Hjälp

[emigranten-2]

Sitter just nu på annan dator.

Den andra är kapad av AntiMalware GO

Kan inte öppna eller installera program.

Det enda jag KAN göra är att köpa något skit på internet.

Någon som kan lösa upp det här?

 

Jag vet att jag skall ändra LAN-inställningen (ta bort proxyserver) men denna ändring läggs tillbaka av programmet med blixtens hastighet. Därefter blockeras ala andra program. Det enda som ser ut att fungera är att köpa SpyHunter, men varför skulle inte detta också vara en fejk (lika väl som att köpa licens för AntiMalware).

 

En lösning som INTE involverar att köpa något suspekt på internet vore att öredra

[Cecilia]

SpyHunter i sig är inte något skadligt, däremot är antagligen webbsidan där du får rådet att använda det falskt, dvs det är inte alls säkert att SpyHunter hjälper utan den som skrivit webbsidan är bara ute efter att få lite pengar för att du köper SpyHunter.

 

1. Starta om datorn i felsäkert läge med nätverk (tryck F8 upprepade gånger under uppstarten och välj "felsäkert läge med nätverk" i menyn).

 

2. Se om det nu går bättre att ta bort proxy-servern.

 

3. Spara RKill av Grinler på Skrivbordet. Ladda ner det från :

http://download.bleepingcomputer.com/grinler/iExplore.exe

Det är programmet RKill fast filen kallas iExplore.exe för att lura det skadliga programmet.

 

Starta Rkill genom att dubbelklicka på den.

Det blir ett svart fönster/ruta en stund om programmet lyckades köra.

Upprepa körningen av RKill några gånger.

 

Om du får ett meddelande om att RKill är skadligt så bry dig inte om det. Det är det skadliga programmen som inte vill bli stoppat. Lämna kvar varningen på skärmen och kör RKill en gång till.

 

Om det inte hjälper att köra ovanstående RKill några gånger för att få ett tillfälligt stopp på det skadliga programmet pröva med de andra varianterna av RKill som finns på http://www.bleepingcomputer.com/download/anti-virus/rkill

 

4. Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Om du inte kan ladda ner MBAM ändra proxy-inställningarna igen (det kan gå bättre nu när du kört RKill).

 

Stäng av alla program du ser till.

 

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

Om MBAM ber om en omstart av datorn så neka det eftersom de skadliga programmen då vaknar till liv igen.

 

När programmet startar så välj Utför fullständig skanning och klicka på Skanna.

Skanningen tar lång tid.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

5. För kontroll av om det finns fler skadliga filer i datorn:

Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[emigranten-2]

Tack Cecilia.

 

Startade upp i felsäkert läge med nätverk som du bad om.

Klickade bort proxyservern.

Gick dit där programmet lagt sig och tog bort detta (gick nu bra).

Tog även bort resten som låg i "temp" med samma datum och klockslag.

Körde Advanced System Care Prof. som rensade registret

och voila

 

Har även kört både SpyHunter och Microsoft Security Essentials för att vara helt säker.

Datorn är nu ren som en nytvättade babyrumpa.

[Cecilia]

Jag råder dig absolut att köra DDS och MBAM för att vara på den säkra sidan. Vare sig SpyHunter och Microsoft Security Essentials är program som ligger i toppklass när det gäller denna typ av falska program.

 

För att inte tala om det behövs en genomgång för att se efter vilket program du har som innehåller kända säkerhetshål som datorn blev smittad genom.

[emigranten-2]

Jag råder dig absolut att köra DDS och MBAM för att vara på den säkra sidan. Vare sig SpyHunter och Microsoft Security Essentials är program som ligger i toppklass när det gäller denna typ av falska program.

 

För att inte tala om det behövs en genomgång för att se efter vilket program du har som innehåller kända säkerhetshål som datorn blev smittad genom.

 

 

Okay.

Körde DDS som svarade följande:

 

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

 

Kan jag följa rekommendationerna på:

http://www.scanforfree.com/74/mbr-exe-removal.html

 

eller har du ett bättre förslag?

 

mvh

[Cecilia]

Nej, du ska inte göra som det står på den sidan. Se folks åsikter om sidan på http://www.mywot.com/sv/scorecard/scanforfree.com

 

Fick du inga loggar från DDS, DDS.txt och Attach.txt?

Jag skulle vilja se dem för att kunna vägleda dig vidare med att få bort rootkit. Men om DDS inte kunde göra färdigt tar vi till ett annat program.

[emigranten-2]

Nej, du ska inte göra som det står på den sidan. Se folks åsikter om sidan på http://www.mywot.com...scanforfree.com

 

Fick du inga loggar från DDS, DDS.txt och Attach.txt?

Jag skulle vilja se dem för att kunna vägleda dig vidare med att få bort rootkit. Men om DDS inte kunde göra färdigt tar vi till ett annat program.

 

Visst fick jag det, men jag hade glömt hur man skickar det i packat format.

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Leif at 10:51:20,75 on 2011-03-01

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.262 [GMT 1:00]

 

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

c:\Program\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Ant.com\IE add-on\AntUpdaterService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Tele2 Connect\ATService.exe

C:\Program\Tele2 Connect\Connect.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe

C:\WINDOWS\system32\lxdncoms.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program\Acer\Acer VCM\RS_Service.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program\Tific\Tific Client G1\ConnecteSupport.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\IObit\Advanced SystemCare 3\AWC.exe

C:\Program\Launch Manager\LManager.exe

C:\Program\Tele2 Connect\WVPNMonitor.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program\DesktopEarth\DesktopEarth.exe

C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Ant.com\IE add-on\AntMaintainer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Documents and Settings\Leif\Skrivbord\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uSearch Page = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=0&o=xph&d=0709&m=ao531h

uSearch Bar = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uInternet Settings,ProxyServer = http=127.0.0.1:33440

mURLSearchHooks: H - No File

BHO: Lexmark Verktygsfält: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Open FVD Suite IE Plugin: {2b171655-a70c-5c18-b693-6cb5dc269d44} - c:\program\fvdiep~1\FVDIEPlugin_1.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program\micros~2\office14\URLREDIR.DLL

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: IEButton Class: {f81d52bf-f2f1-4f49-bf5f-05664e803039} - c:\program\unh solutions\flash saving plugin\FlashSButton.dll

TB: Lexmark Verktygsfält: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program\lexmark toolbar\toolband.dll

TB: FVD Suite IE Plugin: {2b171655-a70c-5c18-b693-6cb5dc269d41} - c:\program\fvdiep~1\FVDIEPlugin_1.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\windows live toolbar\msntb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 3] "c:\program\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [LManager] c:\program\launch manager\LManager.exe

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\iaanotif.exe

mRun: [Alcmtr] :ALCMTR.EXE

mRun: [synTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe

mRun: [QuickTime Task] :"c:\program\quicktime\qttask.exe" -atboottime

mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe Reader Speed Launcher] :"c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] :"c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] :"c:\program\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] :"c:\program\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [ConnecteSupport] "c:\program\tific\tific client g1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "Svenska" /SERVER t2connectsebg.tele2.com

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [spyHunter Security Suite] :c:\program\enigma software group\spyhunter\SpyHunter4.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\leif\start-~1\program\autost~1\deskto~1.lnk - c:\docume~1\leif\applic~1\microsoft\installer\{dba5e973-660d-4cbe-a469-f5c37fbf0ce4}\_C1A9BF9D98647632ED5172.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\connec~1.lnk - c:\program\tele2 connect\WVPNMonitor.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\~disab~1\acervc~1.lnk - c:\program\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\~disab~1\winzip~1.lnk - c:\program\winzip\WZQKPICK.EXE

uPolicies-system: oduwjblmkjufynwjwliqTaskMgr = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Windows Live Search - c:\program\windows live toolbar\msntb.dll/search.htm

IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office14\EXCEL.EXE/3000

IE: FVDIEPlugin Add Page - c:\program\fvdiep~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Save Flash - c:\program\unh solutions\flash saving plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\program\unh solutions\flash saving plugin\FlashSButton.dll/217

IE: Ski&cka till OneNote - c:\program\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {05055A95-2AF7-4E39-A5CC-5E97452BD061} = 130.244.127.161 130.244.127.169

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program\delade filer\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\program\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\micros~2\office14\GROOVEEX.DLL

Hosts: 127.0.0.

