Konstig felmeddelande vid start ?

[ferdi_k]

Hejsan!

 

Sitter men en bärbar dator som kör Windows 7 Enterprice 32bit, sedan en vecka tillbaka har det börjat

dyka upp ett fel meddelande på skärmen precis efter att jag loggat in på mitt konto

så här ser meddelandet ut:

Rubriken är: Testergebnis

Felmeddelandet: SICHER

 

Har gjort en genomsökning efter eventuellt virus men min antivrus program hittade inga såna märkliga saker .....

Fattar ingenting, någon som kan hjälpa mig och förstå vad detta är??

[Cluster]

Testergebnis = testresultat

 

Står det inget mer? Kan du ta en skärmdump på felmeddelandet?

[ferdi_k]

Testergebnis = testresultat

 

Står det inget mer? Kan du ta en skärmdump på felmeddelandet?

 

 

Ja precis, som sagt det står också " SICHER" .....????

 

Genomsökte datorn efter virus med BitDefender Online Scanner och den hittade 3 st virus/trojan/malmware ... kolla på rapparten:

 

 

 

Report 2011-02-22 17.31.46.txt

 

ScreenShot

 

 

[Cecilia]

Det verkar vara bäst att kolla upp datorn mer ordentligt. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[ferdi_k]

Det verkar vara bäst att kolla upp datorn mer ordentligt. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

Så här ser den ut när jag loggar in, jag tror meddelandet dyker upp i samband med "Java Shall Remote Access.exe" se bilden:

 

 

Sen har jag genomsökt datorn med Avast Pro Antivirus 5.1 och den hittade 2 infekterade filer som sitter i karanän just nu, men

nu imorse när jag loggade in på mitt konto så dök det upp en lite meddelande fält där Avast påståd att den hade hittat 51 infekterade filer som var Rootkit-gen som finns i C:\Windows\System\install\server.exe

Infektion: Win32:Rootkit-gen [Rtk]

Objekt: C:\Windows\System\install\server.exe

Den håller på dyka upp hela tiden, tar aldrig sluutt!!! =/

 

Cecilia jag återkommer med uppgifter som du vill alldeles strax!

[ferdi_k]

Det verkar vara bäst att kolla upp datorn mer ordentligt. Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

Här kommer DDS loggen:

 

DDS.txt

 

 

Och Attach loggen:

 

Attach.txt

 

[Cecilia]

Klistrar in DDS.txt så att det blir lättare att kolla upp den både nu och senare.

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by ek-ekman at 13:45:19,35 on 2011-02-23

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.46.1053.18.1919.741 [GMT 1:00]

 

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

AV: Norman Endpoint Protection *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Norman Endpoint Protection *Enabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Norman\Npm\Bin\elogsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\UnsignedThemesSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Norman\Npm\Bin\Zanda.exe

C:\Program Files\Norman\npm\bin\nvoy.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Forefront TMG Client\FwcAgent.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\CCM\CcmExec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Norman\Npm\Bin\scheduler.exe

C:\Program Files\Norman\Npm\Bin\Njeeves.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe

C:\Windows\explorer.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\explorer.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Norman\Nse\Bin\NSESVC.EXE

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Norman\Nvc\Bin\nvcoas.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.se/

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = eatmg.eskilstuna.se:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [AdobeBridge]

uRun: [HKCU] c:\users\ek-ekman\appdata\roaming\windowsupdate\winupd.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [speedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000

mRun: [TaskTray]

mRun: [Javer Shell Remote Access] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Windows Audio Driver] "c:\windows\system32\audiohd.exe"

uExplorerRun: [Policies] c:\windows\system\install\server.exe

uExplorerRun: [ASP Net Network Module] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mExplorerRun: [Auto File System Conversion Utility] "c:\program files\common files\autoconvul.exe"

mExplorerRun: [ASP Net Network Module] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mExplorerRun: [Windows-Network Component] "c:\program files\common files\WUDHost.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\VGAfix.vbs.txt

uPolicies-system: EnableLUA = 0 (0x0)

mPolicies-explorer: UseDefaultTile = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-explorer: NoPublishingWizard = 1 (0x1)

mPolicies-explorer: NoWebServices = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: FilterAdministratorToken = 1 (0x1)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Ski&cka till OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

LSP: c:\program files\forefront tmg client\FwcWsp.dll

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

TCP: 54879647 = 156.154.70.22,156.154.71.22

TCP: {C16BF3E5-0E13-4860-B9C7-4BC5C2E6D1B4} = 156.154.70.22,156.154.71.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

mASetup: {4DJ3AI8O-E7UA-37Y1-3JPG-5Q446AB72KUR} - c:\windows\system\system\updates.exe

mASetup: {I10IVS33-W4ST-5OU6-2A31-F26O37U413S4} - c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

 

============= SERVICES / DRIVERS ===============

 

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-22 17744]

 

=============== Created Last 30 ================

 

2011-02-23 12:21:53 -------- dc----w- c:\users\ek-ekman\appdata\local\{4DD00F1F-5C2D-4B6B-8044-61D8538A8CBA}

2011-02-22 22:08:49 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Personal

2011-02-22 22:08:30 -------- dc----w- c:\program files\Personal

2011-02-22 20:48:03 357968 -c--a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-22 20:47:54 51280 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-22 20:47:03 38848 -c--a-w- c:\windows\avastSS.scr

2011-02-22 20:46:56 -------- dc----w- c:\progra~2\Alwil Software

2011-02-22 19:49:08 -------- dc----w- c:\users\ek-ekman\appdata\local\Copax

2011-02-22 19:46:50 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Copax

2011-02-22 16:31:37 -------- dc----w- c:\users\ek-ekman\appdata\roaming\QuickScan

2011-02-22 12:38:33 -------- dc----w- c:\users\ek-ekman\appdata\local\{AAB5DFC8-C962-49E9-9838-710E05A941D1}

2011-02-21 23:20:38 -------- dc----w- c:\program files\Homeenter

2011-02-21 18:46:05 -------- dcsh--r- c:\users\ek-ekman\appdata\roaming\WindowsUpdate

2011-02-21 12:52:24 -------- dc----w- c:\users\ek-ekman\appdata\local\{6A56515D-7105-4DF0-878F-D770A04B65DB}

2011-02-21 11:00:06 -------- dc----w- c:\users\ek-ekman\appdata\local\VMware

2011-02-21 10:46:46 -------- dc----w- c:\progra~2\VMware

2011-02-20 22:44:56 41984 -c--a-w- c:\users\ek-ekman\appdata\local\plugin.exe

2011-02-20 22:00:55 -------- dc----w- c:\users\ek-ekman\appdata\local\Plugins

2011-02-20 22:00:49 53760 -c--a-w- c:\users\ek-ekman\appdata\local\winsvchost.exe

2011-02-20 21:41:53 -------- dc----w- c:\users\ek-ekman\appdata\local\SoftGrid Client

2011-02-20 16:06:18 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Uniblue

2011-02-20 16:05:45 -------- dc-h--w- c:\progra~2\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-02-20 16:05:41 -------- dc----w- c:\program files\Uniblue

2011-02-20 16:04:51 -------- dc----w- c:\users\ek-ekman\appdata\local\PackageAware

2011-02-17 20:21:35 -------- dc----w- c:\users\ek-ekman\appdata\local\{BBA5B33D-B177-4EBC-9FD5-42613FD8F935}

2011-02-17 08:18:20 -------- dc----w- c:\users\ek-ekman\appdata\local\{1C6C8DC5-B6B3-4AAD-B772-FB181F4D1F17}

2011-02-16 19:48:12 -------- dc----w- c:\users\ek-ekman\appdata\local\{F2FFA843-A160-4FCA-8E79-077F3F90BA4D}

2011-02-15 17:57:13 -------- dc----w- c:\users\ek-ekman\appdata\local\{377C1775-7014-4E50-8FC5-5063D81AE99E}

2011-02-14 17:16:31 -------- dc----w- c:\users\ek-ekman\appdata\local\{83FE2AD7-35C5-4DFD-AD62-488DEA0D85B2}

2011-02-14 15:39:56 -------- dc----w- c:\users\ek-ekman\appdata\local\{8FC6571C-7555-4A76-93BB-2F3D144A3D01}

2011-02-14 00:17:26 -------- dc----w- c:\users\ek-ekman\appdata\local\{A7CA4BBF-64BE-42F0-8C66-3D78603D23B1}

2011-02-12 21:23:29 158736 -c--a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-02-12 21:23:10 42960 -c--a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-02-12 15:58:43 -------- dc----w- c:\program files\Paint.NET

2011-02-12 15:57:19 -------- dc----w- c:\users\ek-ekman\appdata\local\Paint.NET

2011-02-12 08:28:32 -------- dc----w- c:\users\ek-ekman\appdata\local\{1CE2612C-1B74-4C89-9F19-FD20CEDED112}

2011-02-11 17:17:06 -------- dcsh--r- c:\program files\WindowsUpdate

2011-02-11 17:12:38 9344 -c--a-w- c:\windows\system32\drivers\CPQBttn.sys

2011-02-11 17:12:38 15872 -c--a-w- c:\windows\system32\drivers\HpqKbFiltr.sys

2011-02-11 17:12:38 1419232 -c--a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll

2011-02-11 17:12:23 1885488 -c--a-w- c:\windows\system32\BttnCmns.dll

2011-02-11 17:12:23 1885488 -c--a-r- c:\windows\system32\BttnCmn.dll

2011-02-11 17:07:01 -------- dc----w- C:\ATI

2011-02-11 16:59:37 6656 -c--a-w- c:\windows\system32\bcmwlrc.dll

2011-02-11 16:59:35 91448 -c--a-w- c:\windows\system32\bcmwlcoi.dll

2011-02-11 16:59:34 3555328 -c--a-w- c:\windows\system32\bcmihvui.dll

2011-02-11 16:59:32 3866624 -c--a-w- c:\windows\system32\bcmihvsrv.dll

2011-02-11 16:59:32 2709056 -c--a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-02-11 16:59:29 -------- dc----w- c:\program files\Broadcom

2011-02-11 16:56:50 -------- dc----w- C:\dell

2011-02-11 16:39:03 -------- dc----w- c:\program files\Driver-Soft

2011-02-11 16:36:22 -------- dc----w- c:\users\ek-ekman\appdata\local\{55B643FA-DC53-499A-A10A-71D6E3DAE9A3}

2011-02-11 16:19:41 5890896 -c--a-w- c:\progra~2\microsoft\windows defender\definition updates\{ccbee762-fcf6-4c59-acaf-a610389cc8b5}\mpengine.dll

2011-02-11 16:18:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-11 16:18:01 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 16:17:43 80384 ----a-w- c:\windows\system32\davclnt.dll

2011-02-11 16:16:44 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-11 15:56:14 -------- dc----w- c:\users\ek-ekman\appdata\local\{B404DB50-8415-4A22-98EE-1F90DA0469BB}

2011-02-10 21:22:43 -------- dc----w- c:\users\ek-ekman\appdata\local\{EB1BAA7A-05C4-4A3A-8753-E49332B18342}

2011-02-10 09:22:21 -------- dc----w- c:\users\ek-ekman\appdata\local\{36E3C65A-5AD9-44CB-A7AF-0B69700C6F37}

2011-02-09 14:59:10 -------- dc----w- c:\users\ek-ekman\appdata\local\{44D917D3-20C1-43B1-B8F3-1C12F542740F}

2011-02-08 18:03:19 -------- dc----w- c:\users\ek-ekman\appdata\local\{3ED503B6-B273-4175-98AF-777E7D61D6E4}

2011-02-07 18:52:02 -------- dc----w- c:\users\ek-ekman\appdata\local\{5326559B-462B-4CF0-A473-9F9ECAB3B004}

2011-02-06 13:21:33 -------- dc----w- c:\users\ek-ekman\appdata\local\{6A019A3E-E9A0-4D13-87D6-FD8C712FC37D}

2011-02-05 15:26:54 -------- dc----w- c:\users\ek-ekman\appdata\roaming\hpqLog

2011-02-05 14:31:28 -------- dc----w- c:\program files\City Interactive

2011-02-05 12:48:16 -------- dc----w- c:\program files\uTorrent

2011-02-05 12:47:46 -------- dc----w- c:\users\ek-ekman\appdata\roaming\uTorrent

2011-02-05 07:57:37 -------- dc----w- c:\users\ek-ekman\appdata\local\{A1310532-ABC1-412F-8A34-7F72F3B92BEE}

2011-02-04 09:12:36 -------- dc----w- c:\users\ek-ekman\appdata\local\{C343FBEE-7DF2-4811-803A-F1BBB6EBD714}

2011-02-03 23:54:21 -------- dc----w- c:\program files\Total Video Converter

2011-02-03 23:44:22 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Pavtube

2011-02-03 23:44:04 -------- dc----w- c:\program files\Pavtube

2011-02-03 23:41:04 -------- dc----w- c:\users\ek-ekman\appdata\roaming\GetRightToGo

2011-02-03 14:53:54 -------- dc----w- c:\users\ek-ekman\appdata\local\Roxio

2011-02-03 14:51:44 -------- dc----w- c:\program files\Roxio

2011-02-03 11:39:37 -------- dc----w- c:\users\ek-ekman\appdata\local\{1FC63562-D0E9-478B-8ED5-77BB3D57A4D4}

2011-02-02 23:06:39 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Rovio

2011-02-02 19:23:29 -------- dc----w- c:\users\ek-ekman\appdata\local\{38D47AB4-F09F-4AA3-BDA4-BA4A92BD49B7}

2011-02-01 16:23:39 -------- dc----w- c:\users\ek-ekman\appdata\local\{2FE37FB0-D486-41A2-9DBB-DD2311AB4642}

2011-01-31 18:43:28 -------- dc----w- c:\users\ek-ekman\appdata\local\{E318484E-1429-4C0B-9D22-9943B7367D3D}

2011-01-30 20:54:29 -------- dc----w- c:\program files\CCleaner

2011-01-30 12:04:57 -------- dc----w- c:\users\ek-ekman\appdata\local\{92031D21-0A18-4C3E-8B8E-0DA047ABC734}

2011-01-29 16:25:45 -------- dc----w- c:\users\ek-ekman\appdata\local\{C8274AC2-190C-43DA-A564-518C7D4F8E71}

2011-01-28 13:52:37 -------- dc----w- c:\windows\system32\Fonts

2011-01-28 13:52:35 -------- dc----w- c:\program files\Pasco scientific

2011-01-28 13:47:40 -------- dc----w- c:\users\ek-ekman\appdata\local\{23161864-3A68-4CA9-8500-217A9D7AC4C3}

2011-01-28 07:55:03 -------- dc----w- c:\program files\common files\Oribi

2011-01-28 07:54:59 -------- dc----w- c:\program files\SIHDev

2011-01-28 07:54:59 -------- dc----w- c:\program files\common files\Outlook Security Manager

2011-01-28 07:54:55 -------- dc----w- c:\program files\StavaRex

2011-01-28 07:44:34 -------- dc----w- c:\program files\ConfigMgr 2007 Toolkit

2011-01-27 19:40:43 -------- dc----w- c:\users\ek-ekman\appdata\local\{8B5F245D-9444-4859-BB53-F84D0A6A0343}

2011-01-26 21:46:38 -------- dc----w- c:\progra~2\UltiDev

2011-01-26 21:46:31 -------- dc----w- c:\program files\UltiDev

2011-01-26 21:44:43 -------- dc----w- c:\program files\Microsoft ASP.NET

2011-01-26 21:43:59 -------- dc----w- c:\users\ek-ekman\appdata\roaming\SolarWinds

2011-01-26 21:43:54 -------- dc----w- c:\program files\SolarWinds

2011-01-26 21:43:02 -------- dc----w- c:\program files\Syslogd

2011-01-25 14:15:53 -------- dc----w- c:\users\ek-ekman\appdata\local\{498DB045-A46D-425B-9DA3-D09E68F28634}

2011-01-24 12:49:20 -------- dc----w- c:\users\ek-ekman\appdata\local\{4DF242A3-333D-4EE6-9A4A-34044EAD7B29}

 

==================== Find3M ====================

 

2011-01-14 07:55:24 107520 ----a-w- c:\windows\system32\cdd.dll

2010-12-10 08:43:46 0 -c--a-w- c:\windows\ativpsrm.bin

2005-07-21 07:01:24 414208 -csh--r- c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

 

============= FINISH: 14:03:01,43 ===============

[Cecilia]

Microsoft Windows 7 Enterprise är väl något som bara säljs till företag. De verktyg som jag använder för att rensa datorer är inte lämpliga till företagsdatorer utan det är bäst att du vänder dig till företages support.

