS

2011/02/23 20:49:24.0718 5224 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/02/23 20:49:24.0827 5224 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS

2011/02/23 20:49:24.0999 5224 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS

2011/02/23 20:49:25.0124 5224 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/02/23 20:49:25.0202 5224 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/02/23 20:49:25.0389 5224 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

2011/02/23 20:49:25.0483 5224 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

2011/02/23 20:49:25.0607 5224 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/02/23 20:49:25.0701 5224 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/02/23 20:49:25.0763 5224 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/02/23 20:49:25.0841 5224 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/02/23 20:49:25.0857 5224 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

2011/02/23 20:49:25.0982 5224 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/02/23 20:49:26.0044 5224 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/02/23 20:49:26.0091 5224 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/02/23 20:49:26.0153 5224 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/02/23 20:49:26.0200 5224 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/02/23 20:49:26.0294 5224 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/02/23 20:49:26.0356 5224 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/02/23 20:49:26.0434 5224 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/02/23 20:49:26.0497 5224 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/02/23 20:49:26.0575 5224 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/02/23 20:49:26.0637 5224 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/02/23 20:49:26.0731 5224 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\DRIVERS\usbcir.sys

2011/02/23 20:49:26.0793 5224 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys

2011/02/23 20:49:26.0855 5224 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys

2011/02/23 20:49:26.0902 5224 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys

2011/02/23 20:49:26.0965 5224 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2011/02/23 20:49:27.0043 5224 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/02/23 20:49:27.0105 5224 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/02/23 20:49:27.0199 5224 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/02/23 20:49:27.0230 5224 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/02/23 20:49:27.0292 5224 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/02/23 20:49:27.0308 5224 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/02/23 20:49:27.0370 5224 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/02/23 20:49:27.0417 5224 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys

2011/02/23 20:49:27.0557 5224 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

2011/02/23 20:49:27.0604 5224 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/02/23 20:49:27.0729 5224 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/02/23 20:49:27.0823 5224 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/02/23 20:49:27.0994 5224 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/02/23 20:49:28.0072 5224 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/23 20:49:28.0103 5224 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/23 20:49:28.0244 5224 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/02/23 20:49:28.0322 5224 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/02/23 20:49:28.0509 5224 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/02/23 20:49:28.0618 5224 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/02/23 20:49:28.0712 5224 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/02/23 20:49:28.0883 5224 ================================================================================

2011/02/23 20:49:28.0883 5224 Scan finished

2011/02/23 20:49:28.0883 5224 ================================================================================

Link to comment
Share on other sites

Installerat comboFix och körde igenom programmet. Datorn startade om, men det kom aldrig upp någon logg eller liknande, utan bara som att datorn gjorde en vanlig omstart. Dock såg det ut som att den hade hittat något...vad skall jag göra nu??

 

Kan konstatera att datorn går mycket tystare nu jämför med tidigare och den känns lite snabbare :thumbsup: .

 

 

Link to comment
Share on other sites

Se om du hittar filen C:\ComboFix.txt för det är loggen. Om filen inte finns så pröva med att köra ComboFix en gång till.

Link to comment
Share on other sites

Jag har kört ComboFix igen men när datorn startar om så kommer det inte upp någon logg. Dock när den startar så kommer det upp ett meddelande om att det uppstått något problem i någon fil (blå bakgrund), jag behöver dock inte göra något.

Sedan kommer det upp att datorn gör en självdiagnos och sedan kommer det upp att "datorn stängdes av på ett felaktigt sätt" och då kan jag välja att starta i felsäkert läge bla. Väljer dock att starta i normalt läge, utan problem.

Vet du om jag glömmer att göra något??

Försöker att leta efter ComboFix.txt men det enda som kommer upp är ComboFix, inte .txt. När jag klickar på det så startar programmet igen.

Link to comment
Share on other sites

Då får du kolla med några andra program i stället.

 

1.

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg, se länken i anvisningarna för ComboFix.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom IAT/EAT, Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

Starta om datorn.

 

2.

Spara Rootkit Unhooker på skrivbordet.

http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar

Packa upp programmet. Om du inte har något uppackningsprogram för rar-filer kan du hämta 7-zip. http://www.7-zip.org/

 

Dra ut internetanslutningen. Stäng av alla program du ser inklusive brandvägg, antivirusprogram och antispionprogram.

 

Dubbelklicka på Rootkit Unhooker för att starta det (i Vista och Windows 7 högerklicka och välj Kör som administratör).

Välj fliken Report och klicka på Scan

Bocka för Drivers, Stealth, Files och Code Hooks, men avbocka de andra valen.

Tryck på OK

Vänta tills skannern är klar och då väljer du File - Save Report. Spara rapporten på Skrivbordet eller på något annat ställe där du hittar igen den. Klicka på Close

 

Öppna den sparade rapporten i Anteckningar. Klistra in innehållet i ditt svar.

Starta om datorn.

 

Observera att om det kommer upp en varning "Rootkit Unhooker has detected a parasite..." så ignorera den bara.

 

3.

Spara OTL på Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista och Windows 7 högerklicka och Kör som administratör).

Under Standard Registry välj All.

 

I rutan Custom scan's and fixes klistra in följande rader (kolla att du verkligen får med alla raderna):

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

 

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in loggen OTL.txt. Medan du bifogar Extras.txt som en fil.

Link to comment
Share on other sites

  • 3 weeks later...

Hej igen!