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\leif\applic~1\mozilla\firefox\profiles\p7e0rniu.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll

FF - component: c:\program\mozilla firefox 4.0 beta 11\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\program\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program\mozilla firefox\plugins\np_gp.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeploytk.dll

FF - plugin: c:\program\mozilla firefox\plugins\npLegitCheckPlugin.dll

FF - plugin: c:\program\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\program\mozilla firefox\plugins\nppdf32.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin2.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin3.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin4.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin5.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin6.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin7.dll

FF - plugin: c:\program\nos\bin\np_gp.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox 4.0 beta 11\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

 

============= SERVICES / DRIVERS ===============

 

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKslc0dc6068;MpKslc0dc6068;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085da6bb-7518-49cc-8c57-b08cfb0b69c7}\MpKslc0dc6068.sys [2011-3-1 28752]

R2 CTATSvc;Tele2 Connect AT Service;c:\program\tele2 connect\ATService.exe [2010-10-1 578880]

R2 CTConnect;Tele2 Connect Monitor;c:\program\tele2 connect\Connect.exe [2010-10-1 2602304]

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2009-3-5 14336]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-10-2 98984]

R2 RS_Service;Raw Socket Service;c:\program\acer\acer vcm\RS_Service.exe [2009-3-4 237568]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-1-15 100736]

S1 MpKsl0bd57535;MpKsl0bd57535;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpksl0bd57535.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKsl0bd57535.sys [?]

S1 MpKsl3ea683a2;MpKsl3ea683a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8257168e-2b3a-481e-8571-6ea3eb4f8f76}\mpksl3ea683a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8257168e-2b3a-481e-8571-6ea3eb4f8f76}\MpKsl3ea683a2.sys [?]

S1 MpKsl5151f3e2;MpKsl5151f3e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\mpksl5151f3e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\MpKsl5151f3e2.sys [?]

S1 MpKsl52e2f260;MpKsl52e2f260;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{658a3a1f-7eed-4292-9f82-982468dc1878}\mpksl52e2f260.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{658a3a1f-7eed-4292-9f82-982468dc1878}\MpKsl52e2f260.sys [?]

S1 MpKsl554800c2;MpKsl554800c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpksl554800c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKsl554800c2.sys [?]

S1 MpKsl8de3d5c7;MpKsl8de3d5c7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\mpksl8de3d5c7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\MpKsl8de3d5c7.sys [?]

S1 MpKsl9e6acdc4;MpKsl9e6acdc4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpksl9e6acdc4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKsl9e6acdc4.sys [?]

S1 MpKsle77b73dd;MpKsle77b73dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\mpksle77b73dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\MpKsle77b73dd.sys [?]

S1 MpKsledafdfd3;MpKsledafdfd3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\mpksledafdfd3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\MpKsledafdfd3.sys [?]

S1 MpKslf1ec8a81;MpKslf1ec8a81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpkslf1ec8a81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKslf1ec8a81.sys [?]

S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064]

S3 esgiguard;esgiguard;c:\program\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program\google\google desktop search\GoogleDesktop.exe [2009-3-4 30192]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-4 112480]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-7-30 7680]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-3-5 14336]

S3 osppsvc;Office Software Protection Platform;c:\program\delade filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-7-30 110080]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2009-7-30 104960]

 

=============== Created Last 30 ================

 

2011-03-01 09:36:30 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{085da6bb-7518-49cc-8c57-b08cfb0b69c7}\MpKslc0dc6068.sys

2011-03-01 04:46:15 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{085da6bb-7518-49cc-8c57-b08cfb0b69c7}\MpKsl34600279.sys

2011-02-26 17:11:27 110080 ----a-r- c:\docume~1\leif\applic~1\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconF7A21AF7.exe

2011-02-26 17:11:27 110080 ----a-r- c:\docume~1\leif\applic~1\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconD7F16134.exe

2011-02-26 17:11:22 -------- d-----w- C:\sh4ldr

2011-02-26 17:09:28 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2011-02-26 16:23:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-26 16:05:13 -------- d-----w- c:\program\Mozilla Firefox 4.0 Beta 11

2011-02-26 15:58:33 -------- d-----w- c:\program\DesktopEarth

2011-02-26 15:03:26 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{085da6bb-7518-49cc-8c57-b08cfb0b69c7}\mpengine.dll

2011-02-22 20:09:59 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-02-22 19:59:38 -------- d-----w- C:\AOE3

2011-02-19 10:37:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2011-02-16 12:00:14 -------- d-----w- c:\program\SourceTec

2011-02-14 22:35:12 -------- d-----w- c:\program\Enigma Software Group

2011-02-14 22:33:16 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP

2011-02-14 22:17:19 -------- d-----w- C:\8b4633c5247e9d0fb1abc51d

2011-02-14 22:17:04 -------- d-----w- C:\64f4d8e6ecf817ecf9ff75bc07

2011-02-14 22:11:03 -------- d-----w- C:\8f7a517b8f00890388d0de49c6df5b66

2011-02-08 08:07:41 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-02-08 07:28:59 -------- d--h--w- c:\windows\PIF

2011-02-07 05:56:05 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-07 05:48:20 -------- d-----w- c:\program\Microsoft Security Client

2011-02-05 08:43:54 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-02-05 08:43:54 -------- d-----w- c:\windows\system32\wbem\Repository

2011-02-02 06:21:39 35136 ----a-w- c:\program\mozilla firefox\plugins\np_gp.dll

2011-02-02 03:51:37 -------- d-----w- c:\program\Windows Live Toolbar

2011-02-02 02:40:14 -------- d-----w- c:\docume~1\leif\applic~1\Windows Live Writer

2011-02-02 02:40:02 -------- d-----w- c:\docume~1\leif\lokala~1\applic~1\Windows Live Writer

2011-02-01 17:23:58 -------- d-----w- c:\docume~1\leif\applic~1\SourceTec

2011-02-01 17:23:13 -------- d-----w- c:\program\delade filer\SourceTec

2011-01-31 08:43:30 114432 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2011-01-31 08:43:29 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2011-01-31 08:43:29 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2011-01-31 08:43:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Columbitech

2011-01-31 08:43:00 -------- d-----w- c:\program\Tele2 Connect

2011-01-31 08:42:45 -------- d-----w- c:\docume~1\leif\lokala~1\applic~1\Tific

2011-01-31 08:42:45 -------- d-----w- c:\docume~1\leif\applic~1\Tific

2011-01-31 08:42:42 -------- d-----w- c:\program\Tific

2011-01-31 08:42:39 -------- d-----w- c:\program\delade filer\Tific

2011-01-30 13:57:00 103864 ----a-w- c:\program\internet explorer\plugins\nppdf32.dll

 

==================== Find3M ====================

 