[ferdi_k]

Microsoft Windows 7 Enterprise är väl något som bara säljs till företag. De verktyg som jag använder för att rensa datorer är inte lämpliga till företagsdatorer utan det är bäst att du vänder dig till företages support.

 

Men vad har du hittat i loggarna då? för i bästa fall kmr jag installlera om windows iaf det vore bättre o tabort de skräpp som har hamnat i datorn istället för att installera om windows o börja göra backup, och även då vet jag inte vilka filer som är smittade o vilka inte ..... kan vi inte bara ta bort filer som är smittade så man slipper o installera om hela windows ???

 

Mvh

[Cecilia]

Jag har, av moraliska skäl, tagit det beslutet att jag inte hjälper till att rensa datorer som har en illegal Windows installerad.

[ferdi_k]

Jag har, av moraliska skäl, tagit det beslutet att jag inte hjälper till att rensa datorer som har en illegal Windows installerad.

 

illegal Windows? det är inte alls det, utan det är skolans dator som vi har fått till skolarbete och nu när det är sportlov så kan jag inte lämna in den för reparation å andra sidan tar reparationen väldigt lång tid då de har mycket annat att göra ....

det är inte mycket jag begär i princip =)

[Cecilia]

Okej, då ber jag om ursäkt.

 

Börja med att se om MBAM kan rensa bort en del. Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Utför snabb skanning och klicka på Skanna.

Skanningen tar ett tag.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Kör DDS och klistra in en ny DDS.txt också.

[ferdi_k]

Okej, då ber jag om ursäkt.

 

Börja med att se om MBAM kan rensa bort en del. Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwareby...am-download.php

http://majorgeeks.co...fd909666f809b26

http://dw.com.com/re...2ae9ce030ef5c99

http://fileforum.bet...re/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Utför snabb skanning och klicka på Skanna.

Skanningen tar ett tag.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Kör DDS och klistra in en ny DDS.txt också.

 

Tack!

Här kommer Malmware loggen:

 

mbam-log-2011-02-24 (15-09-10).txt

 

 

DDS LOGGEN:

 

 

 

 

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by ek-ekman at 16:48:53,15 on 2011-02-24

Internet Explorer: 9.0.7930.16406

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\helppane.exe

C:\Users\ek-ekman\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.se/

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = eatmg.eskilstuna.se:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [AdobeBridge]

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [speedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" delay 20000

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [TaskTray]

mRun: [Javer Shell Remote Access] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [dsaggdsdgs] c:\windows\system\system\updates.exe

uExplorerRun: [Policies] c:\windows\system\system\updates.exe

uExplorerRun: [ASP Net Network Module] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mExplorerRun: [ASP Net Network Module] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mExplorerRun: [Policies] c:\windows\system\system\updates.exe

uPolicies-system: EnableLUA = 0 (0x0)

mPolicies-explorer: UseDefaultTile = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-explorer: NoPublishingWizard = 1 (0x1)

mPolicies-explorer: NoWebServices = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: FilterAdministratorToken = 1 (0x1)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Ski&cka till OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\forefront tmg client\FwcWsp.dll

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

TCP: 54879647 = 156.154.70.22,156.154.71.22

TCP: {C16BF3E5-0E13-4860-B9C7-4BC5C2E6D1B4} = 156.154.70.22,156.154.71.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

mASetup: {4DJ3AI8O-E7UA-37Y1-3JPG-5Q446AB72KUR} - c:\windows\system\system\updates.exe

mASetup: {I10IVS33-W4ST-5OU6-2A31-F26O37U413S4} - c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

 

============= SERVICES / DRIVERS ===============

 

R? aswFsBlk;aswFsBlk

R? aswMonFlt;aswMonFlt

R? aswSnx;aswSnx

R? aswSP;aswSP

R? avast! Antivirus;avast! Antivirus

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? Com4QLBEx;Com4QLBEx

R? cpuz134;cpuz134

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? FwcAgent;Forefront TMG Client Agent

R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service

R? Ndiskio;Ndiskio

R? netr73;RT73 USB Wireless LAN Card Driver for Vista

R? NGS;Norman General Security Driver

R? NNetSecC;Norman Network Filter NDIS common driver

R? Norman ZANDA;Norman ZANDA

R? nsesvc;Norman Scanner Engine Service

R? NvcMFlt;NvcMFlt

R? nvcoas;Norman Virus Control on-access component

R? NVOY;Norman Resource Provider

R? osppsvc;Office Software Protection Platform

R? SBSDWSCService;SBSD Security Center Service

R? Scheduler;Norman Scheduler Service

R? Sftfs;Sftfs

R? sftlist;Application Virtualization Client

R? Sftplay;Sftplay

R? Sftredir;Sftredir

R? Sftvol;Sftvol

R? sftvsa;Application Virtualization Service Agent

R? StorSvc;Storage Service

R? SwitchBoard;SwitchBoard

R? UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0

R? UnsignedThemes;Unsigned Themes

R? uxpatch;uxpatch

R? WatAdminSvc;Aktiveringsteknologier f”r Windows-tj„nst

R? VBoxUSB;VirtualBox USB

 

=============== Created Last 30 ================

 

2011-02-24 13:55:43 -------- dc----w- c:\program files\Spybot - Search & Destroy

2011-02-24 13:55:43 -------- dc----w- c:\progra~2\Spybot - Search & Destroy

2011-02-24 13:51:59 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Malwarebytes

2011-02-24 13:50:29 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-24 13:50:28 -------- dc----w- c:\progra~2\Malwarebytes

2011-02-24 13:50:25 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-02-24 13:50:25 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-24 13:49:27 -------- dc----w- c:\program files\PeerGuardian2

2011-02-23 20:46:46 -------- dc----w- C:\## aswSnx private storage

2011-02-23 12:21:53 -------- dc----w- c:\users\ek-ekman\appdata\local\{4DD00F1F-5C2D-4B6B-8044-61D8538A8CBA}

2011-02-22 22:08:49 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Personal

2011-02-22 22:08:30 -------- dc----w- c:\program files\Personal

2011-02-22 20:48:03 357968 -c--a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-22 20:47:54 51280 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-22 20:47:03 38848 -c--a-w- c:\windows\avastSS.scr

2011-02-22 20:46:56 -------- dc----w- c:\progra~2\Alwil Software

2011-02-22 19:59:45 1060864 -c--a-w- c:\windows\system32\MFC71.dll

2011-02-22 19:49:08 -------- dc----w- c:\users\ek-ekman\appdata\local\Copax

2011-02-22 19:46:50 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Copax

2011-02-22 16:31:37 -------- dc----w- c:\users\ek-ekman\appdata\roaming\QuickScan

2011-02-22 12:38:33 -------- dc----w- c:\users\ek-ekman\appdata\local\{AAB5DFC8-C962-49E9-9838-710E05A941D1}

2011-02-21 23:20:38 -------- dc----w- c:\program files\Homeenter

2011-02-21 18:46:05 -------- dcsh--r- c:\users\ek-ekman\appdata\roaming\WindowsUpdate

2011-02-21 12:52:24 -------- dc----w- c:\users\ek-ekman\appdata\local\{6A56515D-7105-4DF0-878F-D770A04B65DB}

2011-02-21 11:00:06 -------- dc----w- c:\users\ek-ekman\appdata\local\VMware

2011-02-21 10:46:46 -------- dc----w- c:\progra~2\VMware

2011-02-21 10:17:28 -------- dc----w- c:\windows\system32\Plugins

2011-02-20 22:44:56 41984 -c--a-w- c:\users\ek-ekman\appdata\local\plugin.exe

2011-02-20 22:00:55 -------- dc----w- c:\users\ek-ekman\appdata\local\Plugins

2011-02-20 22:00:49 53760 -c--a-w- c:\users\ek-ekman\appdata\local\winsvchost.exe

2011-02-20 21:41:53 -------- dc----w- c:\users\ek-ekman\appdata\local\SoftGrid Client

2011-02-20 16:06:18 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Uniblue

2011-02-20 16:05:45 -------- dc-h--w- c:\progra~2\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-02-20 16:05:41 -------- dc----w- c:\program files\Uniblue

2011-02-20 16:04:51 -------- dc----w- c:\users\ek-ekman\appdata\local\PackageAware

2011-02-17 20:21:35 -------- dc----w- c:\users\ek-ekman\appdata\local\{BBA5B33D-B177-4EBC-9FD5-42613FD8F935}

2011-02-17 08:18:20 -------- dc----w- c:\users\ek-ekman\appdata\local\{1C6C8DC5-B6B3-4AAD-B772-FB181F4D1F17}

2011-02-16 19:48:12 -------- dc----w- c:\users\ek-ekman\appdata\local\{F2FFA843-A160-4FCA-8E79-077F3F90BA4D}

2011-02-15 17:57:13 -------- dc----w- c:\users\ek-ekman\appdata\local\{377C1775-7014-4E50-8FC5-5063D81AE99E}

2011-02-14 17:16:31 -------- dc----w- c:\users\ek-ekman\appdata\local\{83FE2AD7-35C5-4DFD-AD62-488DEA0D85B2}

2011-02-14 15:39:56 -------- dc----w- c:\users\ek-ekman\appdata\local\{8FC6571C-7555-4A76-93BB-2F3D144A3D01}

2011-02-14 00:17:26 -------- dc----w- c:\users\ek-ekman\appdata\local\{A7CA4BBF-64BE-42F0-8C66-3D78603D23B1}

2011-02-12 21:23:29 158736 -c--a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-02-12 21:23:10 42960 -c--a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-02-12 15:58:43 -------- dc----w- c:\program files\Paint.NET

2011-02-12 15:57:19 -------- dc----w- c:\users\ek-ekman\appdata\local\Paint.NET

2011-02-12 08:28:32 -------- dc----w- c:\users\ek-ekman\appdata\local\{1CE2612C-1B74-4C89-9F19-FD20CEDED112}

2011-02-11 17:17:06 -------- dcsh--r- c:\program files\WindowsUpdate

2011-02-11 17:12:38 9344 -c--a-w- c:\windows\system32\drivers\CPQBttn.sys

2011-02-11 17:12:38 15872 -c--a-w- c:\windows\system32\drivers\HpqKbFiltr.sys

2011-02-11 17:12:38 1419232 -c--a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll

2011-02-11 17:12:23 1885488 -c--a-w- c:\windows\system32\BttnCmns.dll

2011-02-11 17:12:23 1885488 -c--a-r- c:\windows\system32\BttnCmn.dll

2011-02-11 17:07:01 -------- dc----w- C:\ATI

2011-02-11 16:59:37 6656 -c--a-w- c:\windows\system32\bcmwlrc.dll

2011-02-11 16:59:35 91448 -c--a-w- c:\windows\system32\bcmwlcoi.dll

2011-02-11 16:59:34 3555328 -c--a-w- c:\windows\system32\bcmihvui.dll

2011-02-11 16:59:32 3866624 -c--a-w- c:\windows\system32\bcmihvsrv.dll

2011-02-11 16:59:32 2709056 -c--a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-02-11 16:59:29 -------- dc----w- c:\program files\Broadcom

2011-02-11 16:56:50 -------- dc----w- C:\dell

2011-02-11 16:39:03 -------- dc----w- c:\program files\Driver-Soft

2011-02-11 16:36:22 -------- dc----w- c:\users\ek-ekman\appdata\local\{55B643FA-DC53-499A-A10A-71D6E3DAE9A3}

2011-02-11 16:29:08 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-11 16:29:07 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-11 16:19:41 5890896 -c--a-w- c:\progra~2\microsoft\windows defender\definition updates\{ccbee762-fcf6-4c59-acaf-a610389cc8b5}\mpengine.dll

2011-02-11 16:18:08 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-02-11 16:18:07 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-02-11 16:18:07 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-11 16:18:04 2329088 ----a-w- c:\windows\system32\win32k.sys

2011-02-11 16:18:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-11 16:18:01 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 16:17:55 541184 ----a-w- c:\windows\system32\kerberos.dll