Här kommer svaret från GMER:

 

 

 

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit quick scan 2011-03-09 14:52:03

Windows 6.0.6000 Harddisk0\DR0 -> \Device\00000057 ST325082 rev.3.AA

Running: 3yfgxmio.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uxlyipog.sys

 

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

 

---- Processes - GMER 1.0.15 ----

 

Process (*** hidden *** ) -1843048264

Process (*** hidden *** ) -1569140552

Process (*** hidden *** ) -2073088992

Process (*** hidden *** ) -1560639400

Process (*** hidden *** ) -2072909800

Process (*** hidden *** ) -2078515016

Process (*** hidden *** ) -1670160200

Process (*** hidden *** ) -1669697352

Process (*** hidden *** ) -1669698048

Process (*** hidden *** ) -1570107208

Process (*** hidden *** ) -1570119496

Process (*** hidden *** ) -1843364560

Process (*** hidden *** ) -1561466184

Process (*** hidden *** ) -1842750736

Process (*** hidden *** ) -2072452936

Process (*** hidden *** ) -2075552896

Process (*** hidden *** ) -1560332808

Process (*** hidden *** ) -2049505096

Process (*** hidden *** ) -2072596992

Process (*** hidden *** ) -1503992728

Process (*** hidden *** ) -1843247936

Process (*** hidden *** ) -1704018432

Process (*** hidden *** ) -1843270144

Process (*** hidden *** ) -1505686864

Process (*** hidden *** ) -1703934832

Process (*** hidden *** ) -2075228328

Process (*** hidden *** ) -1703789056

Process (*** hidden *** ) -1669838536

Process (*** hidden *** ) -1569078288

Process (*** hidden *** ) -1560949896

Process (*** hidden *** ) -1561444864

Process (*** hidden *** ) -1570136576

Process (*** hidden *** ) -1680031560

Process (*** hidden *** ) -2075823944

Process (*** hidden *** ) -1504444232

Process (*** hidden *** ) -1841531592

Process (*** hidden *** ) -1562175240

Process (*** hidden *** ) -1570118728

Process (*** hidden *** ) -1562092032

Process (*** hidden *** ) -1841464088

Process (*** hidden *** ) -1570406216

Process (*** hidden *** ) -2072585688

Process (*** hidden *** ) -2073120584

Process (*** hidden *** ) -1570118032

Process (*** hidden *** ) -1569108480

Process (*** hidden *** ) -1703175848

Process (*** hidden *** ) -1670357504

Process (*** hidden *** ) -1670937144

Process (*** hidden *** ) -1562291648

Process (*** hidden *** ) -2075713352

Process (*** hidden *** ) -1562289984

Process (*** hidden *** ) -1703810688

Process (*** hidden *** ) -2078936904

Process (*** hidden *** ) -1842937672

Process (*** hidden *** ) -1561002888

Process (*** hidden *** ) -2072731464

Process (*** hidden *** ) -1570010424

Process (*** hidden *** ) -1670926848

Process (*** hidden *** ) -1562286616

Process (*** hidden *** ) -1562284720

Process (*** hidden *** ) -1561396360

Process (*** hidden *** ) -1568683952

Process (*** hidden *** ) -1671122760

Process (*** hidden *** ) -1841356616

Process (*** hidden *** ) -1841798680

Process (*** hidden *** ) -2049546784

Process (*** hidden *** ) -1562281144

Process (*** hidden *** ) -2078409216

Process (*** hidden *** ) -1569124864

Process (*** hidden *** ) -1841419272

Process (*** hidden *** ) -2077540168

Process (*** hidden *** ) -2077495808

Process (*** hidden *** ) -1569161728

Process (*** hidden *** ) -1561394072

Process (*** hidden *** ) -1562283296

Process (*** hidden *** ) -2046719072

Process (*** hidden *** ) -2079892104

Process (*** hidden *** ) -1570383024

Process (*** hidden *** ) -1703985664

Process (*** hidden *** ) -1570526552

Process (*** hidden *** ) -2080015632

Process (*** hidden *** ) -2077456144

Process (*** hidden *** ) -1669695344

Process (*** hidden *** ) -2073128776

Process (*** hidden *** ) -2073628488

Process (*** hidden *** ) -2073715200

Process (*** hidden *** ) -1704034120

Process (*** hidden *** ) -1561364864

Process (*** hidden *** ) -1843101048

Process (*** hidden *** ) -1569356168

Process (*** hidden *** ) -1570099864

Process (*** hidden *** ) -1671219864

Process (*** hidden *** ) -1680469008

Process (*** hidden *** ) -1561348448

Process (*** hidden *** ) -1570094920

Process (*** hidden *** ) -2079110728

Process (*** hidden *** ) -1561460552

Process (*** hidden *** ) -1670279920

Process (*** hidden *** ) -1570053416

Process (*** hidden *** ) -2077648160

Process (*** hidden *** ) -2086165664

Process (*** hidden *** ) -1570424408

Process (*** hidden *** ) -1680367432

Process (*** hidden *** ) -1569946984

Process (*** hidden *** ) -1562197832

Process (*** hidden *** ) -2075355136

Process (*** hidden *** ) -2073704944

Process (*** hidden *** ) -1842736968

Process (*** hidden *** ) -2039355680

Process (*** hidden *** ) -1842717992

Process (*** hidden *** ) -1570038272

Process (*** hidden *** ) -1670800600

Process (*** hidden *** ) -1843385904

Process (*** hidden *** ) -2075226624

Process (*** hidden *** ) -1562198528

Process (*** hidden *** ) -1560549792

Process (*** hidden *** ) -1504561064

Process (*** hidden *** ) -2075849216

Process (*** hidden *** ) -2086163624

Process (*** hidden *** ) -1703945984

Process (*** hidden *** ) -1703952200

Process (*** hidden *** ) -2062679880

Process (*** hidden *** ) -1570293272

Process (*** hidden *** ) -2077731216

Process (*** hidden *** ) -1504243528

Process (*** hidden *** ) -2073737216

Process (*** hidden *** ) -1504310176

Process (*** hidden *** ) -2080035952

Process (*** hidden *** ) -2080323368

Process (*** hidden *** ) -2072942952

Process (*** hidden *** ) -1561547816

Process (*** hidden *** ) -1680394520

Process (*** hidden *** ) -1680213728

Process (*** hidden *** ) -1670808248

Process (*** hidden *** ) -1679898784

Process (*** hidden *** ) -1703349752

Process (*** hidden *** ) -1680508392

Process (*** hidden *** ) -1561955184

Process (*** hidden *** ) -1843100352

Process (*** hidden *** ) -1561375904

Process (*** hidden *** ) -1569404728

Process (*** hidden *** ) -1569383608

Process (*** hidden *** ) -1569389360

Process (*** hidden *** ) -1569385560

Process (*** hidden *** ) -1569382912

Process (*** hidden *** ) -2086171136

Process (*** hidden *** ) -2046645672

Process (*** hidden *** ) -1679841008

Process (*** hidden *** ) -1680433664

Process (*** hidden *** ) -2109105192

 

---- EOF - GMER 1.0.15 ----

 

 

 

Lägger in nästa logg oxå...

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6000

Number of processors #2

==============================================

>Drivers

==============================================

0x8C25D000 C:\Windows\system32\DRIVERS\atikmdag.sys 5910528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)

0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)

0x81C00000 PnpManager 3805184 bytes

0x81C00000 RAW 3805184 bytes

0x81C00000 WMIxWDM 3805184 bytes

0x97E00000 Win32k 2097152 bytes

0x97E00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)

0x8CA6A000 C:\Windows\system32\drivers\RTKVHDA.sys 1662976 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0xA72B5000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110313.002\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)

0x824F8000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NTFS-drivrutin)

0x81AFC000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8C0FD000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1060864 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)

0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)

0xA2D22000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8CF2B000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)

0x8E739000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys 815104 bytes (Symantec Corporation, BASH Driver)

0x8BD63000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x9B0B2000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)