2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-21 14:44:07 439808 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-11 08:37:40 59240 ----a-w- c:\windows\system32\GenSvcInst.exe

2011-01-11 08:37:40 139264 ----a-w- c:\windows\system32\bgsvcgen.exe

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04:15 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:22 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52:41 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25:55 730624 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:37 385024 ----a-w- c:\windows\system32\html.iec

2010-12-13 13:22:01 61440 ----a-w- c:\windows\system32\leasrsa.dll

2010-12-09 15:15:15 722944 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 15:13:58 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 15:13:56 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 14:30:25 33280 ----a-w- c:\windows\system32\csrsrv.dll

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: TOSHIBA_ rev.FG01 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x861D7439]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x861dd7b8]; MOV EAX, [0x861dd834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86B64370]

3 CLASSPNP[0xF7567FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000009c[0x86B7F320]

5 ACPI[0xF745E620] -> nt!IofCallDriver[0x804E13B9] -> [0x86B67028]

\Driver\iaStor[0x86B83E60] -> IRP_MJ_CREATE -> 0x861D7439

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK1655GSX_______________________FG011J__#4&39d28377&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

user != kernel MBR !!!

sectors 312581806 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

 

============= FINISH: 10:56:19,78 ===============

[Cecilia]

Numera fungerar det inte så bra att packa/komprimera loggar för ofta försvinner radbrytningarna då.

 

1.

Spara DeFogger by jpshortstuff http://www.jpshortstuff.247fixes.com/Defogger.exe på Skrivbordet.

 

Starta DeFogger.

När programmets fönster kommer upp trycker du på knappen Disable för att inaktivera drivrutinerna som hör ihop med ditt installerade CD-emuleringsprogram.

Tryck på Yes/Ja för att fortsätta.

När programmet är klart kommer det upp ett meddelande 'Finished!'.

Tryck på OK.

Programmet ber om omstart av datorn, tryck på OK.

 

VIKTIGT! Om du får ett felmeddelande medan DeFogger kör, så klistra in loggen defogger_disable som då skapas på Skrivbordet.

 

Aktivera inte dessa drivrutiner innan rensningen är helt klar.

 

2.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

[emigranten-2]

2011/03/06 20:41:37.0375 0464 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30

2011/03/06 20:41:39.0265 0464 ================================================================================

2011/03/06 20:41:39.0265 0464 SystemInfo:

2011/03/06 20:41:39.0265 0464

2011/03/06 20:41:39.0265 0464 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/06 20:41:39.0265 0464 Product type: Workstation

2011/03/06 20:41:39.0265 0464 ComputerName: ACER-B42C7CB454

2011/03/06 20:41:39.0265 0464 UserName: Leif

2011/03/06 20:41:39.0265 0464 Windows directory: C:\WINDOWS

2011/03/06 20:41:39.0265 0464 System windows directory: C:\WINDOWS

2011/03/06 20:41:39.0265 0464 Processor architecture: Intel x86

2011/03/06 20:41:39.0265 0464 Number of processors: 2

2011/03/06 20:41:39.0265 0464 Page size: 0x1000

2011/03/06 20:41:39.0265 0464 Boot type: Normal boot

2011/03/06 20:41:39.0265 0464 ================================================================================

2011/03/06 20:41:40.0859 0464 Initialize success

2011/03/06 20:41:43.0984 2988 ================================================================================

2011/03/06 20:41:43.0984 2988 Scan started

2011/03/06 20:41:43.0984 2988 Mode: Manual;

2011/03/06 20:41:43.0984 2988 ================================================================================

2011/03/06 20:41:44.0359 2988 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/03/06 20:41:44.0390 2988 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/06 20:41:44.0421 2988 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/03/06 20:41:44.0500 2988 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/03/06 20:41:44.0546 2988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/06 20:41:44.0734 2988 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/06 20:41:44.0796 2988 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/03/06 20:41:45.0015 2988 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/03/06 20:41:45.0062 2988 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/03/06 20:41:45.0125 2988 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/03/06 20:41:45.0156 2988 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/03/06 20:41:45.0218 2988 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/03/06 20:41:45.0375 2988 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/03/06 20:41:45.0421 2988 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/03/06 20:41:45.0484 2988 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/03/06 20:41:45.0593 2988 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys

2011/03/06 20:41:45.0765 2988 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/03/06 20:41:45.0828 2988 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/03/06 20:41:46.0031 2988 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/03/06 20:41:46.0140 2988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/06 20:41:46.0312 2988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/06 20:41:46.0437 2988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/06 20:41:46.0562 2988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/06 20:41:46.0640 2988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/06 20:41:46.0828 2988 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/03/06 20:41:46.0859 2988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/06 20:41:46.0906 2988 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/06 20:41:47.0078 2988 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/03/06 20:41:47.0140 2988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/06 20:41:47.0171 2988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/06 20:41:47.0328 2988 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

2011/03/06 20:41:47.0390 2988 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/06 20:41:47.0625 2988 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/06 20:41:47.0687 2988 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/03/06 20:41:47.0828 2988 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/06 20:41:47.0937 2988 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/03/06 20:41:48.0156 2988 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/03/06 20:41:48.0171 2988 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/03/06 20:41:48.0250 2988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/06 20:41:48.0406 2988 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

2011/03/06 20:41:48.0484 2988 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/06 20:41:48.0640 2988 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/06 20:41:48.0687 2988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/06 20:41:48.0828 2988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/06 20:41:48.0921 2988 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/03/06 20:41:49.0140 2988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/06 20:41:49.0265 2988 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program\Enigma Software Group\SpyHunter\esgiguard.sys

2011/03/06 20:41:49.0500 2988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/06 20:41:49.0562 2988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/03/06 20:41:49.0703 2988 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/06 20:41:49.0781 2988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/03/06 20:41:49.0937 2988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/03/06 20:41:50.0000 2988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/06 20:41:50.0187 2988 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/06 20:41:50.0281 2988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/06 20:41:50.0406 2988 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/06 20:41:50.0531 2988 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/06 20:41:50.0703 2988 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/03/06 20:41:50.0781 2988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/06 20:41:50.0984 2988 hwdatacard (93e5d34d95ff9011beed886e3627f442) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2011/03/06 20:41:51.0046 2988 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys

2011/03/06 20:41:51.0250 2988 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/03/06 20:41:51.0296 2988 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/03/06 20:41:51.0468 2988 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/06 20:41:51.0765 2988 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/03/06 20:41:52.0000 2988 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys

2011/03/06 20:41:52.0078 2988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/06 20:41:52.0265 2988 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/03/06 20:41:52.0562 2988 IntcAzAudAddService (2feb5bf0312e1cb76cd2caa875cbaa5d) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/03/06 20:41:52.0765 2988 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/06 20:41:52.0843 2988 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/06 20:41:53.0000 2988 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/03/06 20:41:53.0062 2988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/06 20:41:53.0109 2988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/06 20:41:53.0265 2988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/06 20:41:53.0359 2988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/06 20:41:53.0515 2988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/06 20:41:53.0609 2988 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/06 20:41:53.0765 2988 JMCR (59e7fd6d845f08003efb8f812eca41bc) C:\WINDOWS\system32\DRIVERS\jmcr.sys

2011/03/06 20:41:53.0828 2988 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/06 20:41:54.0000 2988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/06 20:41:54.0093 2988 KProcessHacker2 (4af27cb32d2fe975fcee12b9e50eefad) C:\Program\Process Hacker 2\kprocesshacker.sys

2011/03/06 20:41:54.0359 2988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/06 20:41:54.0437 2988 L1e (131f87c6dcd9bb7caf31e315a4fbdc8b) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2011/03/06 20:41:54.0687 2988 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys

2011/03/06 20:41:54.0765 2988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/06 20:41:54.0953 2988 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/06 20:41:55.0015 2988 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/06 20:41:55.0093 2988 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/06 20:41:55.0265 2988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/06 20:41:55.0312 2988 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/03/06 20:41:55.0453 2988 MpKsl0677f99f (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E0D371-A1FD-4C7A-962E-A92C22C406B5}\MpKsl0677f99f.sys

2011/03/06 20:41:55.0953 2988 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/03/06 20:41:56.0015 2988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/06 20:41:56.0218 2988 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/06 20:41:56.0375 2988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/06 20:41:56.0468 2988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/06 20:41:56.0546 2988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/06 20:41:56.0687 2988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/06 20:41:56.0765 2988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/06 20:41:56.0906 2988 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/06 20:41:56.0968 2988 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/06 20:41:57.0000 2988 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/06 20:41:57.0140 2988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/06 20:41:57.0203 2988 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/06 20:41:57.0375 2988 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/06 20:41:57.0421 2988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/06 20:41:57.0593 2988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/06 20:41:57.0656 2988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/06 20:41:57.0828 2988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/06 20:41:57.0890 2988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/06 20:41:58.0156 2988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/06 20:41:58.0218 2988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/06 20:41:58.0406 2988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/06 20:41:58.0453 2988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/06 20:41:58.0609 2988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/06 20:41:58.0859 2988 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys

2011/03/06 20:41:59.0031 2988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/06 20:41:59.0078 2988 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/06 20:41:59.0140 2988 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/06 20:41:59.0281 2988 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/06 20:41:59.0359 2988 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/06 20:41:59.0609 2988 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/03/06 20:41:59.0734 2988 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/03/06 20:41:59.0906 2988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/06 20:41:59.0937 2988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/06 20:41:59.0984 2988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/06 20:42:00.0062 2988 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/03/06 20:42:00.0187 2988 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/03/06 20:42:00.0265 2988 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/03/06 20:42:00.0468 2988 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/03/06 20:42:00.0515 2988 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/03/06 20:42:00.0687 2988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/06 20:42:00.0781 2988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/06 20:42:00.0968 2988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/06 20:42:01.0000 2988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/06 20:42:01.0046 2988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/06 20:42:01.0078 2988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/06 20:42:01.0156 2988 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/06 20:42:01.0328 2988 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/06 20:42:01.0390 2988 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/06 20:42:01.0562 2988 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/03/06 20:42:01.0828 2988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/06 20:42:02.0000 2988 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys

2011/03/06 20:42:02.0093 2988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/06 20:42:02.0234 2988 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/03/06 20:42:02.0375 2988 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/06 20:42:02.0515 2988 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

2011/03/06 20:42:02.0703 2988 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/03/06 20:42:02.0765 2988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/06 20:42:02.0937 2988 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/06 20:42:03.0000 2988 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/06 20:42:03.0109 2988 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/06 20:42:03.0265 2988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/06 20:42:03.0328 2988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/06 20:42:03.0546 2988 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/03/06 20:42:03.0593 2988 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/03/06 20:42:03.0734 2988 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/03/06 20:42:03.0812 2988 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/03/06 20:42:04.0000 2988 SynTP (3b7b7ab4a42321f6c49d1ab0e27d89c4) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/03/06 20:42:04.0109 2988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/06 20:42:04.0343 2988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/06 20:42:04.0421 2988 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/03/06 20:42:04.0593 2988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/06 20:42:04.0656 2988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/06 20:42:04.0843 2988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/06 20:42:04.0984 2988 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/03/06 20:42:05.0125 2988 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/03/06 20:42:05.0187 2988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/06 20:42:05.0281 2988 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/03/06 20:42:05.0453 2988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/06 20:42:05.0531 2988 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/06 20:42:05.0734 2988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/06 20:42:05.0781 2988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/06 20:42:05.0968 2988 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/06 20:42:06.0000 2988 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/06 20:42:06.0093 2988 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/06 20:42:06.0265 2988 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/06 20:42:06.0359 2988 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/03/06 20:42:06.0531 2988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/06 20:42:06.0609 2988 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/03/06 20:42:06.0750 2988 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/03/06 20:42:06.0796 2988 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/06 20:42:06.0890 2988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/06 20:42:06.0968 2988 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/03/06 20:42:07.0187 2988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/06 20:42:07.0359 2988 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/03/06 20:42:07.0671 2988 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/06 20:42:07.0718 2988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/06 20:42:07.0843 2988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/06 20:42:07.0937 2988 ZTEusbmdm6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

2011/03/06 20:42:07.0968 2988 ZTEusbnet (911ba85906bc7602c73441502abfb565) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys

2011/03/06 20:42:08.0000 2988 ZTEusbnmea (69774b89725ddc4781e0eeb9809f3b20) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

2011/03/06 20:42:08.0046 2988 ZTEusbser6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

2011/03/06 20:42:08.0109 2988 ZTEusbvoice (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys

2011/03/06 20:42:08.0250 2988 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/03/06 20:42:08.0671 2988 ================================================================================

2011/03/06 20:42:08.0671 2988 Scan finished

2011/03/06 20:42:08.0671 2988 ================================================================================

2011/03/06 20:42:08.0703 1852 Detected object count: 1

2011/03/06 20:42:44.0343 1852 \HardDisk0 - will be cured after reboot

2011/03/06 20:42:44.0343 1852 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/03/06 20:42:50.0468 3868 Deinitialize success

[Cecilia]

Ser ju ut som att TDSSKiller kunde fixa en del. Starta om datorn och kör TDSSKiller igen så att vi ser att det verkligen är borta för gott. Kör sedan DDS igen så får vi se hur det ser ut i den loggen nu.

[emigranten-2]

Cecilia

Det känns oerhört värdefullt att ha dig som support.

Du riktigt glänser av kompetens.

Jag önskar jag hade hälften av denna DU besitter.

All heder åt dig !!!!

 

TDSSKiller:

2011/03/07 19:56:35.0531 2216 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30

2011/03/07 19:56:37.0343 2216 ================================================================================

2011/03/07 19:56:37.0343 2216 SystemInfo:

2011/03/07 19:56:37.0343 2216

2011/03/07 19:56:37.0343 2216 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/07 19:56:37.0343 2216 Product type: Workstation

2011/03/07 19:56:37.0343 2216 ComputerName: ACER-B42C7CB454

2011/03/07 19:56:37.0343 2216 UserName: Leif

2011/03/07 19:56:37.0343 2216 Windows directory: C:\WINDOWS

2011/03/07 19:56:37.0343 2216 System windows directory: C:\WINDOWS

2011/03/07 19:56:37.0343 2216 Processor architecture: Intel x86

2011/03/07 19:56:37.0343 2216 Number of processors: 2

2011/03/07 19:56:37.0343 2216 Page size: 0x1000

2011/03/07 19:56:37.0343 2216 Boot type: Normal boot

2011/03/07 19:56:37.0343 2216 ================================================================================

2011/03/07 19:56:39.0250 2216 Initialize success

2011/03/07 19:56:45.0468 2276 ================================================================================

2011/03/07 19:56:45.0468 2276 Scan started

2011/03/07 19:56:45.0468 2276 Mode: Manual;

2011/03/07 19:56:45.0468 2276 ================================================================================