2011-02-11 16:17:45 204288 ----a-w- c:\windows\system32\upnp.dll

2011-02-11 16:17:44 1389568 ----a-w- c:\windows\system32\msxml6.dll

2011-02-11 16:17:44 1236992 ----a-w- c:\windows\system32\msxml3.dll

2011-02-11 16:17:43 80384 ----a-w- c:\windows\system32\davclnt.dll

2011-02-11 16:17:43 350720 ----a-w- c:\windows\system32\winhttp.dll

2011-02-11 16:17:43 204800 ----a-w- c:\windows\system32\WebClnt.dll

2011-02-11 16:17:42 73728 ----a-w- c:\windows\system32\wscsvc.dll

2011-02-11 16:17:42 51200 ----a-w- c:\windows\system32\wscapi.dll

2011-02-11 16:17:42 14336 ----a-w- c:\windows\system32\slwga.dll

2011-02-11 16:16:44 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-11 15:56:14 -------- dc----w- c:\users\ek-ekman\appdata\local\{B404DB50-8415-4A22-98EE-1F90DA0469BB}

2011-02-10 21:22:43 -------- dc----w- c:\users\ek-ekman\appdata\local\{EB1BAA7A-05C4-4A3A-8753-E49332B18342}

2011-02-10 09:22:21 -------- dc----w- c:\users\ek-ekman\appdata\local\{36E3C65A-5AD9-44CB-A7AF-0B69700C6F37}

2011-02-09 14:59:10 -------- dc----w- c:\users\ek-ekman\appdata\local\{44D917D3-20C1-43B1-B8F3-1C12F542740F}

2011-02-08 18:03:19 -------- dc----w- c:\users\ek-ekman\appdata\local\{3ED503B6-B273-4175-98AF-777E7D61D6E4}

2011-02-07 18:52:02 -------- dc----w- c:\users\ek-ekman\appdata\local\{5326559B-462B-4CF0-A473-9F9ECAB3B004}

2011-02-06 13:21:33 -------- dc----w- c:\users\ek-ekman\appdata\local\{6A019A3E-E9A0-4D13-87D6-FD8C712FC37D}

2011-02-05 15:26:54 -------- dc----w- c:\users\ek-ekman\appdata\roaming\hpqLog

2011-02-05 14:31:28 -------- dc----w- c:\program files\City Interactive

2011-02-05 12:48:16 -------- dc----w- c:\program files\uTorrent

2011-02-05 12:47:46 -------- dc----w- c:\users\ek-ekman\appdata\roaming\uTorrent

2011-02-05 07:57:37 -------- dc----w- c:\users\ek-ekman\appdata\local\{A1310532-ABC1-412F-8A34-7F72F3B92BEE}

2011-02-04 09:12:36 -------- dc----w- c:\users\ek-ekman\appdata\local\{C343FBEE-7DF2-4811-803A-F1BBB6EBD714}

2011-02-03 23:54:21 -------- dc----w- c:\program files\Total Video Converter

2011-02-03 23:44:22 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Pavtube

2011-02-03 23:44:04 -------- dc----w- c:\program files\Pavtube

2011-02-03 23:41:04 -------- dc----w- c:\users\ek-ekman\appdata\roaming\GetRightToGo

2011-02-03 14:53:54 -------- dc----w- c:\users\ek-ekman\appdata\local\Roxio

2011-02-03 14:51:44 -------- dc----w- c:\program files\Roxio

2011-02-03 11:53:17 2755072 ----a-w- c:\windows\system32\themeui.dll

2011-02-03 11:51:42 582656 ----a-w- c:\windows\system32\gpprefcl.dll

2011-02-03 11:39:37 -------- dc----w- c:\users\ek-ekman\appdata\local\{1FC63562-D0E9-478B-8ED5-77BB3D57A4D4}

2011-02-02 23:06:39 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Rovio

2011-02-02 19:23:29 -------- dc----w- c:\users\ek-ekman\appdata\local\{38D47AB4-F09F-4AA3-BDA4-BA4A92BD49B7}

2011-02-01 16:23:39 -------- dc----w- c:\users\ek-ekman\appdata\local\{2FE37FB0-D486-41A2-9DBB-DD2311AB4642}

2011-01-31 18:43:28 -------- dc----w- c:\users\ek-ekman\appdata\local\{E318484E-1429-4C0B-9D22-9943B7367D3D}

2011-01-30 20:54:29 -------- dc----w- c:\program files\CCleaner

2011-01-30 12:04:57 -------- dc----w- c:\users\ek-ekman\appdata\local\{92031D21-0A18-4C3E-8B8E-0DA047ABC734}

2011-01-29 16:25:45 -------- dc----w- c:\users\ek-ekman\appdata\local\{C8274AC2-190C-43DA-A564-518C7D4F8E71}

2011-01-28 13:52:37 -------- dc----w- c:\windows\system32\Fonts

2011-01-28 13:52:35 -------- dc----w- c:\program files\Pasco scientific

2011-01-28 13:47:40 -------- dc----w- c:\users\ek-ekman\appdata\local\{23161864-3A68-4CA9-8500-217A9D7AC4C3}

2011-01-28 07:55:03 -------- dc----w- c:\program files\common files\Oribi

2011-01-28 07:54:59 -------- dc----w- c:\program files\SIHDev

2011-01-28 07:54:59 -------- dc----w- c:\program files\common files\Outlook Security Manager

2011-01-28 07:54:55 -------- dc----w- c:\program files\StavaRex

2011-01-28 07:44:34 -------- dc----w- c:\program files\ConfigMgr 2007 Toolkit

2011-01-27 19:40:43 -------- dc----w- c:\users\ek-ekman\appdata\local\{8B5F245D-9444-4859-BB53-F84D0A6A0343}

2011-01-26 21:46:38 -------- dc----w- c:\progra~2\UltiDev

2011-01-26 21:46:31 -------- dc----w- c:\program files\UltiDev

2011-01-26 21:44:43 -------- dc----w- c:\program files\Microsoft ASP.NET

2011-01-26 21:43:59 -------- dc----w- c:\users\ek-ekman\appdata\roaming\SolarWinds

2011-01-26 21:43:54 -------- dc----w- c:\program files\SolarWinds

2011-01-26 21:43:02 -------- dc----w- c:\program files\Syslogd

2011-01-25 22:31:50 15360 -c--a-w- c:\windows\system32\TSD32.DLL

2011-01-25 22:31:49 8192 -c--a-w- c:\windows\system32\TSSOFT32.ACM

2011-01-25 22:31:47 947472 -c--a-w- c:\windows\system32\msjava.bak

 

==================== Find3M ====================

 

2011-02-02 16:11:20 222080 -c----w- c:\windows\system32\MpSigStub.exe

2011-01-14 07:56:38 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-01-14 07:55:25 804864 ----a-w- c:\windows\system32\FntCache.dll

2011-01-14 07:55:25 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-01-14 07:55:25 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-14 07:55:25 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-14 07:55:25 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-14 07:55:25 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-14 07:55:25 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-14 07:55:25 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-14 07:55:25 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-01-14 07:55:24 107520 ----a-w- c:\windows\system32\cdd.dll

2010-12-10 08:56:41 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-12-10 08:43:46 0 -c--a-w- c:\windows\ativpsrm.bin

 

============= FINISH: 16:51:28,71 ===============

 

Här har du ATTACH LOGGEN också ifall det behövs:

Attach.txt

 

 

Vill bara tillägga att samtliga programmen är körda i Safe Mode, dvs det gick inte och köra det som vanligt

CPUn är på 100% hela tiden och meddelandet dyker upp nu i enorma mängder vilket resulterar i att det går knappt att göra något med datorn ....

[Cecilia]

Som du kan se i MBAM-loggen så hittade MBAM skadliga program som bland annat är ute efter att stjäla lösenord. Därför måste du nu när datorn är ren (eller från en annan dator nu) byta alla lösenord som du använder i datorn och på olika webbplatser t ex bank, forum, online-spel, krypteringsnycklar.

 

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in ett av följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här. Upprepa med nästa filnamn.

c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

c:\windows\system\system\updates.exe

 

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2.1085/1.269010/nyttan-med-uac-i-windows

Kontrollera att den är på en hög nivå:

Kontrollpanelen - System och säkerhet - Åtgärdscenter följt av UAC i vänsterkolumnen

[ferdi_k]

Som du kan se i MBAM-loggen så hittade MBAM skadliga program som bland annat är ute efter att stjäla lösenord. Därför måste du nu när datorn är ren (eller från en annan dator nu) byta alla lösenord som du använder i datorn och på olika webbplatser t ex bank, forum, online-spel, krypteringsnycklar.

 

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in ett av följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här. Upprepa med nästa filnamn.

c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

c:\windows\system\system\updates.exe

 

Vistas och Windows 7s kontroll av användarkonto (UAC) är mycket bra på stoppa skadliga program från att installeras, se t ex:

http://www.idg.se/2.1085/1.164287

http://www.idg.se/2.1085/1.166702

Den är även nyttig på andra sätt se

http://www.idg.se/2....d-uac-i-windows

Kontrollera att den är på en hög nivå:

Kontrollpanelen - System och säkerhet - Åtgärdscenter följt av UAC i vänsterkolumnen

 

här är första länken:

http://www.virustotal.com/file-scan/report.html?id=57c0af0d63b2768d866f9f7645243d50f88c13e46a41fd53c561a11eeafee7e9-1298569595

 

här är andra:

http://www.virustotal.com/file-scan/report.html?id=d95d0d1f89781035e62d927c93e75fc8564c9ffc1ef72d954c58d9f5f25dbf34-1298569788

[Cecilia]

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

[ferdi_k]

Skanna datorn online på http://www.eset.com/onlinescan/

För att inte skannern ska ta för lång tid på sig stäng av ditt antivirusprogram under tiden.

 

Avbocka alternativet Remove found threats

Bocka för Scan Archives

 

Klicka på Advanced Settings

Bocka för:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

 

Klicka på Scan

 

När skanningen är klar skapas loggfilen C:\Program\Eset\Eset Online Scanner\log.txt. Öppna den i Anteckningar och klistra sedan in innehållet i ditt svar.

 

Här kommer loggen:

 

 

 

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6425

# api_version=3.0.2

# EOSSerial=420ed6ff10adc643925390a2a9a3552c

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-02-24 09:02:18

# local_time=2011-02-24 10:02:18 (+0100, Västeuropa, normaltid)

# country="Sweden"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=768 16777215 100 0 171628 171628 0 0

# compatibility_mode=5378 16777214 100 98 65209 133858636 0 0

# compatibility_mode=5893 16776573 100 94 1138063 51015998 0 0

# compatibility_mode=8192 67108863 100 0 3742 3742 0 0

# scanned=107864

# found=16

# cleaned=16

# scan_time=5693

C:\## aswSnx private storage\webStorage\image\Windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\ek-ekman\AppData\Local\plugin.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\ek-ekman\AppData\Local\winsvchost.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\ek-ekman\AppData\Local\Temp\KXWmpskJYR.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\system\system\updates.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe probably a variant of MSIL/Injector.CF trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

 

 

Efter omstart kom samma fel meddelande om o om igen och då körde jag Malwarebyte ytterliggare en gång som upptäckte att det fanns lite skärp till som borde rensas bort här kommer loggen iaf:

 

Malwarebytes LOGGEN:

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 5867

 

Windows 6.1.7600

Internet Explorer 9.0.7930.16406

 

2011-02-24 22:38:27

mbam-log-2011-02-24 (22-38-27).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 170403

Förfluten tid: 23 minut(er), 2 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 2

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

c:\Users\ek-ekman\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

c:\Users\ek-ekman\AppData\Local\Temp\teste.vbs (Trojan.VBS) -> Quarantined and deleted successfully.

[Cecilia]

Klistra in nya DDS-loggar nu får vi se hur det ser ut efter borttagningarna.

[ferdi_k]

Klistra in nya DDS-loggar nu får vi se hur det ser ut efter borttagningarna.

 

Här varsågod!

 

 

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by ek-ekman at 23:37:47,87 on 2011-02-24

Internet Explorer: 9.0.7930.16406

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.46.1053.18.1919.1225 [GMT 1:00]

 

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

AV: Norman Endpoint Protection *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Norman Endpoint Protection *Enabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Users\ek-ekman\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Users\ek-ekman\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.se/

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = eatmg.eskilstuna.se:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [AdobeBridge]

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [TaskTray]

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Javer Shell Remote Access] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mRun: [dsaggdsdgs] c:\windows\system\system\updates.exe

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

uExplorerRun: [ASP Net Network Module] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

uExplorerRun: [Policies] c:\windows\system\system\updates.exe

mExplorerRun: [ASP Net Network Module] c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

mExplorerRun: [Policies] c:\windows\system\system\updates.exe

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\VGAfix.vbs.txt

uPolicies-system: EnableLUA = 0 (0x0)

mPolicies-explorer: UseDefaultTile = 1 (0x1)

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

mPolicies-explorer: NoPublishingWizard = 1 (0x1)

mPolicies-explorer: NoWebServices = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: FilterAdministratorToken = 1 (0x1)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Ski&cka till OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: c:\program files\forefront tmg client\FwcWsp.dll

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

TCP: 54879647 = 156.154.70.22,156.154.71.22

TCP: {C16BF3E5-0E13-4860-B9C7-4BC5C2E6D1B4} = 156.154.70.22,156.154.71.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

mASetup: {4DJ3AI8O-E7UA-37Y1-3JPG-5Q446AB72KUR} - c:\windows\system\system\updates.exe

mASetup: {I10IVS33-W4ST-5OU6-2A31-F26O37U413S4} - c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

 

============= SERVICES / DRIVERS ===============

 

R1 NNetSecL;Norman Network Security;c:\windows\system32\drivers\nnetsecl.sys [2010-12-10 30584]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-3-15 325672]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-22 357968]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-22 294608]

S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-12-10 25032]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-22 17744]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-22 51280]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-22 40384]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2011-1-18 20328]

S2 FwcAgent;Forefront TMG Client Agent;c:\program files\forefront tmg client\FwcAgent.exe [2009-10-14 275424]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-24 363344]

S2 Ndiskio;Ndiskio;c:\program files\norman\nse\bin\Ndiskio.sys [2010-12-10 22768]

S2 Norman ZANDA;Norman ZANDA;c:\program files\norman\npm\bin\Zanda.exe [2010-12-10 307896]

S2 NVOY;Norman Resource Provider;c:\program files\norman\npm\bin\nvoy.exe [2010-12-10 98776]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-24 1153368]

S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]

S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-7-13 21096]

S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-7-13 25448]

S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-11 228408]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-23 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-24 20952]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]

S3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\norman\ngs\bin\nnetsecc.sys [2010-12-10 29968]

S3 nsesvc;Norman Scanner Engine Service;c:\program files\norman\nse\bin\Nsesvc.exe [2011-1-28 288072]