0x8D685000 C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)

0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)

0x81A92000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x9BAD7000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP-protokollstack)

0x8D738000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)

0x8D7A5000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110310.002\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)

0x8CA11000 C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)

0xA6F29000 C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)

0x806FE000 C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)

0x9C442000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)

0x80417000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8CED0000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8022A000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI-drivrutin för NT)

0x80785000 C:\Windows\system32\drivers\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x89C6A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8027A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)

0x8CE11000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x9C589000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x8065D000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)

0x909CA000 C:\Windows\system32\DRIVERS\sis163u.sys 221184 bytes (Silicon Integrated Systems Corp., SiS163 USB Wireless LAN Adapter Driver)

0x80627000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Drivrutin för skuggkopior av volymer)

0x81FA1000 ACPI_HAL 212992 bytes

0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x8C91C000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x8CE9E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x80754000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Filterhanteraren för Microsofts filsystem)

0xA2400000 C:\Windows\System32\Drivers\RDPWD.SYS 188416 bytes (Microsoft Corporation, RDP Terminal Stack Driver)

0x8C206000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x806C1000 C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)

0x8BC25000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x80696000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x9B047000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8C233000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8C8F7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x81A6D000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)

0x8047F000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)

0x8C807000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)

0x9C553000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x8BD40000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x81A3B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x8C8D6000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x9BB47000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8CE56000 C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)

0x807E2000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0x9C5C2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x90996000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes

0x8D71B000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)

0x807C5000 C:\Windows\system32\drivers\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce Sata Performance Driver)

0x994B4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Filterdrivrutin för LUA-filvirtualisering)

0x9B011000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)

0x9BB67000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8C88F000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x89C44000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8D704000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)

0x8BC0E000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x909B3000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x9C4D7000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8CE88000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8EC1A000 C:\Windows\system32\DRIVERS\usbcir.sys 90112 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)

0x8C83A000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)

0x9A127000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x9BA03000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x9A101000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110313.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)

0x8CF17000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8BD2D000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x9955C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8CE75000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x89C1D000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x9C577000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8D667000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0x9A115000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x81A5C000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x806EE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x88480000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0x90870000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x8046F000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x884E0000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)

0x88490000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x82459000 C:\Windows\system32\DRIVERS\amdk8.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8EDE2000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x80601000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x80610000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8BD10000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8C01E000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)

0x8020A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x89C2F000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x98A10000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8BD1F000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)

0x8C82C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8C8A8000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x80461000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x89C5C000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8C07B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8C03A000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x89D5C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x8026D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0x9B158000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)

0x8C008000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8C97C000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)

0x8BC03000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)

0x8C950000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Musklassdrivrutin)

0x8C95B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x89C07000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8C9BE000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x89C12000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x8C9F5000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)

0x89D41000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8E6A3000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes

0x8E6B7000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8C014000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8E6F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8CE07000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0x8E6DF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8CE4C000 C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)