2011/03/07 19:56:45.0906 2276 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/03/07 19:56:45.0953 2276 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/07 19:56:46.0078 2276 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/03/07 19:56:46.0125 2276 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/03/07 19:56:46.0218 2276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/07 19:56:46.0406 2276 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/07 19:56:46.0500 2276 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/03/07 19:56:46.0656 2276 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/03/07 19:56:46.0718 2276 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/03/07 19:56:46.0750 2276 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/03/07 19:56:46.0796 2276 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/03/07 19:56:46.0937 2276 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/03/07 19:56:47.0078 2276 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/03/07 19:56:47.0109 2276 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/03/07 19:56:47.0171 2276 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/03/07 19:56:47.0296 2276 AR5416 (a2f96787b7a958989a962ef3824d9ca8) C:\WINDOWS\system32\DRIVERS\athw.sys

2011/03/07 19:56:47.0484 2276 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/03/07 19:56:47.0546 2276 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/03/07 19:56:47.0671 2276 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/03/07 19:56:47.0750 2276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/07 19:56:47.0796 2276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/07 19:56:47.0968 2276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/07 19:56:48.0093 2276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/07 19:56:48.0187 2276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/07 19:56:48.0281 2276 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/03/07 19:56:48.0421 2276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/07 19:56:48.0484 2276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/07 19:56:48.0625 2276 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/03/07 19:56:48.0671 2276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/07 19:56:48.0718 2276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/07 19:56:48.0890 2276 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

2011/03/07 19:56:49.0109 2276 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/07 19:56:49.0234 2276 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/07 19:56:49.0406 2276 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/03/07 19:56:49.0453 2276 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/07 19:56:49.0531 2276 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/03/07 19:56:49.0609 2276 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/03/07 19:56:49.0640 2276 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/03/07 19:56:49.0703 2276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/07 19:56:49.0781 2276 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

2011/03/07 19:56:49.0984 2276 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/07 19:56:50.0046 2276 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/07 19:56:50.0203 2276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/07 19:56:50.0281 2276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/07 19:56:50.0453 2276 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/03/07 19:56:50.0531 2276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/07 19:56:50.0671 2276 esgiguard (051a2e2a75adb6d1c5c27e940fdabcba) C:\Program\Enigma Software Group\SpyHunter\esgiguard.sys

2011/03/07 19:56:50.0906 2276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/07 19:56:51.0000 2276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/03/07 19:56:51.0187 2276 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/07 19:56:51.0265 2276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/03/07 19:56:51.0312 2276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/03/07 19:56:51.0484 2276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/07 19:56:51.0593 2276 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/07 19:56:51.0781 2276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/07 19:56:51.0875 2276 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/07 19:56:52.0093 2276 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/07 19:56:52.0250 2276 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/03/07 19:56:52.0437 2276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/07 19:56:52.0578 2276 hwdatacard (93e5d34d95ff9011beed886e3627f442) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2011/03/07 19:56:52.0781 2276 hwusbdev (922065957563d851b5a68b95aadac6ad) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys

2011/03/07 19:56:52.0953 2276 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/03/07 19:56:53.0078 2276 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/03/07 19:56:53.0156 2276 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/07 19:56:53.0468 2276 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2011/03/07 19:56:53.0843 2276 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys

2011/03/07 19:56:53.0921 2276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/07 19:56:54.0109 2276 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/03/07 19:56:54.0406 2276 IntcAzAudAddService (2feb5bf0312e1cb76cd2caa875cbaa5d) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/03/07 19:56:54.0750 2276 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/07 19:56:54.0812 2276 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/07 19:56:54.0968 2276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/03/07 19:56:55.0015 2276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/07 19:56:55.0062 2276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/07 19:56:55.0218 2276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/07 19:56:55.0296 2276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/07 19:56:55.0343 2276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/07 19:56:55.0531 2276 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/07 19:56:55.0609 2276 JMCR (59e7fd6d845f08003efb8f812eca41bc) C:\WINDOWS\system32\DRIVERS\jmcr.sys

2011/03/07 19:56:55.0765 2276 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/07 19:56:55.0843 2276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/07 19:56:55.0953 2276 KProcessHacker2 (4af27cb32d2fe975fcee12b9e50eefad) C:\Program\Process Hacker 2\kprocesshacker.sys

2011/03/07 19:56:56.0218 2276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/07 19:56:56.0296 2276 L1e (131f87c6dcd9bb7caf31e315a4fbdc8b) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2011/03/07 19:56:56.0484 2276 massfilter (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys

2011/03/07 19:56:56.0656 2276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/07 19:56:56.0765 2276 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/07 19:56:56.0953 2276 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/07 19:56:57.0078 2276 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/07 19:56:57.0234 2276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/07 19:56:57.0296 2276 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/03/07 19:56:57.0984 2276 MpKslfc325259 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E0D371-A1FD-4C7A-962E-A92C22C406B5}\MpKslfc325259.sys

2011/03/07 19:56:58.0156 2276 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/03/07 19:56:58.0265 2276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/07 19:56:58.0500 2276 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/07 19:56:58.0593 2276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/07 19:56:58.0671 2276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/07 19:56:58.0828 2276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/07 19:56:58.0890 2276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/07 19:56:59.0062 2276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/07 19:56:59.0171 2276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/07 19:56:59.0281 2276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/07 19:56:59.0453 2276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/07 19:56:59.0562 2276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/07 19:56:59.0734 2276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/07 19:56:59.0812 2276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/07 19:56:59.0953 2276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/07 19:57:00.0046 2276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/07 19:57:00.0203 2276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/07 19:57:00.0281 2276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/07 19:57:00.0375 2276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/07 19:57:00.0703 2276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/07 19:57:00.0781 2276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/07 19:57:00.0984 2276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/07 19:57:01.0031 2276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/07 19:57:01.0171 2276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/07 19:57:01.0296 2276 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\drivers\Parport.sys

2011/03/07 19:57:01.0343 2276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/07 19:57:01.0500 2276 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/07 19:57:01.0562 2276 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/07 19:57:01.0718 2276 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/07 19:57:01.0796 2276 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/07 19:57:02.0156 2276 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/03/07 19:57:02.0187 2276 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/03/07 19:57:02.0359 2276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/07 19:57:02.0500 2276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/07 19:57:02.0531 2276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/07 19:57:02.0578 2276 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/03/07 19:57:02.0625 2276 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/03/07 19:57:02.0796 2276 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/03/07 19:57:02.0843 2276 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/03/07 19:57:03.0000 2276 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/03/07 19:57:03.0078 2276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/07 19:57:03.0218 2276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/07 19:57:03.0296 2276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/07 19:57:03.0343 2276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/07 19:57:03.0421 2276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/07 19:57:03.0593 2276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/07 19:57:03.0671 2276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/07 19:57:03.0859 2276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/07 19:57:03.0937 2276 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/07 19:57:04.0125 2276 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/03/07 19:57:04.0406 2276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/07 19:57:04.0609 2276 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\drivers\Serial.sys

2011/03/07 19:57:04.0687 2276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/07 19:57:04.0921 2276 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/03/07 19:57:04.0984 2276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/07 19:57:05.0281 2276 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