S3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcv32mf.sys [2010-12-10 23392]

S3 nvcoas;Norman Virus Control on-access component;c:\program files\norman\nvc\bin\Nvcoas.exe [2010-12-10 210248]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Scheduler;Norman Scheduler Service;c:\program files\norman\npm\bin\scheduler.exe [2010-12-10 133272]

S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]

S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]

S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]

S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-23 1343400]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-12-22 31888]

S4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\ultidev\cassini web server for asp.net 2.0\UltiDevCassinWebServer2a.exe [2007-2-8 49152]

 

=============== Created Last 30 ================

 

2011-02-24 19:25:02 -------- dc----w- c:\program files\ESET

2011-02-24 13:55:43 -------- dc----w- c:\program files\Spybot - Search & Destroy

2011-02-24 13:55:43 -------- dc----w- c:\progra~2\Spybot - Search & Destroy

2011-02-24 13:51:59 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Malwarebytes

2011-02-24 13:50:29 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-24 13:50:28 -------- dc----w- c:\progra~2\Malwarebytes

2011-02-24 13:50:25 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-02-24 13:50:25 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-24 13:49:27 -------- dc----w- c:\program files\PeerGuardian2

2011-02-23 20:46:46 -------- dc----w- C:\## aswSnx private storage

2011-02-23 12:21:53 -------- dc----w- c:\users\ek-ekman\appdata\local\{4DD00F1F-5C2D-4B6B-8044-61D8538A8CBA}

2011-02-22 22:08:49 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Personal

2011-02-22 20:48:03 357968 -c--a-w- c:\windows\system32\drivers\aswSnx.sys

2011-02-22 20:47:54 51280 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-02-22 20:47:03 38848 -c--a-w- c:\windows\avastSS.scr

2011-02-22 20:46:56 -------- dc----w- c:\progra~2\Alwil Software

2011-02-22 19:59:45 1060864 -c--a-w- c:\windows\system32\MFC71.dll

2011-02-22 19:49:08 -------- dc----w- c:\users\ek-ekman\appdata\local\Copax

2011-02-22 19:46:50 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Copax

2011-02-22 16:31:37 -------- dc----w- c:\users\ek-ekman\appdata\roaming\QuickScan

2011-02-22 12:38:33 -------- dc----w- c:\users\ek-ekman\appdata\local\{AAB5DFC8-C962-49E9-9838-710E05A941D1}

2011-02-21 23:20:38 -------- dc----w- c:\program files\Homeenter

2011-02-21 18:46:05 -------- dcsh--r- c:\users\ek-ekman\appdata\roaming\WindowsUpdate

2011-02-21 12:52:24 -------- dc----w- c:\users\ek-ekman\appdata\local\{6A56515D-7105-4DF0-878F-D770A04B65DB}

2011-02-21 11:00:06 -------- dc----w- c:\users\ek-ekman\appdata\local\VMware

2011-02-21 10:46:46 -------- dc----w- c:\progra~2\VMware

2011-02-21 10:17:28 -------- dc----w- c:\windows\system32\Plugins

2011-02-20 22:00:55 -------- dc----w- c:\users\ek-ekman\appdata\local\Plugins

2011-02-20 21:41:53 -------- dc----w- c:\users\ek-ekman\appdata\local\SoftGrid Client

2011-02-20 16:06:18 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Uniblue

2011-02-20 16:05:45 -------- dc-h--w- c:\progra~2\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-02-20 16:05:41 -------- dc----w- c:\program files\Uniblue

2011-02-20 16:04:51 -------- dc----w- c:\users\ek-ekman\appdata\local\PackageAware

2011-02-17 20:21:35 -------- dc----w- c:\users\ek-ekman\appdata\local\{BBA5B33D-B177-4EBC-9FD5-42613FD8F935}

2011-02-17 08:18:20 -------- dc----w- c:\users\ek-ekman\appdata\local\{1C6C8DC5-B6B3-4AAD-B772-FB181F4D1F17}

2011-02-16 19:48:12 -------- dc----w- c:\users\ek-ekman\appdata\local\{F2FFA843-A160-4FCA-8E79-077F3F90BA4D}

2011-02-15 17:57:13 -------- dc----w- c:\users\ek-ekman\appdata\local\{377C1775-7014-4E50-8FC5-5063D81AE99E}

2011-02-14 17:16:31 -------- dc----w- c:\users\ek-ekman\appdata\local\{83FE2AD7-35C5-4DFD-AD62-488DEA0D85B2}

2011-02-14 15:39:56 -------- dc----w- c:\users\ek-ekman\appdata\local\{8FC6571C-7555-4A76-93BB-2F3D144A3D01}

2011-02-14 00:17:26 -------- dc----w- c:\users\ek-ekman\appdata\local\{A7CA4BBF-64BE-42F0-8C66-3D78603D23B1}

2011-02-12 21:23:29 158736 -c--a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-02-12 21:23:10 42960 -c--a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-02-12 15:58:43 -------- dc----w- c:\program files\Paint.NET

2011-02-12 15:57:19 -------- dc----w- c:\users\ek-ekman\appdata\local\Paint.NET

2011-02-12 08:28:32 -------- dc----w- c:\users\ek-ekman\appdata\local\{1CE2612C-1B74-4C89-9F19-FD20CEDED112}

2011-02-11 17:17:06 -------- dcsh--r- c:\program files\WindowsUpdate

2011-02-11 17:12:38 9344 -c--a-w- c:\windows\system32\drivers\CPQBttn.sys

2011-02-11 17:12:38 15872 -c--a-w- c:\windows\system32\drivers\HpqKbFiltr.sys

2011-02-11 17:12:38 1419232 -c--a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll

2011-02-11 17:12:23 1885488 -c--a-w- c:\windows\system32\BttnCmns.dll

2011-02-11 17:12:23 1885488 -c--a-r- c:\windows\system32\BttnCmn.dll

2011-02-11 17:07:01 -------- dc----w- C:\ATI

2011-02-11 16:59:37 6656 -c--a-w- c:\windows\system32\bcmwlrc.dll

2011-02-11 16:59:35 91448 -c--a-w- c:\windows\system32\bcmwlcoi.dll

2011-02-11 16:59:34 3555328 -c--a-w- c:\windows\system32\bcmihvui.dll

2011-02-11 16:59:32 3866624 -c--a-w- c:\windows\system32\bcmihvsrv.dll

2011-02-11 16:59:32 2709056 -c--a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-02-11 16:59:29 -------- dc----w- c:\program files\Broadcom

2011-02-11 16:56:50 -------- dc----w- C:\dell

2011-02-11 16:39:03 -------- dc----w- c:\program files\Driver-Soft

2011-02-11 16:36:22 -------- dc----w- c:\users\ek-ekman\appdata\local\{55B643FA-DC53-499A-A10A-71D6E3DAE9A3}

2011-02-11 16:29:08 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-11 16:29:07 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-11 16:19:41 5890896 -c--a-w- c:\progra~2\microsoft\windows defender\definition updates\{ccbee762-fcf6-4c59-acaf-a610389cc8b5}\mpengine.dll

2011-02-11 16:18:08 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-02-11 16:18:07 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-02-11 16:18:07 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-11 16:18:04 2329088 ----a-w- c:\windows\system32\win32k.sys

2011-02-11 16:18:01 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-11 16:18:01 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 16:17:55 541184 ----a-w- c:\windows\system32\kerberos.dll

2011-02-11 16:17:45 204288 ----a-w- c:\windows\system32\upnp.dll

2011-02-11 16:17:44 1389568 ----a-w- c:\windows\system32\msxml6.dll

2011-02-11 16:17:44 1236992 ----a-w- c:\windows\system32\msxml3.dll

2011-02-11 16:17:43 80384 ----a-w- c:\windows\system32\davclnt.dll

2011-02-11 16:17:43 350720 ----a-w- c:\windows\system32\winhttp.dll

2011-02-11 16:17:43 204800 ----a-w- c:\windows\system32\WebClnt.dll

2011-02-11 16:17:42 73728 ----a-w- c:\windows\system32\wscsvc.dll

2011-02-11 16:17:42 51200 ----a-w- c:\windows\system32\wscapi.dll

2011-02-11 16:17:42 14336 ----a-w- c:\windows\system32\slwga.dll

2011-02-11 16:16:44 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-11 15:56:14 -------- dc----w- c:\users\ek-ekman\appdata\local\{B404DB50-8415-4A22-98EE-1F90DA0469BB}

2011-02-10 21:22:43 -------- dc----w- c:\users\ek-ekman\appdata\local\{EB1BAA7A-05C4-4A3A-8753-E49332B18342}

2011-02-10 09:22:21 -------- dc----w- c:\users\ek-ekman\appdata\local\{36E3C65A-5AD9-44CB-A7AF-0B69700C6F37}

2011-02-09 14:59:10 -------- dc----w- c:\users\ek-ekman\appdata\local\{44D917D3-20C1-43B1-B8F3-1C12F542740F}

2011-02-08 18:03:19 -------- dc----w- c:\users\ek-ekman\appdata\local\{3ED503B6-B273-4175-98AF-777E7D61D6E4}

2011-02-07 18:52:02 -------- dc----w- c:\users\ek-ekman\appdata\local\{5326559B-462B-4CF0-A473-9F9ECAB3B004}

2011-02-06 13:21:33 -------- dc----w- c:\users\ek-ekman\appdata\local\{6A019A3E-E9A0-4D13-87D6-FD8C712FC37D}

2011-02-05 15:26:54 -------- dc----w- c:\users\ek-ekman\appdata\roaming\hpqLog

2011-02-05 14:31:28 -------- dc----w- c:\program files\City Interactive

2011-02-05 12:48:16 -------- dc----w- c:\program files\uTorrent

2011-02-05 12:47:46 -------- dc----w- c:\users\ek-ekman\appdata\roaming\uTorrent

2011-02-05 07:57:37 -------- dc----w- c:\users\ek-ekman\appdata\local\{A1310532-ABC1-412F-8A34-7F72F3B92BEE}

2011-02-04 09:12:36 -------- dc----w- c:\users\ek-ekman\appdata\local\{C343FBEE-7DF2-4811-803A-F1BBB6EBD714}

2011-02-03 23:54:21 -------- dc----w- c:\program files\Total Video Converter

2011-02-03 23:44:22 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Pavtube

2011-02-03 23:44:04 -------- dc----w- c:\program files\Pavtube

2011-02-03 23:41:04 -------- dc----w- c:\users\ek-ekman\appdata\roaming\GetRightToGo

2011-02-03 14:53:54 -------- dc----w- c:\users\ek-ekman\appdata\local\Roxio

2011-02-03 14:51:44 -------- dc----w- c:\program files\Roxio

2011-02-03 11:53:17 2755072 ----a-w- c:\windows\system32\themeui.dll

2011-02-03 11:51:42 582656 ----a-w- c:\windows\system32\gpprefcl.dll

2011-02-03 11:39:37 -------- dc----w- c:\users\ek-ekman\appdata\local\{1FC63562-D0E9-478B-8ED5-77BB3D57A4D4}

2011-02-02 23:06:39 -------- dc----w- c:\users\ek-ekman\appdata\roaming\Rovio

2011-02-02 19:23:29 -------- dc----w- c:\users\ek-ekman\appdata\local\{38D47AB4-F09F-4AA3-BDA4-BA4A92BD49B7}

2011-02-01 16:23:39 -------- dc----w- c:\users\ek-ekman\appdata\local\{2FE37FB0-D486-41A2-9DBB-DD2311AB4642}

2011-01-31 18:43:28 -------- dc----w- c:\users\ek-ekman\appdata\local\{E318484E-1429-4C0B-9D22-9943B7367D3D}

2011-01-30 20:54:29 -------- dc----w- c:\program files\CCleaner

2011-01-30 12:04:57 -------- dc----w- c:\users\ek-ekman\appdata\local\{92031D21-0A18-4C3E-8B8E-0DA047ABC734}

2011-01-29 16:25:45 -------- dc----w- c:\users\ek-ekman\appdata\local\{C8274AC2-190C-43DA-A564-518C7D4F8E71}

2011-01-28 13:52:37 -------- dc----w- c:\windows\system32\Fonts

2011-01-28 13:52:35 -------- dc----w- c:\program files\Pasco scientific

2011-01-28 13:47:40 -------- dc----w- c:\users\ek-ekman\appdata\local\{23161864-3A68-4CA9-8500-217A9D7AC4C3}

2011-01-28 07:55:03 -------- dc----w- c:\program files\common files\Oribi

2011-01-28 07:54:59 -------- dc----w- c:\program files\SIHDev

2011-01-28 07:54:59 -------- dc----w- c:\program files\common files\Outlook Security Manager

2011-01-28 07:54:55 -------- dc----w- c:\program files\StavaRex

2011-01-28 07:44:34 -------- dc----w- c:\program files\ConfigMgr 2007 Toolkit

2011-01-27 19:40:43 -------- dc----w- c:\users\ek-ekman\appdata\local\{8B5F245D-9444-4859-BB53-F84D0A6A0343}

2011-01-26 21:46:38 -------- dc----w- c:\progra~2\UltiDev

2011-01-26 21:46:31 -------- dc----w- c:\program files\UltiDev

2011-01-26 21:44:43 -------- dc----w- c:\program files\Microsoft ASP.NET

2011-01-26 21:43:59 -------- dc----w- c:\users\ek-ekman\appdata\roaming\SolarWinds

2011-01-26 21:43:54 -------- dc----w- c:\program files\SolarWinds

2011-01-26 21:43:02 -------- dc----w- c:\program files\Syslogd

 

==================== Find3M ====================

 

2011-02-02 16:11:20 222080 -c----w- c:\windows\system32\MpSigStub.exe

2011-01-14 07:56:38 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-01-14 07:55:25 804864 ----a-w- c:\windows\system32\FntCache.dll

2011-01-14 07:55:25 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-01-14 07:55:25 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-14 07:55:25 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-14 07:55:25 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-14 07:55:25 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-14 07:55:25 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-14 07:55:25 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-14 07:55:25 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-01-14 07:55:24 107520 ----a-w- c:\windows\system32\cdd.dll

2010-12-10 08:56:41 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-12-10 08:43:46 0 -c--a-w- c:\windows\ativpsrm.bin

2005-04-13 16:29:47 422912 -csha-r- c:\windows\system\system\updates.exe

2005-10-29 22:42:14 414208 -csha-r- c:\windows\system32\asp net network module\Javer Shell Remote Access.exe

 

============= FINISH: 23:39:05,59 ===============

 

Och så har vi ATTACH loggen också, om det nu behövvs:

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume1

Install Date: 2010-12-10 10:00:09

System Uptime: 2011-02-24 22:46:35 (1 hours ago)

 

Motherboard: Hewlett-Packard | | 30C2

Processor: Mobile AMD Sempron™ Processor 3800+ | U10 | 2194/200mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 111 GiB total, 70,442 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 1 GiB total, 0,894 GiB free.