0x89CA7000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0x89CBA000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)

0x81A32000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x89D02000 C:\Windows\system32\FsUsbExDisk.SYS 36864 bytes

0x89CD5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x89CDE000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x89CC3000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, Filterdrivrutin för HID-tangentbord)

0xBAA83000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x802BD000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Plattformsspecifik drivrutin för maskinvarufel)

0x80406000 C:\Windows\system32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x89CE7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x98A00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x82468000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x80221000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x8040F000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x802B5000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x82688000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)

0x80219000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x826E8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x826F8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8061F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0x8BC65000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8BC6C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8BC5E000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x80203000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0x88400000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x8BD06000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)

0x8BCCA000 c:\program files\norman\ngs\bin\ngs.sys 20480 bytes (Norman ASA, Norman General Security Driver)

0x885FA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x885FC000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

==============================================

>Stealth

==============================================

==============================================

>Files

==============================================

!-->[Hidden] C:\$WINDOWS.~Q\DATA\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4JIZG6T\adlink_506_1077841_18004_16_AdId=2848190;BnId=2;itime=95653771;key=Säkerhet+Virus,%20skadliga%20program%20&%20botemedel;nodecode=yes;link=[1]=1;misc=1297095678

!-->[Hidden] C:\$WINDOWS.~Q\DATA\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\A4JIZG6T\adlink_506_1077841_18004_16_AdId=2848190;BnId=2;itime=98044834;key=Säkerhet+Virus,%20skadliga%20program%20&%20botemedel;nodecode=yes;link=[1]=1;misc=1297095651

!-->[Hidden] C:\$WINDOWS.~Q\DATA\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DPTRNJF6\adlink_506_1077841_18004_16_AdId=2848190;BnId=2;itime=95679796;key=Säkerhet+Virus,%20skadliga%20program%20&%20botemedel;nodecode=yes;link=[1]=1;misc=1297095678

!-->[Hidden] C:\$WINDOWS.~Q\DATA\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NMM5ZBUR\adlink_506_1040250_18004_16_AdId=2889604;BnId=1;itime=95653924;key=Säkerhet+Virus,%20skadliga%20program%20&%20botemedel;nodecode=yes;link=[1]=1;misc=1297095651

!-->[Hidden] C:\$WINDOWS.~Q\DATA\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRBCV4XT\adlink_506_1040249_18004_16_AdId=2305492;BnId=1;itime=98042373;key=Säkerhet+Virus,%20skadliga%20program%20&%20botemedel;nodecode=yes;link=[1]=1;misc=1297098041

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IMP7RRO\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105327399[1]7

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IMP7RRO\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105327399[2]7

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B9W8L2ZY\nk%7C506%7C1040250%7C18004%7C322%7CAdId=2889604;BnId=1;itime=113241042;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]1

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B9W8L2ZY\nk%7C506%7C1077841%7C18004%7C405%7CAdId=2848190;BnId=2;itime=113431838;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]1

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKI9NEE9\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105334794[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKI9NEE9\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105337056[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKI9NEE9\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105337071[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKI9NEE9\k%7C506%7C1190129%7C18004%7C2343%7CAdId=2305510;BnId=1;itime=113211805;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKI9NEE9\nk%7C506%7C1040250%7C18004%7C322%7CAdId=2889604;BnId=1;itime=113226942;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OKI9NEE9\nk%7C506%7C1040250%7C18004%7C322%7CAdId=2889604;BnId=1;itime=113429180;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIBWG7IZ\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105327384[1]7

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105333936[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105342875[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105342890[1]4

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\bladet+ab_nojesliv_tv+ab_nojesliv_tv_dokusapa+ab_nojesliv_tv_dokusapa_bigbrother+article8707743+B08726_10471+B08726_10558+;grp=495162757;misc=1300105342906[1]6

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\nk%7C506%7C1040249%7C18004%7C986%7CAdId=2305492;BnId=1;itime=113224518;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]1

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\nk%7C506%7C1040250%7C18004%7C322%7CAdId=2889604;BnId=1;itime=113212024;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]1

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\nk%7C506%7C1077841%7C18004%7C405%7CAdId=2848190;BnId=2;itime=113227527;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]1

!-->[Hidden] C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V128JY6V\nk%7C506%7C1077841%7C18004%7C405%7CAdId=2848190;BnId=2;itime=113244308;key=S%C3%A4kerhet+Virus%2C%20skadliga%20program%20%26%20botemedel;nodecode=yes;link=[1]1

!-->[Hidden] C:\Users\Daniel\AppData\Local\Temp\~DF1368.tmp

!-->[Hidden] C:\Users\Daniel\AppData\Local\Temp\~DF1D0.tmp::$DATA

!-->[Hidden] C:\Users\Daniel\AppData\Local\Temp\~DFDC94.tmp::$DATA

!-->[Hidden] C:\Users\Daniel\AppData\Roaming\Microsoft\Word\Återskapningsinfo för Normal.as$

==============================================

>Hooks

==============================================

ntkrnlpa.exe+0x000808E8, Type: Inline - RelativeJump 0x81C808E8-->81C8095E [ntkrnlpa.exe]

ntkrnlpa.exe+0x00080DC4, Type: Inline - RelativeJump 0x81C80DC4-->81C80DE9 [ntkrnlpa.exe]

ntkrnlpa.exe+0x0009138E, Type: Inline - RelativeJump 0x81C9138E-->81C91395 [ntkrnlpa.exe]