2011/03/07 19:57:05.0500 2276 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/03/07 19:57:05.0562 2276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/07 19:57:05.0734 2276 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/07 19:57:05.0828 2276 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/07 19:57:05.0937 2276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/07 19:57:06.0109 2276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/07 19:57:06.0203 2276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/07 19:57:06.0343 2276 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/03/07 19:57:06.0390 2276 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/03/07 19:57:06.0453 2276 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/03/07 19:57:06.0500 2276 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/03/07 19:57:06.0593 2276 SynTP (3b7b7ab4a42321f6c49d1ab0e27d89c4) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2011/03/07 19:57:06.0781 2276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/07 19:57:06.0921 2276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/07 19:57:07.0093 2276 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/03/07 19:57:07.0156 2276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/07 19:57:07.0281 2276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/07 19:57:07.0390 2276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/07 19:57:07.0593 2276 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/03/07 19:57:07.0656 2276 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/03/07 19:57:07.0812 2276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/07 19:57:07.0890 2276 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/03/07 19:57:08.0078 2276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/07 19:57:08.0156 2276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/07 19:57:08.0343 2276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/07 19:57:08.0421 2276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/07 19:57:08.0578 2276 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/07 19:57:08.0656 2276 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/07 19:57:08.0828 2276 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/07 19:57:08.0906 2276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/07 19:57:09.0046 2276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/03/07 19:57:09.0109 2276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/07 19:57:09.0328 2276 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/03/07 19:57:09.0359 2276 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/03/07 19:57:09.0421 2276 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/07 19:57:09.0578 2276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/07 19:57:09.0671 2276 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/03/07 19:57:09.0890 2276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/07 19:57:10.0031 2276 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/03/07 19:57:10.0312 2276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/07 19:57:10.0671 2276 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/07 19:57:11.0000 2276 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/07 19:57:11.0343 2276 ZTEusbmdm6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys

2011/03/07 19:57:11.0687 2276 ZTEusbnet (911ba85906bc7602c73441502abfb565) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys

2011/03/07 19:57:11.0968 2276 ZTEusbnmea (69774b89725ddc4781e0eeb9809f3b20) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys

2011/03/07 19:57:12.0015 2276 ZTEusbser6k (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys

2011/03/07 19:57:12.0062 2276 ZTEusbvoice (b8b466103280e45e391e876f05122607) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys

2011/03/07 19:57:12.0390 2276 ================================================================================

2011/03/07 19:57:12.0390 2276 Scan finished

2011/03/07 19:57:12.0390 2276 ================================================================================

 

DDS.txt:

 

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by Leif at 19:59:09,34 on 2011-03-07

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.366 [GMT 1:00]

 

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

 

============== Running Processes ===============

 

C:\Program\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

c:\Program\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Ant.com\IE add-on\AntUpdaterService.exe

C:\WINDOWS\system32\bgsvcgen.exe

C:\Program\Tele2 Connect\ATService.exe

C:\Program\Tele2 Connect\Connect.exe

C:\Program\IObit\IObit Security 360\IS360srv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnserv.exe

C:\WINDOWS\system32\lxdncoms.exe

C:\Program\Acer\Acer VCM\RS_Service.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\Microsoft Security Client\msseces.exe

C:\Program\Tific\Tific Client G1\ConnecteSupport.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Launch Manager\LManager.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Tele2 Connect\WVPNMonitor.exe

C:\Program\DesktopEarth\DesktopEarth.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program\Delade filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Leif\Skrivbord\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uSearch Page = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=0&o=xph&d=0709&m=ao531h

uSearch Bar = hxxp://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

uInternet Settings,ProxyServer = http=127.0.0.1:33440

mURLSearchHooks: H - No File

BHO: Lexmark Verktygsfält: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Open FVD Suite IE Plugin: {2b171655-a70c-5c18-b693-6cb5dc269d44} - c:\program\fvdiep~1\FVDIEPlugin_1.dll

BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program\ant.com\ie add-on\Download.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\micros~2\office14\GROOVEEX.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\program\micros~2\office14\URLREDIR.DLL

BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\windows live toolbar\msntb.dll

BHO: 1 (0x1) - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: IEButton Class: {f81d52bf-f2f1-4f49-bf5f-05664e803039} - c:\program\unh solutions\flash saving plugin\FlashSButton.dll

TB: Lexmark Verktygsfält: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program\lexmark toolbar\toolband.dll

TB: FVD Suite IE Plugin: {2b171655-a70c-5c18-b693-6cb5dc269d41} - c:\program\fvdiep~1\FVDIEPlugin_1.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Ant.com Download Toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program\ant.com\ie add-on\AntToolbar.dll

TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program\windows live toolbar\msntb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 3] :"c:\program\iobit\advanced systemcare 3\AWC.exe" /startup

uRun: [LManager] c:\program\launch manager\LManager.exe

uRun: [Process Hacker 2] :"c:\program\process hacker 2\ProcessHacker.exe"

uRun: [spybotSD TeaTimer] c:\program\spybot - search & destroy\TeaTimer.exe

mRun: [iAAnotif] c:\program\intel\intel matrix storage manager\iaanotif.exe

mRun: [Alcmtr] :ALCMTR.EXE

mRun: [synTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe

mRun: [iObit Security 360] :"c:\program\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime

mRun: [MSC] "c:\program\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe Reader Speed Launcher] :"c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] :"c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] :"c:\program\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] :"c:\program\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [ConnecteSupport] "c:\program\tific\tific client g1\ConnecteSupport.exe" /HIDE /ONLINECHECK /WAIT 5 /DEFLANG "Svenska" /SERVER t2connectsebg.tele2.com

mRun: [sunJavaUpdateSched] :"c:\program\delade filer\java\java update\jusched.exe"

mRun: [spyHunter Security Suite] :c:\program\enigma software group\spyhunter\SpyHunter4.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\leif\start-~1\program\autost~1\deskto~1.lnk - c:\docume~1\leif\applic~1\microsoft\installer\{dba5e973-660d-4cbe-a469-f5c37fbf0ce4}\_C1A9BF9D98647632ED5172.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\connec~1.lnk - c:\program\tele2 connect\WVPNMonitor.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\~disab~1\acervc~1.lnk - c:\program\acer\acer vcm\AcerVCM.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\~disab~1\winzip~1.lnk - c:\program\winzip\WZQKPICK.EXE

uPolicies-system: oduwjblmkjufynwjwliqTaskMgr = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Windows Live Search - c:\program\windows live toolbar\msntb.dll/search.htm

IE: Append Link Target to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\delade filer\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\micros~2\office14\EXCEL.EXE/3000

IE: FVDIEPlugin Add Page - c:\program\fvdiep~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Save Flash - c:\program\unh solutions\flash saving plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\program\unh solutions\flash saving plugin\FlashSButton.dll/217

IE: Ski&cka till OneNote - c:\program\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\microsoft office\office14\ONBttnIE.dll

IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program\ant.com\ie add-on\Download.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot~1\SDHelper.dll

Trusted Zone: bodymass.org

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {05055A95-2AF7-4E39-A5CC-5E97452BD061} = 130.244.127.161 130.244.127.169

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program\delade filer\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\program\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\micros~2\office14\GROOVEEX.DLL

IFEO: taskmgr.exe - "c:\program\process hacker 2\ProcessHacker.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 127.0.0.