F: is FIXED (NTFS) - 931 GiB total, 853,486 GiB free.

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #5

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

 

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

 

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

 

==== System Restore Points ===================

 

RP109: 2011-02-21 23:10:19 - Windows Säkerhetskopiering

RP110: 2011-02-22 15:25:19 - Windows Säkerhetskopiering

RP111: 2011-02-22 21:46:29 - avast! Pro Antivirus Setup

RP113: 2011-02-22 22:01:15 - Paint.NET v3.5.7

 

==== Installed Programs ======================

 

 

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.2 - Svenska

Adobe Shockwave Player 11.5

ATI Catalyst Install Manager

µTorrent

avast! Pro Antivirus

BGinfo

Bonniers Trafikskola 2011

Broadcom 802.11 Wireless LAN Adapter

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CCM Framework Tools

Comodo Dragon

Configuration Manager Client

CPUID CPU-Z 1.56

D3DX10

DataStudio

Definition update for Microsoft Office 2010 (KB982726)

Diino 5

DivX Setup

Driver Genius Professional Edition

ESET Online Scanner v3

Essential NetTools

Feedback Tool

Forefront TMG Client

Google Chrome

Google Talk Plugin

HP Quick Launch Buttons

HP Web Camera

HP Wireless Assistant

Java™ 6 Update 21

K-Lite Codec Pack 5.9.0 (Full)

LinuxLive USB Creator

Logitech Webcam Software

Logitech Vid HD

LSI HDA Modem

Malwarebytes' Anti-Malware

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Application Virtualization Desktop Client

Microsoft ASP.NET 2.0 AJAX Extensions 1.0

Microsoft Help Viewer 1.0

Microsoft Office Access MUI (Swedish) 2010

Microsoft Office Excel MUI (Swedish) 2010

Microsoft Office Groove MUI (Swedish) 2010

Microsoft Office InfoPath MUI (Swedish) 2010

Microsoft Office OneNote MUI (Swedish) 2010

Microsoft Office Outlook MUI (Swedish) 2010

Microsoft Office PowerPoint MUI (Swedish) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Finnish) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Swedish) 2010

Microsoft Office Proofing (Swedish) 2010

Microsoft Office Publisher MUI (Swedish) 2010

Microsoft Office Shared MUI (Swedish) 2010

Microsoft Office Word MUI (Swedish) 2010

Microsoft Silverlight

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MSVCRT

Norman Endpoint Protection

Paint.NET v3.5.7

Pavtube Video Converter version 3.5.1.2345

PDF Settings CS5

PeerGuardian 2.0

PowerISO

Real Alternative 2.0.2

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

SIW version 2010.07.14

Skins

Skype™ 5.0

Spotify

Spybot - Search & Destroy

StavaRex.1.0.8_11.STD.SVE

Synaptics Pointing Device Driver

System Requirements Lab CYRI

Total Video Converter 3.61 100319

UltiDev Cassini Web Server for ASP.NET 2.0

Uniblue RegistryBooster

Uniblue SpeedUpMyPC

Unknown Device Identifier 7.00

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft OneNote 2010 (KB2433299)

Update for Microsoft Outlook Social Connector (KB2289116)

Uppdatering för Microsoft Outlook Social Connector (KB2289116)

UxStyle Core Beta

VC80CRTRedist - 8.0.50727.4053

Windows 7 Default Setting

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

Visual Studio Tools för Office system 3.0 Runtime

Visual Studio Tools for the Office system 3.0 Runtime

VisualBee for Microsoft PowerPoint

VLC media player 1.1.7

 

==== End Of File ===========================

Attach.txt

[Cecilia]

Fint, det blir allt bättre.

 

1.

Är det problem att köra Windows i normalt läge eftersom du verkar köra i felsäkert läge med nätverk?

 

2.

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på Spybot-ikonen vid klockan och välj "Reset lists". Ikonen ser ut ungefär som ett Windows-fönster med ett hänglås på.

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

3.

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

AV: Norman Endpoint Protection *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}

Det är inte lämpligt att ha två antivirusprogram igång. Jag rekommenderar att du avinstallerar det ena. Efter den vanliga avinstallationen och en omstart av datorn kör du motsvarande städprogram för att få bort lite till:

Avast: http://www.avast.com/uninstall-utility

Norman: http://www.norman.com/support/support_issue_archive/67798/en

Därefter startar du om datorn igen.

 

4.

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[ferdi_k]

Fint, det blir allt bättre.

 

1.

Är det problem att köra Windows i normalt läge eftersom du verkar köra i felsäkert läge med nätverk?

 

2.

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på Spybot-ikonen vid klockan och välj "Reset lists". Ikonen ser ut ungefär som ett Windows-fönster med ett hänglås på.

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

3.Det är inte lämpligt att ha två antivirusprogram igång. Jag rekommenderar att du avinstallerar det ena. Efter den vanliga avinstallationen och en omstart av datorn kör du motsvarande städprogram för att få bort lite till:

Avast: http://www.avast.com/uninstall-utility

Norman: http://www.norman.co...rchive/67798/en

Därefter startar du om datorn igen.

 

4.

Spara ComboFix på Skrivbordet: http://download.blee...Bs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingc...opic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingc...ix-ska-anvandas

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Alltså jag kan komma in på mitt konto och köra windows i normal läge fast problemet är att jag får samma felmeddelande igen (men inte i samma mängd som förr) ett annat problem är att allting fungerar så segt då när jag kör windows vanligt.

 

Här är i alla fall Combofix LOGGEN:

 

 

ComboFix 11-02-24.01 - ek-ekman 2011-02-25 1:16.1.1 - x86 NETWORK

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.46.1053.18.1919.1477 [GMT 1:00]

Körs från: c:\users\ek-ekman\Downloads\ComboFix.exe

AV: Norman Endpoint Protection *Enabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}

SP: Norman Endpoint Protection *Enabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\users\ek-ekman\AppData\Roaming\chrtmp

c:\users\ek-ekman\AppData\Roaming\Local

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\ibiwshdnkwij.avi.ddr

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(2).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(3).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(4).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(5).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(6).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(7).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij(8).avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\ibiwshdnkwij.avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvbszyfvclpo.avi

c:\users\ek-ekman\AppData\Roaming\Local\Temp\DDM\Settings\tvbszyfvclpo.avi.ddr

c:\users\ek-ekman\AppData\Roaming\Windowsupdate

c:\windows\system32\oem16.inf

c:\windows\XSxS

 

----- BITS: Troligen infekterade webbplatser -----

 

hxxp://EKS30V02.ESKILSTUNA.SE:80

.

(((((((((((((((((((((((( Filer Skapade från 2011-01-25 till 2011-02-25 ))))))))))))))))))))))))))))))

.

 

2011-02-25 00:22 . 2011-02-25 00:22 -------- dc----w- c:\users\ek-ekman\AppData\Local\temp

2011-02-24 23:52 . 2011-02-24 23:52 -------- dc----w- c:\users\ek-ekman\AppData\Local\{E63A9961-C192-458C-8855-01F4858526B2}

2011-02-24 19:25 . 2011-02-24 19:25 -------- dc----w- c:\program files\ESET

2011-02-24 13:55 . 2011-02-24 21:15 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2011-02-24 13:55 . 2011-02-24 13:55 -------- dc----w- c:\program files\Spybot - Search & Destroy

2011-02-24 13:51 . 2011-02-24 13:51 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\Malwarebytes

2011-02-24 13:50 . 2010-12-20 17:09 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-02-24 13:50 . 2011-02-24 13:50 -------- dc----w- c:\programdata\Malwarebytes

2011-02-24 13:50 . 2011-02-24 13:50 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2011-02-24 13:50 . 2010-12-20 17:08 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys

2011-02-24 13:49 . 2011-02-25 00:01 -------- dc----w- c:\program files\PeerGuardian2

2011-02-23 12:21 . 2011-02-23 12:22 -------- dc----w- c:\users\ek-ekman\AppData\Local\{4DD00F1F-5C2D-4B6B-8044-61D8538A8CBA}

2011-02-22 22:08 . 2011-02-22 22:08 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\Personal

2011-02-22 20:46 . 2011-02-24 23:43 -------- dc----w- c:\programdata\Alwil Software

2011-02-22 19:59 . 2003-03-18 21:20 1060864 -c--a-w- c:\windows\system32\MFC71.dll

2011-02-22 19:59 . 2011-02-24 23:49 -------- dc----w- c:\program files\Alwil Software

2011-02-22 19:49 . 2011-02-22 19:49 -------- dc----w- c:\users\ek-ekman\AppData\Local\Copax

2011-02-22 19:46 . 2011-02-22 19:46 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\Copax

2011-02-22 16:31 . 2011-02-22 16:31 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\QuickScan

2011-02-22 12:38 . 2011-02-22 12:38 -------- dc----w- c:\users\ek-ekman\AppData\Local\{AAB5DFC8-C962-49E9-9838-710E05A941D1}

2011-02-21 23:20 . 2011-02-21 23:20 -------- dc----w- c:\program files\Homeenter

2011-02-21 12:52 . 2011-02-21 12:52 -------- dc----w- c:\users\ek-ekman\AppData\Local\{6A56515D-7105-4DF0-878F-D770A04B65DB}

2011-02-21 11:00 . 2011-02-21 20:46 -------- dc----w- c:\users\ek-ekman\AppData\Local\VMware

2011-02-21 10:59 . 2011-02-22 12:40 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\VMware

2011-02-21 10:46 . 2011-02-22 13:16 -------- dc----w- c:\programdata\VMware

2011-02-21 10:17 . 2011-02-21 10:17 -------- dc----w- c:\windows\system32\Plugins

2011-02-20 22:00 . 2011-02-20 22:00 -------- dc----w- c:\users\ek-ekman\AppData\Local\Plugins

2011-02-20 21:41 . 2011-02-20 21:42 -------- dc----w- c:\users\ek-ekman\AppData\Local\SoftGrid Client

2011-02-20 16:06 . 2011-02-21 14:50 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\Uniblue

2011-02-20 16:05 . 2011-02-20 16:05 -------- dc-h--w- c:\programdata\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-02-20 16:05 . 2011-02-21 14:49 -------- dc----w- c:\program files\Uniblue

2011-02-20 16:04 . 2011-02-20 16:04 -------- dc----w- c:\users\ek-ekman\AppData\Local\PackageAware

2011-02-17 20:21 . 2011-02-17 20:22 -------- dc----w- c:\users\ek-ekman\AppData\Local\{BBA5B33D-B177-4EBC-9FD5-42613FD8F935}

2011-02-17 08:18 . 2011-02-17 08:20 -------- dc----w- c:\users\ek-ekman\AppData\Local\{1C6C8DC5-B6B3-4AAD-B772-FB181F4D1F17}

2011-02-16 19:48 . 2011-02-16 19:48 -------- dc----w- c:\users\ek-ekman\AppData\Local\{F2FFA843-A160-4FCA-8E79-077F3F90BA4D}

2011-02-15 17:57 . 2011-02-15 17:57 -------- dc----w- c:\users\ek-ekman\AppData\Local\{377C1775-7014-4E50-8FC5-5063D81AE99E}

2011-02-14 17:16 . 2011-02-14 17:16 -------- dc----w- c:\users\ek-ekman\AppData\Local\{83FE2AD7-35C5-4DFD-AD62-488DEA0D85B2}

2011-02-14 15:39 . 2011-02-14 15:39 -------- dc----w- c:\users\ek-ekman\AppData\Local\{8FC6571C-7555-4A76-93BB-2F3D144A3D01}

2011-02-14 00:17 . 2011-02-14 00:17 -------- dc----w- c:\users\ek-ekman\AppData\Local\{A7CA4BBF-64BE-42F0-8C66-3D78603D23B1}

2011-02-12 21:23 . 2011-01-18 16:43 158736 -c--a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-02-12 21:23 . 2011-01-18 16:43 42960 -c--a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-02-12 15:58 . 2011-02-22 21:04 -------- dc----w- c:\program files\Paint.NET

2011-02-12 15:57 . 2011-02-24 16:02 -------- dc----w- c:\users\ek-ekman\AppData\Local\Paint.NET

2011-02-12 08:28 . 2011-02-12 08:28 -------- dc----w- c:\users\ek-ekman\AppData\Local\{1CE2612C-1B74-4C89-9F19-FD20CEDED112}

2011-02-11 17:24 . 2011-02-11 17:24 -------- dc----w- c:\programdata\ATI

2011-02-11 17:12 . 2009-04-29 06:46 15872 -c--a-w- c:\windows\system32\drivers\HpqKbFiltr.sys

2011-02-11 17:12 . 2009-04-20 07:38 9344 -c--a-w- c:\windows\system32\drivers\CPQBttn.sys

2011-02-11 17:12 . 2006-11-02 05:09 1419232 -c--a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll

2011-02-11 17:12 . 2008-09-08 12:31 1885488 -c--a-w- c:\windows\system32\BttnCmns.dll

2011-02-11 17:12 . 2008-09-08 12:31 1885488 -c--a-r- c:\windows\system32\BttnCmn.dll

2011-02-11 17:07 . 2011-02-11 17:07 -------- dc----w- C:\ATI

2011-02-11 16:59 . 2011-02-11 16:59 6656 -c--a-w- c:\windows\system32\bcmwlrc.dll

2011-02-11 16:59 . 2011-02-11 16:59 91448 -c--a-w- c:\windows\system32\bcmwlcoi.dll

2011-02-11 16:59 . 2011-02-11 16:59 3555328 -c--a-w- c:\windows\system32\bcmihvui.dll

2011-02-11 16:59 . 2011-02-11 16:59 3866624 -c--a-w- c:\windows\system32\bcmihvsrv.dll

2011-02-11 16:59 . 2011-02-11 16:59 2709056 -c--a-w- c:\windows\system32\drivers\BCMWL6.SYS

2011-02-11 16:59 . 2011-02-11 16:59 -------- dc----w- c:\program files\Broadcom

2011-02-11 16:56 . 2011-02-11 16:56 -------- dc----w- C:\dell

2011-02-11 16:39 . 2011-02-11 16:39 -------- dc----w- c:\program files\Driver-Soft