[2008]explorer.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77E0104C-->00000000 [LVPrcInj.dll]

[2008]explorer.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01014-->00000000 [LVPrcInj.dll]

[2008]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77E01050-->00000000 [LVPrcInj.dll]

[2008]explorer.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77E01368-->00000000 [LVPrcInj.dll]

[2164]mobsync.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77E0104C-->00000000 [LVPrcInj.dll]

[2164]mobsync.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01014-->00000000 [LVPrcInj.dll]

[2164]mobsync.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77E01050-->00000000 [LVPrcInj.dll]

[2164]mobsync.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77E01368-->00000000 [LVPrcInj.dll]

[4724]OfficeLiveSignIn.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77E0104C-->00000000 [LVPrcInj.dll]

[4724]OfficeLiveSignIn.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01014-->00000000 [LVPrcInj.dll]

[4724]OfficeLiveSignIn.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77E01050-->00000000 [LVPrcInj.dll]

[4724]OfficeLiveSignIn.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77E01368-->00000000 [LVPrcInj.dll]

[5244]WINWORD.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->gdi32.dll-->PatBlt, Type: IAT modification 0x3000107C-->00000000 [AcSpecfc.dll]

[5244]WINWORD.EXE-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x30001438-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77E0104C-->00000000 [LVPrcInj.dll]

[5244]WINWORD.EXE-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01014-->00000000 [LVPrcInj.dll]

[5244]WINWORD.EXE-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77E01050-->00000000 [LVPrcInj.dll]

[5244]WINWORD.EXE-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77E01368-->00000000 [LVPrcInj.dll]

[5244]WINWORD.EXE-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6DD81224-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71721480-->00000000 [shimeng.dll]

[5244]WINWORD.EXE-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6C9F11E8-->00000000 [shimeng.dll]

[6060]COCIManager.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C914B8-->00000000 [shimeng.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x00447028-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x00447018-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegDeleteKeyA, Type: IAT modification 0x00447034-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegEnumKeyA, Type: IAT modification 0x00447010-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegEnumKeyExA, Type: IAT modification 0x0044701C-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegOpenKeyA, Type: IAT modification 0x0044700C-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x00447020-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegQueryInfoKeyA, Type: IAT modification 0x00447024-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegQueryValueA, Type: IAT modification 0x00447004-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegQueryValueExA, Type: IAT modification 0x00447008-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x00447030-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B71170-->00000000 [shimeng.dll]

[6060]COCIManager.exe-->kernel32.dll-->CompareStringA, Type: IAT modification 0x00447218-->00000000 [AcGenral.dll]

[6060]COCIManager.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004471F8-->00000000 [shimeng.dll]

[6060]COCIManager.exe-->kernel32.dll-->GetVersion, Type: IAT modification 0x00447214-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x00447200-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->kernel32.dll-->LCMapStringA, Type: IAT modification 0x00447118-->00000000 [AcGenral.dll]

[6060]COCIManager.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x0044711C-->00000000 [AcGenral.dll]

[6060]COCIManager.exe-->kernel32.dll-->ntdll.dll-->NtClose, Type: IAT modification 0x77E0104C-->00000000 [LVPrcInj.dll]

[6060]COCIManager.exe-->kernel32.dll-->ntdll.dll-->NtCreateFile, Type: IAT modification 0x77E01014-->00000000 [LVPrcInj.dll]

[6060]COCIManager.exe-->kernel32.dll-->ntdll.dll-->NtDeviceIoControlFile, Type: IAT modification 0x77E01050-->00000000 [LVPrcInj.dll]

[6060]COCIManager.exe-->kernel32.dll-->ntdll.dll-->NtDuplicateObject, Type: IAT modification 0x77E01368-->00000000 [LVPrcInj.dll]

[6060]COCIManager.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x15D23408-->00000000 [shimeng.dll]

[6060]COCIManager.exe-->shell32.dll-->kernel32.dll-->GetVersion, Type: IAT modification 0x15D23478-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->shell32.dll-->kernel32.dll-->GetVersionExA, Type: IAT modification 0x15D231F8-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->shell32.dll-->kernel32.dll-->GetVersionExW, Type: IAT modification 0x15D2344C-->00000000 [AcLayers.dll]

[6060]COCIManager.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D612F8-->00000000 [shimeng.dll]

Link to comment
Share on other sites

Här kommer OTL....

 

OTL logfile created on: 2011-03-14 17:18:13 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Daniel\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16982)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 173,99 Gb Total Space | 59,28 Gb Free Space | 34,07% Space Free | Partition Type: NTFS

Drive D: | 232,88 Gb Total Space | 133,82 Gb Free Space | 57,46% Space Free | Partition Type: NTFS

Drive E: | 45,22 Gb Total Space | 45,13 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

 

Computer Name: DANIEL-DATOR | User Name: Daniel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011-03-14 17:15:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

PRC - [2011-02-10 21:30:25 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010-10-22 09:53:47 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe

PRC - [2010-02-26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

PRC - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007-10-25 15:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe

PRC - [2007-10-25 15:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

PRC - [2007-10-19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2006-11-22 20:10:06 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

PRC - [2001-11-09 07:47:50 | 000,356,352 | ---- | M] () -- C:\Program Files\FSC\Wireless Wheel Mouse\Mouse32A.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011-03-14 17:15:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

MOD - [2010-09-20 20:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\PROGRAM FILES\NORTON 360\ENGINE\4.3.0.5\ASOEHOOK.DLL