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\leif\applic~1\mozilla\firefox\profiles\p7e0rniu.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll

FF - component: c:\program\mozilla firefox 4.0 beta 11\components\GoogleDesktopMozilla.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\program\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program\mozilla firefox\plugins\np_gp.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdeploytk.dll

FF - plugin: c:\program\mozilla firefox\plugins\npLegitCheckPlugin.dll

FF - plugin: c:\program\mozilla firefox\plugins\npnul32.dll

FF - plugin: c:\program\mozilla firefox\plugins\nppdf32.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin2.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin3.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin4.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin5.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin6.dll

FF - plugin: c:\program\mozilla firefox\plugins\npqtplugin7.dll

FF - plugin: c:\program\nos\bin\np_gp.dll

FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox 4.0 beta 11\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff

 

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

 

============= SERVICES / DRIVERS ===============

 

R1 KProcessHacker2;KProcessHacker2;c:\program\process hacker 2\kprocesshacker.sys [2011-2-26 32840]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R1 MpKslfc325259;MpKslfc325259;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{a6e0d371-a1fd-4c7a-962e-a92c22c406b5}\MpKslfc325259.sys [2011-3-7 28752]

R2 AntUpdaterService;Ant Toolbar updater service;c:\program\ant.com\ie add-on\AntUpdaterService.exe [2010-12-22 515096]

R2 CTATSvc;Tele2 Connect AT Service;c:\program\tele2 connect\ATService.exe [2010-10-1 578880]

R2 CTConnect;Tele2 Connect Monitor;c:\program\tele2 connect\Connect.exe [2010-10-1 2602304]

R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2009-3-5 14336]

R2 IS360service;IS360service;c:\program\iobit\iobit security 360\is360srv.exe [2011-1-15 312152]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-10-2 98984]

R2 RS_Service;Raw Socket Service;c:\program\acer\acer vcm\RS_Service.exe [2009-3-4 237568]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program\enigma~1\spyhun~1\SH4SER~1.EXE [2010-5-18 327064]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-1-15 100736]

R3 osppsvc;Office Software Protection Platform;c:\program\delade filer\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S1 MpKsl0bd57535;MpKsl0bd57535;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpksl0bd57535.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKsl0bd57535.sys [?]

S1 MpKsl3ea683a2;MpKsl3ea683a2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8257168e-2b3a-481e-8571-6ea3eb4f8f76}\mpksl3ea683a2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8257168e-2b3a-481e-8571-6ea3eb4f8f76}\MpKsl3ea683a2.sys [?]

S1 MpKsl5151f3e2;MpKsl5151f3e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\mpksl5151f3e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\MpKsl5151f3e2.sys [?]

S1 MpKsl52e2f260;MpKsl52e2f260;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{658a3a1f-7eed-4292-9f82-982468dc1878}\mpksl52e2f260.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{658a3a1f-7eed-4292-9f82-982468dc1878}\MpKsl52e2f260.sys [?]

S1 MpKsl554800c2;MpKsl554800c2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpksl554800c2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKsl554800c2.sys [?]

S1 MpKsl8de3d5c7;MpKsl8de3d5c7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\mpksl8de3d5c7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\MpKsl8de3d5c7.sys [?]

S1 MpKsl9e6acdc4;MpKsl9e6acdc4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpksl9e6acdc4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKsl9e6acdc4.sys [?]

S1 MpKslc0dc6068;MpKslc0dc6068;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085da6bb-7518-49cc-8c57-b08cfb0b69c7}\mpkslc0dc6068.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{085da6bb-7518-49cc-8c57-b08cfb0b69c7}\MpKslc0dc6068.sys [?]

S1 MpKsle77b73dd;MpKsle77b73dd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\mpksle77b73dd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{136e7be0-32fb-4c66-8062-d7e9dbda87dc}\MpKsle77b73dd.sys [?]

S1 MpKsledafdfd3;MpKsledafdfd3;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\mpksledafdfd3.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4cf8a6c-3880-4019-9e9c-7fb3b7d96505}\MpKsledafdfd3.sys [?]

S1 MpKslf1ec8a81;MpKslf1ec8a81;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\mpkslf1ec8a81.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c1a5fdc1-bdab-4f19-9ea6-4d40e0760ea1}\MpKslf1ec8a81.sys [?]

S3 esgiguard;esgiguard;c:\program\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program\google\google desktop search\GoogleDesktop.exe [2009-3-4 30192]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys --> c:\windows\system32\drivers\ewusbfake.sys [?]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-4 112480]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-7-30 7680]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-3-5 14336]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-7-30 110080]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2009-7-30 104960]

 

=============== Created Last 30 ================

 

2011-03-07 10:23:59 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a6e0d371-a1fd-4c7a-962e-a92c22c406b5}\MpKslfc325259.sys

2011-03-05 16:39:53 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a6e0d371-a1fd-4c7a-962e-a92c22c406b5}\mpengine.dll

2011-03-02 12:36:49 -------- d-----w- c:\program\Spybot - Search & Destroy

2011-03-02 12:36:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-02-26 17:11:27 110080 ----a-r- c:\docume~1\leif\applic~1\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconF7A21AF7.exe

2011-02-26 17:11:27 110080 ----a-r- c:\docume~1\leif\applic~1\microsoft\installer\{4fc9da9d-f608-454e-8191-d7effdcc5726}\IconD7F16134.exe

2011-02-26 17:11:22 -------- d-----w- C:\sh4ldr

2011-02-26 17:09:28 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2011-02-26 16:23:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-26 16:22:18 -------- d-----w- c:\docume~1\leif\applic~1\Process Hacker 2

2011-02-26 16:17:01 -------- d-----w- c:\program\XPSysPad

2011-02-26 16:05:13 -------- d-----w- c:\program\Mozilla Firefox 4.0 Beta 11

2011-02-26 15:58:33 -------- d-----w- c:\program\DesktopEarth

2011-02-26 15:33:19 -------- d-----w- c:\program\Process Hacker 2

2011-02-22 20:09:59 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-02-22 19:59:38 -------- d-----w- C:\AOE3

2011-02-19 10:37:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe

2011-02-16 12:00:14 -------- d-----w- c:\program\SourceTec

2011-02-14 22:35:12 -------- d-----w- c:\program\Enigma Software Group

2011-02-14 22:33:16 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP

2011-02-14 22:17:19 -------- d-----w- C:\8b4633c5247e9d0fb1abc51d

2011-02-14 22:17:04 -------- d-----w- C:\64f4d8e6ecf817ecf9ff75bc07

2011-02-14 22:11:03 -------- d-----w- C:\8f7a517b8f00890388d0de49c6df5b66

2011-02-08 08:07:41 5943120 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2011-02-08 07:28:59 -------- d--h--w- c:\windows\PIF

2011-02-07 05:56:05 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-02-07 05:48:20 -------- d-----w- c:\program\Microsoft Security Client

 

==================== Find3M ====================

 

2011-02-02 18:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-21 14:44:07 439808 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-11 08:37:40 59240 ----a-w- c:\windows\system32\GenSvcInst.exe

2011-01-11 08:37:40 139264 ----a-w- c:\windows\system32\bgsvcgen.exe

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04:15 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34:22 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52:41 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52:40 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25:55 730624 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55:37 385024 ----a-w- c:\windows\system32\html.iec

2010-12-13 13:22:01 61440 ----a-w- c:\windows\system32\leasrsa.dll

2010-12-09 15:15:15 722944 ----a-w- c:\windows\system32\ntdll.dll

2010-12-09 15:13:58 2028032 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-12-09 15:13:56 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-12-09 14:30:25 33280 ----a-w- c:\windows\system32\csrsrv.dll

 

============= FINISH: 20:01:30,67 ===============

 

 

Attach.txt:

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 2009-07-23 19:50:17

System Uptime: 2011-03-07 16:55:20 (4 hours ago)

 

Motherboard: Acer | |

Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU | 1596/533mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 143 GiB total, 119,265 GiB free.