2011-02-11 16:36 . 2011-02-11 16:36 -------- dc----w- c:\users\ek-ekman\AppData\Local\{55B643FA-DC53-499A-A10A-71D6E3DAE9A3}

2011-02-11 16:29 . 2011-02-11 16:29 2381824 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-11 16:29 . 2011-02-11 16:29 1448448 ----a-w- c:\windows\system32\inetcpl.cpl

2011-02-11 16:19 . 2011-01-13 09:41 5890896 -c--a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCBEE762-FCF6-4C59-ACAF-A610389CC8B5}\mpengine.dll

2011-02-11 16:18 . 2011-02-11 16:20 1289536 ----a-w- c:\windows\system32\ntdll.dll

2011-02-11 16:18 . 2011-02-11 16:20 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-02-11 16:18 . 2011-02-11 16:20 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-11 16:18 . 2011-02-11 16:29 2329088 ----a-w- c:\windows\system32\win32k.sys

2011-02-11 16:18 . 2011-02-11 16:20 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-11 16:18 . 2011-02-11 16:20 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 16:17 . 2011-02-11 16:28 541184 ----a-w- c:\windows\system32\kerberos.dll

2011-02-11 16:17 . 2011-02-11 16:20 204288 ----a-w- c:\windows\system32\upnp.dll

2011-02-11 16:17 . 2011-02-11 16:20 1389568 ----a-w- c:\windows\system32\msxml6.dll

2011-02-11 16:17 . 2011-02-11 16:20 1236992 ----a-w- c:\windows\system32\msxml3.dll

2011-02-11 16:17 . 2011-02-11 16:20 80384 ----a-w- c:\windows\system32\davclnt.dll

2011-02-11 16:17 . 2011-02-11 16:20 350720 ----a-w- c:\windows\system32\winhttp.dll

2011-02-11 16:17 . 2011-02-11 16:20 204800 ----a-w- c:\windows\system32\WebClnt.dll

2011-02-11 16:17 . 2011-02-11 16:20 73728 ----a-w- c:\windows\system32\wscsvc.dll

2011-02-11 16:17 . 2011-02-11 16:20 51200 ----a-w- c:\windows\system32\wscapi.dll

2011-02-11 16:17 . 2011-02-11 16:20 14336 ----a-w- c:\windows\system32\slwga.dll

2011-02-11 16:16 . 2011-02-11 16:19 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-11 15:56 . 2011-02-11 15:56 -------- dc----w- c:\users\ek-ekman\AppData\Local\{B404DB50-8415-4A22-98EE-1F90DA0469BB}

2011-02-10 21:22 . 2011-02-10 21:23 -------- dc----w- c:\users\ek-ekman\AppData\Local\{EB1BAA7A-05C4-4A3A-8753-E49332B18342}

2011-02-10 09:22 . 2011-02-10 09:22 -------- dc----w- c:\users\ek-ekman\AppData\Local\{36E3C65A-5AD9-44CB-A7AF-0B69700C6F37}

2011-02-09 14:59 . 2011-02-09 14:59 -------- dc----w- c:\users\ek-ekman\AppData\Local\{44D917D3-20C1-43B1-B8F3-1C12F542740F}

2011-02-08 18:03 . 2011-02-08 18:03 -------- dc----w- c:\users\ek-ekman\AppData\Local\{3ED503B6-B273-4175-98AF-777E7D61D6E4}

2011-02-07 18:52 . 2011-02-07 18:52 -------- dc----w- c:\users\ek-ekman\AppData\Local\{5326559B-462B-4CF0-A473-9F9ECAB3B004}

2011-02-06 13:21 . 2011-02-06 13:21 -------- dc----w- c:\users\ek-ekman\AppData\Local\{6A019A3E-E9A0-4D13-87D6-FD8C712FC37D}

2011-02-05 15:26 . 2011-02-11 17:12 -------- dc----w- c:\program files\Hewlett-Packard

2011-02-05 15:26 . 2011-02-11 17:11 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\hpqLog

2011-02-05 15:08 . 2011-02-05 15:08 -------- dc-h--r- c:\users\ek-ekman\AppData\Roaming\SecuROM

2011-02-05 14:31 . 2011-02-05 14:31 -------- dc----w- c:\program files\City Interactive

2011-02-05 12:48 . 2011-02-05 12:48 -------- dc----w- c:\program files\uTorrent

2011-02-05 12:47 . 2011-02-24 23:48 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\uTorrent

2011-02-05 07:57 . 2011-02-05 07:57 -------- dc----w- c:\users\ek-ekman\AppData\Local\{A1310532-ABC1-412F-8A34-7F72F3B92BEE}

2011-02-04 20:25 . 2011-02-09 19:19 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\vlc

2011-02-04 09:12 . 2011-02-04 09:12 -------- dc----w- c:\users\ek-ekman\AppData\Local\{C343FBEE-7DF2-4811-803A-F1BBB6EBD714}

2011-02-03 23:54 . 2011-02-03 23:56 -------- dc----w- c:\program files\Total Video Converter

2011-02-03 23:44 . 2011-02-03 23:44 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\Pavtube

2011-02-03 23:44 . 2011-02-03 23:44 -------- dc----w- c:\program files\Pavtube

2011-02-03 23:41 . 2011-02-03 23:43 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\GetRightToGo

2011-02-03 14:53 . 2011-02-03 14:53 -------- dc----w- c:\users\ek-ekman\AppData\Local\Roxio

2011-02-03 14:51 . 2011-02-03 14:51 -------- dc----w- c:\program files\Roxio

2011-02-03 11:53 . 2011-02-03 11:53 2755072 ----a-w- c:\windows\system32\themeui.dll

2011-02-03 11:51 . 2011-02-03 11:52 582656 ----a-w- c:\windows\system32\gpprefcl.dll

2011-02-03 11:39 . 2011-02-03 11:39 -------- dc----w- c:\users\ek-ekman\AppData\Local\{1FC63562-D0E9-478B-8ED5-77BB3D57A4D4}

2011-02-02 23:06 . 2011-02-02 23:06 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\Rovio

2011-02-02 19:23 . 2011-02-02 19:23 -------- dc----w- c:\users\ek-ekman\AppData\Local\{38D47AB4-F09F-4AA3-BDA4-BA4A92BD49B7}

2011-02-01 16:23 . 2011-02-01 16:23 -------- dc----w- c:\users\ek-ekman\AppData\Local\{2FE37FB0-D486-41A2-9DBB-DD2311AB4642}

2011-01-31 18:43 . 2011-01-31 18:43 -------- dc----w- c:\users\ek-ekman\AppData\Local\{E318484E-1429-4C0B-9D22-9943B7367D3D}

2011-01-30 20:54 . 2011-01-30 20:55 -------- dc----w- c:\program files\CCleaner

2011-01-30 12:04 . 2011-01-30 12:05 -------- dc----w- c:\users\ek-ekman\AppData\Local\{92031D21-0A18-4C3E-8B8E-0DA047ABC734}

2011-01-29 16:25 . 2011-01-29 16:26 -------- dc----w- c:\users\ek-ekman\AppData\Local\{C8274AC2-190C-43DA-A564-518C7D4F8E71}

2011-01-28 13:52 . 2011-01-28 13:52 -------- dc----w- c:\windows\system32\Fonts

2011-01-28 13:52 . 2011-01-28 13:52 -------- dc----w- c:\program files\Pasco scientific

2011-01-28 13:47 . 2011-01-28 13:47 -------- dc----w- c:\users\ek-ekman\AppData\Local\{23161864-3A68-4CA9-8500-217A9D7AC4C3}

2011-01-28 07:55 . 2011-01-28 07:55 -------- dc----w- c:\program files\Common Files\Oribi

2011-01-28 07:54 . 2011-01-28 07:54 -------- dc----w- c:\program files\SIHDev

2011-01-28 07:54 . 2011-01-28 07:54 -------- dc----w- c:\program files\Common Files\Outlook Security Manager

2011-01-28 07:54 . 2011-01-28 07:55 -------- dc----w- c:\program files\StavaRex

2011-01-28 07:44 . 2011-01-28 07:44 -------- dc----w- c:\program files\ConfigMgr 2007 Toolkit

2011-01-27 19:40 . 2011-01-27 19:41 -------- dc----w- c:\users\ek-ekman\AppData\Local\{8B5F245D-9444-4859-BB53-F84D0A6A0343}

2011-01-26 21:46 . 2011-01-26 21:46 -------- dc----w- c:\programdata\UltiDev

2011-01-26 21:46 . 2011-01-26 21:46 -------- dc----w- c:\program files\UltiDev

2011-01-26 21:44 . 2011-01-26 21:44 -------- dc----w- c:\program files\Microsoft ASP.NET

2011-01-26 21:43 . 2011-01-26 21:43 -------- dc----w- c:\users\ek-ekman\AppData\Roaming\SolarWinds

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 16:11 . 2010-12-15 15:14 222080 -c----w- c:\windows\system32\MpSigStub.exe

2011-01-18 16:43 . 2011-01-18 16:43 109328 -c--a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-01-14 07:56 . 2011-01-14 07:54 573440 ----a-w- c:\windows\system32\odbc32.dll

2011-01-14 07:55 . 2011-01-14 07:54 804864 ----a-w- c:\windows\system32\FntCache.dll

2011-01-14 07:55 . 2011-01-14 07:54 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-01-14 07:55 . 2011-01-14 07:54 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-01-14 07:55 . 2011-01-14 07:54 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-01-14 07:55 . 2011-01-14 07:54 218624 ----a-w- c:\windows\system32\d3d10_1core.dll

2011-01-14 07:55 . 2011-01-14 07:54 1170944 ----a-w- c:\windows\system32\d3d10warp.dll

2011-01-14 07:55 . 2011-01-14 07:54 1076736 ----a-w- c:\windows\system32\DWrite.dll

2011-01-14 07:55 . 2011-01-14 07:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2011-01-14 07:55 . 2011-01-14 07:54 135168 ----a-w- c:\windows\system32\XpsRasterService.dll

2011-01-14 07:55 . 2011-01-14 07:54 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-14 07:55 . 2011-01-14 07:54 107520 ----a-w- c:\windows\system32\cdd.dll

2010-12-25 12:28 . 2010-12-25 12:16 205984 -c--a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2010-12-22 14:31 . 2010-12-22 14:31 31888 -c--a-w- c:\windows\system32\drivers\VBoxUSB.sys

2010-12-10 08:56 . 2010-12-10 08:56 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2005-04-13 16:29 422912 -csha-r- c:\windows\system\system\updates.exe

2005-10-29 22:42 414208 -csha-r- c:\windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Javer Shell Remote Access"="c:\windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe" [2005-10-29 414208]

"dsaggdsdgs"="c:\windows\system\system\updates.exe" [2005-04-13 422912]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"ASP Net Network Module"="c:\windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe" [2005-10-29 414208]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

VGAfix.vbs.txt [2011-1-18 337]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

"DelayedDesktopSwitchTimeout"= 5 (0x5)

"DisableStartupSound"= 1 (0x1)

"HideFastUserSwitching"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"UseDefaultTile"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

"NoWebServices"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forefront TMG Client.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Forefront TMG Client.lnk

backup=c:\windows\pss\Forefront TMG Client.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^ek-ekman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrering.lnk]

path=c:\users\ek-ekman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk

backup=c:\windows\pss\Logitech . Produktregistrering.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44 500208 -c----w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 21:10 402432 -c--a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 13:54 91520 -c--a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsf]

2010-10-04 01:46 81920 -c--a-w- c:\windows\System32\bsf.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-12-22 20:32 136176 -c--atw- c:\users\ek-ekman\AppData\Local\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Javer Shell Remote Access]

2005-10-29 22:42 414208 -csha-r- c:\windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2010-10-29 20:06 5915480 -c--a-w- c:\program files\Logitech\Vid HD\Vid.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 12:36 2793304 -c--a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]

2010-09-30 13:55 189824 ----a-w- c:\program files\Norman\Npm\Bin\Zlh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40 180224 -c--a-w- c:\program files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2009-11-11 14:11 287800 -c--a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 15:46 14944136 -c--a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftGridTray]

2009-12-02 21:23 807272 -c--a-w- c:\program files\Microsoft Application Virtualization Client\sfttray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-02-21 17:14 1183744 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-02-10 22:32 61440 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 12:37 517096 -c--a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-02-05 12:48 396152 -c--a-w- c:\program files\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]

2009-09-01 09:41 499768 -c--a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

R1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-07 25032]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]

R2 FwcAgent;Forefront TMG Client Agent;c:\program files\Forefront TMG Client\FwcAgent.exe [2009-10-13 275424]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-07 22768]

R2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-03-15 98776]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]

R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 21096]

R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 25448]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

R3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\Norman\ngs\bin\nnetsecc.sys [2010-10-08 29968]

R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2010-12-17 288072]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 23392]

R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-08-02 210248]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2009-10-15 133272]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-23 1343400]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 109328]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-22 31888]

R4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;c:\program files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 49152]

S1 NNetSecL;Norman Network Security;c:\windows\system32\DRIVERS\nnetsecl.sys [2010-10-08 30584]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531161163-931476743-2803335854-500Core.job

- c:\users\ek-ekman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:32]

 

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531161163-931476743-2803335854-500UA.job

- c:\users\ek-ekman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:32]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = eatmg.eskilstuna.se:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Ski&cka till OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

LSP: c:\program files\Forefront TMG Client\FwcWsp.dll

TCP: 54879647 = 156.154.70.22,156.154.71.22

TCP: {C16BF3E5-0E13-4860-B9C7-4BC5C2E6D1B4} = 156.154.70.22,156.154.71.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-TaskTray - (no file)

HKLM-RunOnce-<NO NAME> - (no file)

MSConfigStartUp-alcmtr - c:\users\ek-ekman\AppData\Local\Temp\alcmtr.exe

MSConfigStartUp-Auto Check Utility - c:\windows\system32\AutoChkUl.exe

MSConfigStartUp-dsaggdsdgs - c:\windows\system\install\server.exe

MSConfigStartUp-HKCU - c:\users\ek-ekman\AppData\Roaming\WindowsUpdate\winupd.exe

MSConfigStartUp-HKLM - c:\users\ek-ekman\AppData\Roaming\WindowsUpdate\winupd.exe

MSConfigStartUp-Microsoft - c:\program files\setup.exe

MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe

MSConfigStartUp-rgservs32 - c:\users\ek-ekman\AppData\Local\Temp\rgservs32.exe

MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe

MSConfigStartUp-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSConfigStartUp-vmware-tray - c:\program files\VMware\VMware Workstation\vmware-tray.exe