MOD - [2009-07-12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\PROGRAM FILES\NORTON 360\ENGINE\4.3.0.5\Microsoft.VC90.CRT\MSVCR90.dll

MOD - [2009-07-12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\PROGRAM FILES\NORTON 360\ENGINE\4.3.0.5\Microsoft.VC90.CRT\MSVCP90.dll

MOD - [2007-10-19 12:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

MOD - [2006-11-02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011-02-10 21:53:54 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2010-02-26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)

SRV - [2009-10-07 13:59:27 | 000,132,424 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)

SRV - [2009-03-31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2009-01-26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008-04-07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2007-10-19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007-10-19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007-10-19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2006-11-14 16:07:08 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Stopped] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011-03-12 18:10:17 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110313.002\NAVEX15.SYS -- (NAVEX15)

DRV - [2011-03-12 18:10:17 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110313.002\NAVENG.SYS -- (NAVENG)

DRV - [2011-02-25 22:59:12 | 000,800,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110309.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2011-02-20 11:10:08 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011-02-20 11:10:08 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011-02-20 10:52:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011-01-31 20:12:56 | 000,353,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110310.002\IDSvix86.sys -- (IDSVix86)

DRV - [2010-05-06 05:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)

DRV - [2010-04-29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)

DRV - [2010-04-22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)

DRV - [2010-04-22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)

DRV - [2010-04-22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2010-02-26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)

DRV - [2009-12-30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009-10-15 04:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)

DRV - [2009-10-07 14:01:32 | 000,025,032 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\program files\norman\ngs\bin\ngs.sys -- (NGS)

DRV - [2009-03-31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2008-08-01 07:40:27 | 003,894,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007-10-19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007-10-11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007-10-11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007-09-17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007-08-09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)

DRV - [2007-05-03 18:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2006-12-20 11:18:22 | 000,217,600 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sis163u.sys -- (SIS163u)

DRV - [2006-07-14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (TODO: <Company name>)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011-02-21 21:26:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011-02-20 10:53:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011-03-04 13:44:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-11 01:10:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-02-15 08:17:12 | 000,000,000 | ---D | M]

 

[2011-02-08 00:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions

[2010-09-11 14:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011-02-20 11:15:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\injglxio.default\extensions

[2011-02-08 00:14:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\injglxio.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011-01-14 10:47:59 | 000,001,583 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\injglxio.default\searchplugins\web-search.xml

[2011-02-07 23:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011-02-08 09:34:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011-02-07 23:58:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011-02-07 23:58:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011-02-20 10:53:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN

[2011-02-21 21:26:33 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN

[2010-11-30 10:06:56 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2010-11-30 10:06:56 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2010-11-12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010-11-30 10:06:57 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2011-01-30 14:57:00 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2010-09-17 19:46:21 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2010-09-17 19:46:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2010-09-17 19:46:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2010-09-17 19:46:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2010-09-17 19:46:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2010-09-17 19:46:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2010-09-17 19:46:22 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2010-08-25 01:42:15 | 000,001,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allaannonser-sv-SE.xml

[2010-08-25 01:42:15 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2010-08-25 01:42:15 | 000,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2010-08-25 01:42:15 | 000,002,670 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\prisjakt-sv-SE.xml

[2010-08-25 01:42:15 | 000,000,948 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\tyda-sv-SE.xml

[2010-08-25 01:42:15 | 000,001,174 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sv-SE.xml

[2010-08-25 01:42:15 | 000,000,951 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-sv-SE.xml

 

O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL (Symantec Corporation)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)

O2 - BHO: (Inloggningshjälp för Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()

O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE ()

O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKCU..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser verktyg för mediekontroll.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.fujidirek...geUploader5.cab (Image Uploader Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://asp.photopri...PSUploader4.cab (IPSUploader4 Control)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUpldsv-se.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://korthuset.sea...geUploader4.cab (Image Uploader Control)

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Flash Casino Helper Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011-03-14 17:15:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2011-03-14 15:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE

[2011-03-14 15:39:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\MustBeRandomlyNamed

[2011-03-02 10:00:21 | 009,970,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\NDP1.0sp3-KB867461-X86-Sve.exe

[2011-03-02 09:58:34 | 020,659,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\dotnetredist.exe

[2011-03-02 09:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up

[2011-03-01 15:32:46 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\cleanup_tool.exe

[2011-02-25 15:59:18 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2011-02-25 15:42:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\ApplicationHistory

[2011-02-25 14:26:18 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011-02-23 21:17:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011-02-23 21:06:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011-02-23 21:06:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011-02-23 21:06:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011-02-23 21:06:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011-02-23 21:06:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011-02-23 21:05:59 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011-02-23 20:44:15 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\tdsskiller

[2011-02-21 21:27:07 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symtdiv.sys

[2011-02-21 21:27:07 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symds.sys

[2011-02-21 21:27:07 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\symefa.sys

[2011-02-21 21:27:06 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.sys

[2011-02-21 21:27:06 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.sys

[2011-02-21 21:27:06 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\ironx86.sys

[2011-02-21 21:27:06 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.sys

[2011-02-21 21:26:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0403000.005

[2011-02-20 10:53:15 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll

[2011-02-20 10:53:11 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011-02-20 10:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2011-02-20 10:50:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360

[2011-02-20 10:50:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2011-02-20 10:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360

[2011-02-20 10:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2011-02-20 10:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2011-02-20 10:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller

[2011-02-20 09:19:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\erunt

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011-03-14 17:21:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6ACA3863-BE02-4C6B-9A29-A01DCD599121}.job

[2011-03-14 17:19:10 | 001,364,196 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB

[2011-03-14 17:15:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe

[2011-03-14 17:10:58 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011-03-14 17:10:58 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011-03-14 17:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011-03-09 14:42:11 | 000,296,448 | ---- | M] () -- C:\Users\Daniel\Desktop\3yfgxmio.exe

[2011-03-02 13:40:43 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011-03-02 13:40:43 | 000,480,268 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2011-03-02 13:40:43 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011-03-02 13:40:43 | 000,085,522 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2011-03-02 10:00:36 | 009,970,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\NDP1.0sp3-KB867461-X86-Sve.exe

[2011-03-02 09:58:50 | 020,659,224 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\dotnetredist.exe

[2011-03-01 15:32:54 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\cleanup_tool.exe

[2011-02-25 15:42:21 | 000,000,094 | ---- | M] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat

[2011-02-25 14:36:23 | 326,130,733 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011-02-25 14:25:38 | 004,274,659 | R--- | M] () -- C:\Users\Daniel\Desktop\ComboFix.exe

[2011-02-23 20:43:42 | 001,257,772 | ---- | M] () -- C:\Users\Daniel\Desktop\tdsskiller.zip

[2011-02-23 16:18:23 | 000,004,608 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-02-21 21:38:20 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011-02-21 09:14:46 | 000,080,384 | ---- | M] () -- C:\Users\Daniel\Desktop\MBRCheck.exe

[2011-02-20 10:52:55 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS

[2011-02-20 10:52:55 | 000,007,443 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011-02-20 10:52:55 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011-02-20 09:18:40 | 000,513,320 | ---- | M] () -- C:\Users\Daniel\Desktop\erunt.zip

[2011-02-20 09:11:50 | 000,624,128 | ---- | M] () -- C:\Users\Daniel\Desktop\dds.scr

[2011-02-15 08:17:12 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011-03-09 14:42:09 | 000,296,448 | ---- | C] () -- C:\Users\Daniel\Desktop\3yfgxmio.exe

[2011-03-02 09:51:30 | 000,001,872 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk

[2011-02-25 15:42:21 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat

[2011-02-23 21:16:55 | 326,130,733 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011-02-23 21:06:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011-02-23 21:06:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011-02-23 21:06:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011-02-23 21:06:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011-02-23 21:06:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011-02-23 20:59:38 | 004,274,659 | R--- | C] () -- C:\Users\Daniel\Desktop\ComboFix.exe

[2011-02-23 20:43:27 | 001,257,772 | ---- | C] () -- C:\Users\Daniel\Desktop\tdsskiller.zip

[2011-02-23 16:18:09 | 000,004,608 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-02-21 21:37:00 | 001,364,196 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB

[2011-02-21 21:27:07 | 000,007,873 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.cat

[2011-02-21 21:27:07 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.cat

[2011-02-21 21:27:07 | 000,007,368 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.cat

[2011-02-21 21:27:07 | 000,003,373 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symefa.inf

[2011-02-21 21:27:07 | 000,001,473 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnetv.inf

[2011-02-21 21:27:07 | 000,001,445 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symnet.inf

[2011-02-21 21:27:06 | 000,007,442 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.cat

[2011-02-21 21:27:06 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.cat

[2011-02-21 21:27:06 | 000,007,438 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.cat

[2011-02-21 21:27:06 | 000,007,425 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.cat

[2011-02-21 21:27:06 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.cat

[2011-02-21 21:27:06 | 000,002,793 | R--- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\symds.inf

[2011-02-21 21:27:06 | 000,001,754 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\cchpx86.inf

[2011-02-21 21:27:06 | 000,001,388 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtspx.inf

[2011-02-21 21:27:06 | 000,001,382 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\srtsp.inf

[2011-02-21 21:27:06 | 000,000,741 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\iron.inf

[2011-02-21 21:26:37 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini

[2011-02-21 09:14:39 | 000,080,384 | ---- | C] () -- C:\Users\Daniel\Desktop\MBRCheck.exe

[2011-02-20 10:53:11 | 000,007,443 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT

[2011-02-20 10:53:11 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF

[2011-02-20 10:52:50 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2011-02-20 09:18:28 | 000,513,320 | ---- | C] () -- C:\Users\Daniel\Desktop\erunt.zip

[2011-02-20 09:11:34 | 000,624,128 | ---- | C] () -- C:\Users\Daniel\Desktop\dds.scr

[2011-02-08 08:35:42 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2011-02-08 08:35:42 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011-02-08 08:35:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2011-02-08 08:35:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2011-02-08 08:33:29 | 000,480,268 | ---- | C] () -- C:\Windows\System32\perfh01D.dat

[2011-02-08 08:33:29 | 000,290,490 | ---- | C] () -- C:\Windows\System32\perfi01D.dat

[2011-02-08 08:33:29 | 000,085,522 | ---- | C] () -- C:\Windows\System32\perfc01D.dat

[2011-02-08 08:33:29 | 000,035,978 | ---- | C] () -- C:\Windows\System32\perfd01D.dat

[2011-02-08 00:27:08 | 000,022,092 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat

[2011-02-07 23:46:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010-11-19 17:13:56 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010-11-19 16:32:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2010-11-19 16:32:45 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2009-08-03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009-08-03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009-01-29 21:53:31 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin

[2009-01-25 13:42:07 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009-01-25 13:42:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008-09-23 12:52:05 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat

[2007-10-25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2007-10-11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2007-05-24 10:54:41 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2007-05-24 10:54:41 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2007-05-24 10:54:41 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2007-05-24 10:54:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2007-05-24 10:54:41 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2007-05-24 10:54:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2007-05-24 10:54:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2007-05-24 10:54:41 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2007-05-24 10:54:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2007-05-24 10:54:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2007-05-24 10:54:41 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2007-05-24 10:54:41 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2007-05-24 10:54:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2007-05-24 10:54:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2007-05-24 10:54:40 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2007-05-24 10:54:40 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2007-05-24 10:54:40 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2007-05-24 10:54:40 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2007-05-24 10:54:40 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2007-05-24 09:58:58 | 000,000,026 | ---- | C] () -- C:\Windows\CDE SPR360.ini

[2007-05-23 20:03:49 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI

[2007-05-23 19:56:47 | 000,000,112 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat

[2007-05-22 20:48:09 | 000,000,000 | ---- | C] () -- C:\Windows\WININIT.INI

[2007-03-13 14:57:53 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll

[2007-02-22 16:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini

[2007-02-22 16:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini

[2006-11-02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006-11-02 13:47:37 | 000,285,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006-11-02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006-11-02 11:33:01 | 000,618,272 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006-11-02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006-11-02 11:33:01 | 000,107,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006-11-02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006-11-02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006-11-02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006-11-02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006-11-02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006-11-02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006-11-02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2006-11-02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2006-08-11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

[2003-04-08 10:35:24 | 000,005,414 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009-03-08 17:14:53 | 000,000,442 | ---- | M] () -- C:\aaw7boot.log

[2006-11-20 09:29:16 | 000,000,126 | ---- | M] () -- C:\appinst.cmd

[2006-09-18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2006-11-02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr

[2011-02-08 08:36:03 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

[2006-09-18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011-02-08 00:18:12 | 2146,091,008 | -HS- | M] () -- C:\hiberfil.sys

[2007-03-13 16:07:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2007-03-13 16:07:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011-03-14 17:10:50 | 2460,024,832 | -HS- | M] () -- C:\pagefile.sys

[2008-01-11 03:00:00 | 000,904,349 | ---- | M] () -- C:\PokerStars.log.0

[2008-01-09 01:57:34 | 000,554,436 | ---- | M] () -- C:\PokerStars.log.1

[2007-03-13 15:00:33 | 000,001,079 | ---- | M] () -- C:\Prodlog.txt

[2006-11-09 15:05:25 | 000,000,042 | ---- | M] () -- C:\sort-d.txt

[2011-02-23 20:49:51 | 000,061,388 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_23.02.2011_20.48.50_log.txt

[2006-11-14 08:42:32 | 000,000,015 | ---- | M] () -- C:\vtype.cmd

 

 

< MD5 for: AGP440.SYS >

[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006-11-02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2006-11-02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2011-02-10 21:31:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys

[2011-02-10 21:31:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2011-02-10 21:31:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2011-02-10 21:31:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006-11-02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2006-05-11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c3369af\iaStor.sys

[2006-05-11 10:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_0d20ce62\iaStor.sys

 

< MD5 for: IASTORV.SYS >

[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\iaStorV.sys

[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006-11-02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2006-11-02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll

[2006-11-02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

 

< MD5 for: NVATABUS.SYS >

[2006-07-14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\drivers\nvatabus.sys

[2006-07-14 13:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) MD5=7D960340BE5B0E008BB94E4C3B991339 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_27229839\nvatabus.sys

 

< MD5 for: NVSTOR.SYS >

[2007-01-05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys

[2007-01-05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys

[2007-01-05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys

[2006-11-02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

 

< MD5 for: NVSTOR32.SYS >

[2006-12-22 20:28:56 | 000,100,648 | R--- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\DRIVER\SATA\NFORCE1\nvstor32.sys

[2006-12-22 20:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) MD5=4C93D50BCA15B3BFCAB07306B258B248 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_07a99397\nvstor32.sys

[2007-08-09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\$WINDOWS.~Q\DATA\Windows\System32\drivers\nvstor32.sys

[2007-08-09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\drivers\nvstor32.sys

[2007-08-09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

 

< MD5 for: SCECLI.DLL >

[2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll

[2006-11-02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

 

< MD5 for: VIAMRAID.SYS >

[2006-03-31 01:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\drivers\viamraid.sys

[2006-03-31 01:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_2d6a7e3a\viamraid.sys

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\System32\config\*.sav >

[2011-02-08 08:35:29 | 008,523,776 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2011-02-08 08:35:27 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2011-02-08 08:35:29 | 000,024,576 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2011-02-08 08:35:36 | 015,728,640 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2011-02-08 08:35:38 | 006,111,232 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %systemroot%\system32\*.dll /lockedfiles >

[2011-02-10 22:11:12 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2011-02-10 22:11:12 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< End of report >

Extras.Txt

Link to comment
Share on other sites

DRV - [2009-10-07 14:01:32 | 000,025,032 | ---- | M] (Norman ASA) [Kernel | System | Running] -- c:\program files\norman\ngs\bin\ngs.sys -- (NGS)

 

Norman ser ut att fortfarande köra. Har du tagit bort mappen C:\program\norman?

 

Kolla i mappen C:\Qoobox om du hittar en fil som heter något med quaritine. Klistra in den i så fall.

 

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...