MSConfigStartUp-Windows Audio Driver - c:\windows\system32\audiohd.exe

MSConfigStartUp-Windows Updater - c:\users\ek-ekman\AppData\Local\winsvchost.exe

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

AddRemove-LSI Soft Modem - c:\windows\agrsmdel

 

 

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,13,ce,

00,9b,bd,ed,0e,bf,9e,a5,03,8f,6c,fc,d8

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6d,7f,

2a,b4,14,93,0a,86,1e,4b,1d,a7,d5,d4,ef

"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,3b,1b,d6,c5,2c,

41,5e,21,b3,00,8a,e9,1d,8e,d9,e0,63,f2

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2a,94,

6a,f3,65,4c,01,ad,f1,54,e8,1e,7a,e2,65

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cf,21,

88,34,19,d1,06,94,c4,0e,30,75,4a,22,dd

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,fa,cc,

87,59,d6,68,04,b1,17,4b,01,c8,ad,b3,92

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b3,e2,

ac,17,5b,37,05,a0,2a,1d,e7,03,cc,43,e4

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1b,d9,

c3,73,f1,35,0f,a6,7c,c3,71,c2,87,c9,b2

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,01,45,

32,c0,0e,0b,0a,b2,ab,90,fd,64,6c,03,8a

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,1a,d7,e1,70,9f,c3,48,b8,b2,55,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,1a,d7,e1,70,9f,c3,48,b8,b2,55,\

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.3gp"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.ac3"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.alac"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.amr"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.ape"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.apl"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.avi"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_div_file"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.divx"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.dts"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.flac"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.flv"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.hdmov"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Windows.IsoFile"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Windows.IsoFile"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.MHT"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.mka"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="VLC.mkv"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.mpls"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.mpv4"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.oga"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.ogg"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.ogm"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.ogv"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_qt_file"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.ra"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.rm"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.rmvb"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]

@Denied: (2) (Administrator)

"Progid"="divx_tix_file"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.tps"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.tta"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (Administrator)

"Progid"="IE.AssocFile.URL"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="KLCP.WMP.wv"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML"

 

[HKEY_USERS\S-1-5-21-531161163-931476743-2803335854-500\Software\SecuROM\License information*]

"datasecu"=hex:9b,e2,fa,74,b6,0f,02,5c,3c,e8,54,39,5d,42,22,7a,ae,a8,96,8b,e4,

25,d7,00,06,e4,a8,90,2f,24,4b,58,72,4c,51,3c,d5,cd,e4,bd,84,13,15,7d,29,b7,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Sluttid: 2011-02-25 01:25:25

ComboFix-quarantined-files.txt 2011-02-25 00:25

 

Före genomsökningen: 80 860 839 936 byte ledigt

Efter genomsökningen: 80 966 139 904 byte ledigt

 

- - End Of File - - 00A369C31AA1D95CE6CDA6A517CDBF66

[Cecilia]

Starta datorn i normalt läge, stäng av Norman och kör ComboFix igen. Klistra in den nya loggen.

[ferdi_k]

Starta datorn i normalt läge, stäng av Norman och kör ComboFix igen. Klistra in den nya loggen.

 

Det går inte och stänga av Norman det finns inge ikon längs ned vid klockan som alla andra anivirus program, skolan kanske har gjort någon konstig inställning så att man inte kan stänga av den .... det varken i Safe Mode eller vanligt ....

[Cecilia]

Pröva så här:

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp alla tjänster som börjar med Norman, ca 4 st. För var och en klickar du att du vill stoppa tjänsten. Då borde Norman vara inaktiverad och det går bättre att köra ComboFix i normalt läge.

[ferdi_k]

Pröva så här:

 

Kontrollpanelen - Administrationsverktyg - Tjänster

Leta upp alla tjänster som börjar med Norman, ca 4 st. För var och en klickar du att du vill stoppa tjänsten. Då borde Norman vara inaktiverad och det går bättre att köra ComboFix i normalt läge.

 

 

Här är loggen:

 

 

ComboFix 11-02-24.05 - ek-ekman 2011-02-25 11:56:27.2.1 - x86

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.46.1053.18.1919.1094 [GMT 1:00]

Körs från: C:\Users\ek-ekman\Downloads\ComboFix.exe

AV: Norman Endpoint Protection *Disabled/Updated* {D038CA80-26F3-90BF-94AA-03C4D945E661}

SP: Norman Endpoint Protection *Disabled/Updated* {6B592B64-00C9-9F31-AE1A-38B6A2C2ACDC}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Troligen infekterade webbplatser -----

 

hxxp://EKS30V03.eskilstuna.se:80

.

(((((((((((((((((((((((( Filer Skapade från 2011-01-25 till 2011-02-25 ))))))))))))))))))))))))))))))

.

 

2011-02-25 11:43:39 . 2011-02-25 11:46:19 -------- dc----w- C:\Users\ek-ekman\AppData\Local\temp

2011-02-25 11:43:39 . 2011-02-25 11:43:39 -------- dc----w- C:\Users\eferkar\AppData\Local\temp

2011-02-25 11:43:39 . 2011-02-25 11:43:39 -------- dc----w- C:\Users\Default\AppData\Local\temp

2011-02-25 11:43:39 . 2011-02-25 11:43:39 -------- dc----w- C:\Users\androz\AppData\Local\temp

2011-02-25 10:34:09 . 2011-02-25 10:34:21 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{3DAD6BA6-6340-43D9-9CA6-6FB1375DA264}

2011-02-24 23:52:01 . 2011-02-24 23:52:01 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{E63A9961-C192-458C-8855-01F4858526B2}

2011-02-24 19:25:02 . 2011-02-24 19:25:02 -------- dc----w- C:\Program Files\ESET

2011-02-24 13:55:43 . 2011-02-24 21:15:19 -------- dc----w- C:\ProgramData\Spybot - Search & Destroy

2011-02-24 13:55:43 . 2011-02-24 13:55:51 -------- dc----w- C:\Program Files\Spybot - Search & Destroy

2011-02-24 13:51:59 . 2011-02-24 13:51:59 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\Malwarebytes

2011-02-24 13:50:29 . 2010-12-20 17:09:00 38224 -c--a-w- C:\Windows\system32\drivers\mbamswissarmy.sys

2011-02-24 13:50:28 . 2011-02-24 13:50:28 -------- dc----w- C:\ProgramData\Malwarebytes

2011-02-24 13:50:25 . 2011-02-24 13:50:30 -------- dc----w- C:\Program Files\Malwarebytes' Anti-Malware

2011-02-24 13:50:25 . 2010-12-20 17:08:40 20952 -c--a-w- C:\Windows\system32\drivers\mbam.sys

2011-02-24 13:49:27 . 2011-02-25 00:01:40 -------- dc----w- C:\Program Files\PeerGuardian2

2011-02-23 12:21:53 . 2011-02-23 12:22:22 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{4DD00F1F-5C2D-4B6B-8044-61D8538A8CBA}

2011-02-22 22:08:49 . 2011-02-22 22:08:53 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\Personal

2011-02-22 20:46:56 . 2011-02-24 23:43:12 -------- dc----w- C:\ProgramData\Alwil Software

2011-02-22 19:59:45 . 2003-03-18 21:20:00 1060864 -c--a-w- C:\Windows\system32\MFC71.dll

2011-02-22 19:59:42 . 2011-02-24 23:49:22 -------- dc----w- C:\Program Files\Alwil Software

2011-02-22 19:49:08 . 2011-02-22 19:49:08 -------- dc----w- C:\Users\ek-ekman\AppData\Local\Copax

2011-02-22 19:46:50 . 2011-02-22 19:46:50 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\Copax

2011-02-22 16:31:37 . 2011-02-22 16:31:46 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\QuickScan

2011-02-22 12:38:33 . 2011-02-22 12:38:59 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{AAB5DFC8-C962-49E9-9838-710E05A941D1}

2011-02-21 23:20:38 . 2011-02-21 23:20:38 -------- dc----w- C:\Program Files\Homeenter

2011-02-21 12:52:24 . 2011-02-21 12:52:24 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{6A56515D-7105-4DF0-878F-D770A04B65DB}

2011-02-21 11:00:06 . 2011-02-21 20:46:10 -------- dc----w- C:\Users\ek-ekman\AppData\Local\VMware

2011-02-21 10:59:55 . 2011-02-22 12:40:10 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\VMware

2011-02-21 10:46:46 . 2011-02-22 13:16:13 -------- dc----w- C:\ProgramData\VMware

2011-02-21 10:17:28 . 2011-02-21 10:17:28 -------- dc----w- C:\Windows\system32\Plugins

2011-02-20 22:00:55 . 2011-02-20 22:00:55 -------- dc----w- C:\Users\ek-ekman\AppData\Local\Plugins

2011-02-20 21:41:53 . 2011-02-20 21:42:56 -------- dc----w- C:\Users\ek-ekman\AppData\Local\SoftGrid Client

2011-02-20 16:06:18 . 2011-02-21 14:50:04 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\Uniblue

2011-02-20 16:05:45 . 2011-02-20 16:05:45 -------- dc-h--w- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-02-20 16:05:41 . 2011-02-21 14:49:50 -------- dc----w- C:\Program Files\Uniblue

2011-02-20 16:04:51 . 2011-02-20 16:04:51 -------- dc----w- C:\Users\ek-ekman\AppData\Local\PackageAware

2011-02-17 20:21:35 . 2011-02-17 20:22:08 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{BBA5B33D-B177-4EBC-9FD5-42613FD8F935}

2011-02-17 08:18:20 . 2011-02-17 08:20:20 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{1C6C8DC5-B6B3-4AAD-B772-FB181F4D1F17}

2011-02-16 19:48:12 . 2011-02-16 19:48:26 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{F2FFA843-A160-4FCA-8E79-077F3F90BA4D}

2011-02-15 17:57:13 . 2011-02-15 17:57:26 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{377C1775-7014-4E50-8FC5-5063D81AE99E}

2011-02-14 17:16:31 . 2011-02-14 17:16:56 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{83FE2AD7-35C5-4DFD-AD62-488DEA0D85B2}

2011-02-14 15:39:56 . 2011-02-14 15:39:56 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{8FC6571C-7555-4A76-93BB-2F3D144A3D01}

2011-02-14 00:17:26 . 2011-02-14 00:17:50 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{A7CA4BBF-64BE-42F0-8C66-3D78603D23B1}

2011-02-12 21:23:29 . 2011-01-18 16:43:24 158736 -c--a-w- C:\Windows\system32\drivers\VBoxDrv.sys

2011-02-12 21:23:10 . 2011-01-18 16:43:26 42960 -c--a-w- C:\Windows\system32\drivers\VBoxUSBMon.sys

2011-02-12 15:58:43 . 2011-02-22 21:04:22 -------- dc----w- C:\Program Files\Paint.NET

2011-02-12 15:57:19 . 2011-02-24 16:02:32 -------- dc----w- C:\Users\ek-ekman\AppData\Local\Paint.NET

2011-02-12 08:28:32 . 2011-02-12 08:28:32 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{1CE2612C-1B74-4C89-9F19-FD20CEDED112}

2011-02-11 17:24:43 . 2011-02-11 17:24:43 -------- dc----w- C:\ProgramData\ATI

2011-02-11 17:12:38 . 2009-04-29 06:46:54 15872 -c--a-w- C:\Windows\system32\drivers\HpqKbFiltr.sys

2011-02-11 17:12:38 . 2009-04-20 07:38:54 9344 -c--a-w- C:\Windows\system32\drivers\CPQBttn.sys

2011-02-11 17:12:38 . 2006-11-02 05:09:50 1419232 -c--a-w- C:\Windows\system32\drivers\wdfcoinstaller01005.dll

2011-02-11 17:12:23 . 2008-09-08 12:31:26 1885488 -c--a-w- C:\Windows\system32\BttnCmns.dll

2011-02-11 17:12:23 . 2008-09-08 12:31:26 1885488 -c--a-r- C:\Windows\system32\BttnCmn.dll

2011-02-11 17:07:01 . 2011-02-11 17:07:01 -------- dc----w- C:\ATI

2011-02-11 16:59:37 . 2011-02-11 16:59:14 6656 -c--a-w- C:\Windows\system32\bcmwlrc.dll

2011-02-11 16:59:35 . 2011-02-11 16:59:13 91448 -c--a-w- C:\Windows\system32\bcmwlcoi.dll

2011-02-11 16:59:34 . 2011-02-11 16:59:13 3555328 -c--a-w- C:\Windows\system32\bcmihvui.dll

2011-02-11 16:59:32 . 2011-02-11 16:59:13 3866624 -c--a-w- C:\Windows\system32\bcmihvsrv.dll

2011-02-11 16:59:32 . 2011-02-11 16:59:13 2709056 -c--a-w- C:\Windows\system32\drivers\BCMWL6.SYS

2011-02-11 16:59:29 . 2011-02-11 16:59:29 -------- dc----w- C:\Program Files\Broadcom

2011-02-11 16:56:50 . 2011-02-11 16:56:50 -------- dc----w- C:\dell

2011-02-11 16:39:03 . 2011-02-11 16:39:03 -------- dc----w- C:\Program Files\Driver-Soft

2011-02-11 16:36:22 . 2011-02-11 16:36:46 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{55B643FA-DC53-499A-A10A-71D6E3DAE9A3}

2011-02-11 16:29:08 . 2011-02-11 16:29:26 2381824 ----a-w- C:\Windows\system32\mshtml.tlb

2011-02-11 16:29:07 . 2011-02-11 16:29:26 1448448 ----a-w- C:\Windows\system32\inetcpl.cpl

2011-02-11 16:19:41 . 2011-01-13 09:41:52 5890896 -c--a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCBEE762-FCF6-4C59-ACAF-A610389CC8B5}\mpengine.dll

2011-02-11 16:18:08 . 2011-02-11 16:20:13 1289536 ----a-w- C:\Windows\system32\ntdll.dll

2011-02-11 16:18:07 . 2011-02-11 16:20:13 3957120 ----a-w- C:\Windows\system32\ntkrnlpa.exe

2011-02-11 16:18:07 . 2011-02-11 16:20:13 3901824 ----a-w- C:\Windows\system32\ntoskrnl.exe

2011-02-11 16:18:04 . 2011-02-11 16:29:35 2329088 ----a-w- C:\Windows\system32\win32k.sys

2011-02-11 16:18:01 . 2011-02-11 16:20:19 34304 ----a-w- C:\Windows\system32\atmlib.dll

2011-02-11 16:18:01 . 2011-02-11 16:20:19 294400 ----a-w- C:\Windows\system32\atmfd.dll

2011-02-11 16:17:55 . 2011-02-11 16:28:57 541184 ----a-w- C:\Windows\system32\kerberos.dll

2011-02-11 16:17:45 . 2011-02-11 16:20:01 204288 ----a-w- C:\Windows\system32\upnp.dll

2011-02-11 16:17:44 . 2011-02-11 16:20:01 1389568 ----a-w- C:\Windows\system32\msxml6.dll

2011-02-11 16:17:44 . 2011-02-11 16:20:01 1236992 ----a-w- C:\Windows\system32\msxml3.dll

2011-02-11 16:17:43 . 2011-02-11 16:20:01 80384 ----a-w- C:\Windows\system32\davclnt.dll

2011-02-11 16:17:43 . 2011-02-11 16:20:01 350720 ----a-w- C:\Windows\system32\winhttp.dll

2011-02-11 16:17:43 . 2011-02-11 16:20:01 204800 ----a-w- C:\Windows\system32\WebClnt.dll

2011-02-11 16:17:42 . 2011-02-11 16:20:01 73728 ----a-w- C:\Windows\system32\wscsvc.dll

2011-02-11 16:17:42 . 2011-02-11 16:20:01 51200 ----a-w- C:\Windows\system32\wscapi.dll

2011-02-11 16:17:42 . 2011-02-11 16:20:01 14336 ----a-w- C:\Windows\system32\slwga.dll

2011-02-11 16:16:44 . 2011-02-11 16:19:20 219008 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys

2011-02-11 15:56:14 . 2011-02-11 15:56:14 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{B404DB50-8415-4A22-98EE-1F90DA0469BB}

2011-02-10 21:22:43 . 2011-02-10 21:23:05 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{EB1BAA7A-05C4-4A3A-8753-E49332B18342}

2011-02-10 09:22:21 . 2011-02-10 09:22:33 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{36E3C65A-5AD9-44CB-A7AF-0B69700C6F37}

2011-02-09 14:59:10 . 2011-02-09 14:59:22 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{44D917D3-20C1-43B1-B8F3-1C12F542740F}

2011-02-08 18:03:19 . 2011-02-08 18:03:31 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{3ED503B6-B273-4175-98AF-777E7D61D6E4}

2011-02-07 18:52:02 . 2011-02-07 18:52:14 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{5326559B-462B-4CF0-A473-9F9ECAB3B004}

2011-02-06 13:21:33 . 2011-02-06 13:21:44 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{6A019A3E-E9A0-4D13-87D6-FD8C712FC37D}

2011-02-05 15:26:55 . 2011-02-11 17:12:33 -------- dc----w- C:\Program Files\Hewlett-Packard

2011-02-05 15:26:54 . 2011-02-11 17:11:26 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\hpqLog

2011-02-05 15:08:59 . 2011-02-05 15:08:59 -------- dc-h--r- C:\Users\ek-ekman\AppData\Roaming\SecuROM

2011-02-05 14:31:28 . 2011-02-05 14:31:28 -------- dc----w- C:\Program Files\City Interactive

2011-02-05 12:48:16 . 2011-02-05 12:48:16 -------- dc----w- C:\Program Files\uTorrent

2011-02-05 12:47:46 . 2011-02-24 23:48:47 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\uTorrent

2011-02-05 07:57:37 . 2011-02-05 07:57:49 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{A1310532-ABC1-412F-8A34-7F72F3B92BEE}

2011-02-04 20:25:59 . 2011-02-09 19:19:31 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\vlc

2011-02-04 09:12:36 . 2011-02-04 09:12:52 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{C343FBEE-7DF2-4811-803A-F1BBB6EBD714}

2011-02-03 23:54:21 . 2011-02-03 23:56:03 -------- dc----w- C:\Program Files\Total Video Converter

2011-02-03 23:44:22 . 2011-02-03 23:44:22 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\Pavtube

2011-02-03 23:44:04 . 2011-02-03 23:44:04 -------- dc----w- C:\Program Files\Pavtube

2011-02-03 23:41:04 . 2011-02-03 23:43:59 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\GetRightToGo

2011-02-03 14:53:54 . 2011-02-03 14:53:54 -------- dc----w- C:\Users\ek-ekman\AppData\Local\Roxio

2011-02-03 14:51:44 . 2011-02-03 14:51:44 -------- dc----w- C:\Program Files\Roxio

2011-02-03 11:53:17 . 2011-02-03 11:53:40 2755072 ----a-w- C:\Windows\system32\themeui.dll

2011-02-03 11:51:42 . 2011-02-03 11:52:02 582656 ----a-w- C:\Windows\system32\gpprefcl.dll

2011-02-03 11:39:37 . 2011-02-03 11:39:51 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{1FC63562-D0E9-478B-8ED5-77BB3D57A4D4}

2011-02-02 23:06:39 . 2011-02-02 23:06:39 -------- dc----w- C:\Users\ek-ekman\AppData\Roaming\Rovio

2011-02-02 19:23:29 . 2011-02-02 19:23:41 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{38D47AB4-F09F-4AA3-BDA4-BA4A92BD49B7}

2011-02-01 16:23:39 . 2011-02-01 16:23:51 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{2FE37FB0-D486-41A2-9DBB-DD2311AB4642}

2011-01-31 18:43:28 . 2011-01-31 18:43:51 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{E318484E-1429-4C0B-9D22-9943B7367D3D}

2011-01-30 20:54:29 . 2011-01-30 20:55:22 -------- dc----w- C:\Program Files\CCleaner

2011-01-30 12:04:57 . 2011-01-30 12:05:49 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{92031D21-0A18-4C3E-8B8E-0DA047ABC734}

2011-01-29 16:25:45 . 2011-01-29 16:26:08 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{C8274AC2-190C-43DA-A564-518C7D4F8E71}

2011-01-28 13:52:37 . 2011-01-28 13:52:37 -------- dc----w- C:\Windows\system32\Fonts

2011-01-28 13:52:35 . 2011-01-28 13:52:35 -------- dc----w- C:\Program Files\Pasco scientific

2011-01-28 13:47:40 . 2011-01-28 13:47:50 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{23161864-3A68-4CA9-8500-217A9D7AC4C3}

2011-01-28 07:55:03 . 2011-01-28 07:55:03 -------- dc----w- C:\Program Files\Common Files\Oribi

2011-01-28 07:54:59 . 2011-01-28 07:54:59 -------- dc----w- C:\Program Files\SIHDev

2011-01-28 07:54:59 . 2011-01-28 07:54:59 -------- dc----w- C:\Program Files\Common Files\Outlook Security Manager

2011-01-28 07:54:55 . 2011-01-28 07:55:01 -------- dc----w- C:\Program Files\StavaRex

2011-01-28 07:44:34 . 2011-01-28 07:44:34 -------- dc----w- C:\Program Files\ConfigMgr 2007 Toolkit

2011-01-27 19:40:43 . 2011-01-27 19:41:07 -------- dc----w- C:\Users\ek-ekman\AppData\Local\{8B5F245D-9444-4859-BB53-F84D0A6A0343}

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 16:11:20 . 2010-12-15 15:14:32 222080 -c----w- C:\Windows\system32\MpSigStub.exe

2011-01-18 16:43:26 . 2011-01-18 16:43:26 109328 -c--a-w- C:\Windows\system32\drivers\VBoxNetAdp.sys

2011-01-14 07:56:38 . 2011-01-14 07:54:41 573440 ----a-w- C:\Windows\system32\odbc32.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 804864 ----a-w- C:\Windows\system32\FntCache.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 739840 ----a-w- C:\Windows\system32\d2d1.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 442880 ----a-w- C:\Windows\system32\XpsPrint.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 283648 ----a-w- C:\Windows\system32\XpsGdiConverter.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 218624 ----a-w- C:\Windows\system32\d3d10_1core.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 1170944 ----a-w- C:\Windows\system32\d3d10warp.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:44 1076736 ----a-w- C:\Windows\system32\DWrite.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:43 161792 ----a-w- C:\Windows\system32\d3d10_1.dll

2011-01-14 07:55:25 . 2011-01-14 07:54:43 135168 ----a-w- C:\Windows\system32\XpsRasterService.dll

2011-01-14 07:55:24 . 2011-01-14 07:54:44 728448 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys

2011-01-14 07:55:24 . 2011-01-14 07:54:43 107520 ----a-w- C:\Windows\system32\cdd.dll

2010-12-25 12:28:46 . 2010-12-25 12:16:09 205984 -c--a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll

2010-12-22 14:31:34 . 2010-12-22 14:31:34 31888 -c--a-w- C:\Windows\system32\drivers\VBoxUSB.sys

2010-12-10 08:56:41 . 2010-12-10 08:56:46 423656 -c--a-w- C:\Windows\system32\deployJava1.dll

2005-10-29 22:42:14 414208 -csh--r- C:\Windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 01:54:18 4240760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Javer Shell Remote Access"="C:\Windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe" [2005-10-29 22:42:14 414208]

"dsaggdsdgs"="C:\Windows\system\system\updates.exe" [2006-05-28 11:15:20 422912]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"ASP Net Network Module"="C:\Windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe" [2005-10-29 22:42:14 414208]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

VGAfix.vbs.txt [2011-1-18 337]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

"DelayedDesktopSwitchTimeout"= 5 (0x5)

"DisableStartupSound"= 1 (0x1)

"HideFastUserSwitching"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"UseDefaultTile"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoPublishingWizard"= 1 (0x1)

"NoWebServices"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forefront TMG Client.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Forefront TMG Client.lnk

backup=C:\Windows\pss\Forefront TMG Client.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^ek-ekman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrering.lnk]

path=C:\Users\ek-ekman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrering.lnk

backup=C:\Windows\pss\Logitech . Produktregistrering.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-09-04 11:08:30 935288 -c--a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08:38 35696 -c--a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-03-06 02:44:40 500208 -c----w- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-22 21:10:47 402432 -c--a-w- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 13:54:26 91520 -c--a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsf]

2010-10-04 01:46:01 81920 -c--a-w- C:\Windows\System32\bsf.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

2010-12-08 21:15:44 63360 ----a-w- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-12-09 19:28:24 1226608 ----a-w- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-12-22 20:32:47 136176 -c--atw- C:\Users\ek-ekman\AppData\Local\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Javer Shell Remote Access]

2005-10-29 22:42:14 414208 -csh--r- C:\Windows\System32\ASP Net Network Module\Javer Shell Remote Access.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2010-10-29 20:06:08 5915480 -c--a-w- C:\Program Files\Logitech\Vid HD\Vid.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 12:36:56 2793304 -c--a-w- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-11-10 01:54:18 4240760 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA]

2010-09-30 13:55:35 189824 ----a-w- C:\Program Files\Norman\Npm\Bin\Zlh.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2010-04-12 08:40:16 180224 -c--a-w- C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2009-11-11 14:11:42 287800 -c--a-r- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-12-03 15:46:34 14944136 -c--a-r- C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftGridTray]

2009-12-02 21:23:52 807272 -c--a-w- C:\Program Files\Microsoft Application Virtualization Client\sfttray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-02-21 17:14:24 1183744 -c--a-w- C:\Program Files\Analog Devices\Core\smax4pnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-02-10 22:32:54 61440 -c--a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 12:37:14 517096 -c--a-w- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-02-05 12:48:16 396152 -c--a-w- C:\Program Files\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]

2009-09-01 09:41:28 499768 -c--a-w- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 14:31:10 1153368]

R3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 08:11:50 228408]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 09:25:22 30969208]

R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 22:02:53 545792]

R3 nsesvc;Norman Scanner Engine Service;C:\Program Files\Norman\Nse\Bin\NSESVC.EXE [2010-12-17 14:22:48 288072]

R3 NvcMFlt;NvcMFlt;C:\Windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 12:03:28 23392]

R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\Bin\nvcoas.exe [2010-08-02 14:48:52 210248]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:37:50 4640000]

R3 Scheduler;Norman Scheduler Service;C:\Program Files\Norman\Npm\Bin\scheduler.exe [2009-10-15 14:47:32 133272]

R3 SwitchBoard;SwitchBoard;C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]

R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-23 01:42:04 1343400]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-01-18 16:43:26 109328]

R3 VBoxNetFlt;VBoxNetFlt Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys [2010-12-22 14:31:34 31888]

R4 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-07 23:06:10 49152]

S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-07 13:34:29 25032]

S1 NNetSecL;Norman Network Security;C:\Windows\system32\DRIVERS\nnetsecl.sys [2010-10-08 14:59:32 30584]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]

S2 cpuz134;cpuz134;C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 12:18:56 20328]

S2 FwcAgent;Forefront TMG Client Agent;C:\Program Files\Forefront TMG Client\FwcAgent.exe [2009-10-13 23:48:58 275424]

S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 17:08:58 363344]

S2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-07 13:31:15 22768]

S2 NVOY;Norman Resource Provider;C:\Program Files\Norman\npm\bin\nvoy.exe [2010-03-15 13:30:28 98776]

S2 sftlist;Application Virtualization Client;C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 21:23:46 483688]

S2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-07-13 00:07:48 21096]

S2 uxpatch;uxpatch;C:\Windows\system32\drivers\uxpatch.sys [2009-07-13 00:07:46 25448]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2010-12-20 17:08:40 20952]

S3 NNetSecC;Norman Network Filter NDIS common driver;C:\Program Files\Norman\ngs\bin\nnetsecc.sys [2010-10-08 11:39:16 29968]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 21:23:46 550760]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 21:23:48 195944]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21:23:50 21864]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 21:23:52 19304]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 21:23:52 209768]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-02-23 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531161163-931476743-2803335854-500Core.job

- C:\Users\ek-ekman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:32:48 . 2010-12-22 20:32:47]

 

2011-02-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531161163-931476743-2803335854-500UA.job

- C:\Users\ek-ekman\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-22 20:32:48 . 2010-12-22 20:32:47]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.se/

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = eatmg.eskilstuna.se:8080

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xportera till Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Ski&cka till OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

LSP: C:\Program Files\Forefront TMG Client\FwcWsp.dll

TCP: 54879647 = 156.154.70.22,156.154.71.22

TCP: {C16BF3E5-0E13-4860-B9C7-4BC5C2E6D1B4} = 156.154.70.22,156.154.71.22

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

.