D: is CDROM (CDFS)

E: is Removable

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_022C1025&REV_B0\4&192AC53F&0&00E0

Manufacturer: Atheros

Name: Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller

PNP Device ID: PCI\VEN_1969&DEV_1026&SUBSYS_022C1025&REV_B0\4&192AC53F&0&00E0

Service: L1e

 

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Atheros AR5007EG Wireless Network Adapter

Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00D105B&REV_01\4&2803E7C1&0&00E2

Manufacturer: Atheros

Name: Atheros AR5007EG Wireless Network Adapter

PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_E00D105B&REV_01\4&2803E7C1&0&00E2

Service: AR5416

 

==== System Restore Points ===================

 

RP118: 2010-12-12 20:19:43 - Systemkontrollpunkt

RP119: 2010-12-12 23:18:53 - Installed SnagIt 9

RP120: 2010-12-13 13:47:45 - Installed Microsoft Office Enterprise 2007

RP121: 2010-12-13 13:58:33 - Skrivardrivrutinen Send To Microsoft OneNote Driver installerad

RP122: 2010-12-13 20:50:32 - Software Distribution Service 3.0

RP123: 2010-12-14 07:22:10 - Installed Windows XP KB915800-v4.

RP124: 2010-12-14 07:22:41 - Installerade Windows XP Windows Search 4.0.

RP125: 2010-12-14 09:00:41 - Software Distribution Service 3.0

RP126: 2010-12-14 16:04:41 - Software Distribution Service 3.0

RP127: 2010-12-15 11:23:27 - Software Distribution Service 3.0

RP128: 2010-12-19 08:17:48 - Systemkontrollpunkt

RP129: 2010-12-20 22:26:51 - Software Distribution Service 3.0

RP130: 2010-12-23 09:52:40 - Systemkontrollpunkt

RP131: 2010-12-24 10:08:41 - Systemkontrollpunkt

RP132: 2010-12-25 12:20:20 - Systemkontrollpunkt

RP133: 2010-12-26 14:27:59 - Systemkontrollpunkt

RP134: 2010-12-27 21:28:19 - Systemkontrollpunkt

RP135: 2010-12-30 07:31:15 - Systemkontrollpunkt

RP136: 2011-01-01 17:37:35 - Systemkontrollpunkt

RP137: 2011-01-01 18:25:42 - Installed HTML Slideshow Powertoy for Windows XP

RP138: 2011-01-01 18:26:23 - Installed Slideshow Generator Powertoy for Windows XP

RP139: 2011-01-02 19:06:19 - Systemkontrollpunkt

RP140: 2011-01-04 10:06:44 - Systemkontrollpunkt

RP141: 2011-01-05 10:23:37 - Systemkontrollpunkt

RP142: 2011-01-06 12:04:45 - Systemkontrollpunkt

RP143: 2011-01-07 18:19:17 - Systemkontrollpunkt

RP144: 2011-01-08 22:01:33 - Systemkontrollpunkt

RP145: 2011-01-10 10:18:14 - Systemkontrollpunkt

RP146: 2011-01-10 17:34:31 - Installerade Windows XP KB942288-v3.

RP147: 2011-01-11 08:44:47 - Installed TMPGEnc Plus 2.5

RP148: 2011-01-11 08:55:20 - Installed TMPGEnc DVD Author 3 with DivX Authoring

RP149: 2011-01-11 09:38:14 - Installed TMPGEnc Authoring Works 4

RP150: 2011-01-11 10:08:51 - Removed TMPGEnc Authoring Works 4

RP151: 2011-01-11 10:14:36 - Installed TMPGEnc Authoring Works 4

RP152: 2011-01-11 10:31:00 - Removed TMPGEnc Authoring Works 4

RP153: 2011-01-11 10:40:35 - Installed TMPGEnc Authoring Works 4

RP154: 2011-01-11 12:45:04 - Configured TMPGEnc Plus 2.5

RP155: 2011-01-11 12:45:40 - TrueCrypt uninstallation

RP156: 2011-01-11 12:46:30 - Removed TMPGEnc DVD Author 3 with DivX Authoring

RP157: 2011-01-13 12:03:04 - Systemkontrollpunkt

RP158: 2011-01-13 15:44:46 - Removed Vegas Movie Studio HD Platinum 10.0

RP159: 2011-01-15 08:44:50 - Software Distribution Service 3.0

RP160: 2011-01-15 22:36:53 - Removed TuneUp Utilities 2009

RP161: 2011-01-17 07:15:56 - Systemkontrollpunkt

RP162: 2011-01-18 12:26:27 - DirectX har installerats

RP163: 2011-01-18 22:25:27 - Removed Microsoft Office Enterprise 2007

RP164: 2011-01-18 22:37:39 - Microsoft Office PowerPoint Viewer 2007 (Swedish) togs bort

RP165: 2011-01-18 22:38:57 - Removed Microsoft Office Suite Activation Assistant.

RP166: 2011-01-18 22:52:31 - Installed Microsoft Office Professional Plus 2010 (utvärderingsversion)

RP167: 2011-01-18 23:05:58 - Skrivardrivrutinen Send To Microsoft OneNote 2010 D installerad

RP168: 2011-01-18 23:30:30 - Software Distribution Service 3.0

RP169: 2011-01-20 11:09:20 - Systemkontrollpunkt

RP170: 2011-01-21 11:15:58 - Systemkontrollpunkt

RP171: 2011-01-22 14:35:36 - Systemkontrollpunkt

RP172: 2011-01-24 08:52:43 - Systemkontrollpunkt

RP173: 2011-01-27 07:34:28 - Installed AVG Free 9.0

RP174: 2011-01-27 11:15:19 - Avg8 Update

RP175: 2011-01-27 11:18:19 - Avg Update

RP176: 2011-01-30 11:07:44 - Systemkontrollpunkt

RP177: 2011-01-31 07:26:31 - Removed Tele2 Connect Monitor.

RP178: 2011-01-31 08:49:53 - Removed SnagIt 9

RP179: 2011-01-31 09:08:48 - Återställningsåtgärd

RP180: 2011-01-31 09:12:03 - Återställningsåtgärd

RP181: 2011-02-01 11:17:31 - Systemkontrollpunkt

RP182: 2011-02-01 17:51:54 - Installed Ant.com IE add-on

RP183: 2011-02-02 04:51:35 - Windows Live Toolbar installerades

RP184: 2011-02-03 05:12:41 - Systemkontrollpunkt

RP185: 2011-02-04 10:55:25 - Systemkontrollpunkt

RP186: 2011-02-05 09:19:09 - Advanced SystemCare RestorePoint

RP187: 2011-02-05 09:21:16 - För uppdatering av ASC

RP188: 2011-02-05 09:42:59 - Återställningsåtgärd

RP189: 2011-02-06 16:14:51 - Systemkontrollpunkt

RP190: 2011-02-07 06:44:44 - Removed AVG Free 9.0

RP191: 2011-02-07 06:45:52 - Installed AVG Free 9.0

RP192: 2011-02-07 06:58:31 - Software Distribution Service 3.0

RP193: 2011-02-08 09:07:00 - Software Distribution Service 3.0

RP194: 2011-02-09 07:29:07 - Software Distribution Service 3.0

RP195: 2011-02-10 10:00:04 - Systemkontrollpunkt

RP196: 2011-02-11 14:16:27 - Systemkontrollpunkt

RP197: 2011-02-12 18:49:37 - Systemkontrollpunkt

RP198: 2011-02-13 07:46:05 - Software Distribution Service 3.0

RP199: 2011-02-14 08:40:55 - Microsoft Antimalware Checkpoint

RP200: 2011-02-14 23:35:11 - Installed SpyHunter

RP201: 2011-02-15 05:43:27 - Software Distribution Service 3.0

RP202: 2011-02-15 08:30:34 - Removed SpyHunter

RP203: 2011-02-15 17:27:39 - Microsoft Antimalware Checkpoint

RP204: 2011-02-17 15:07:59 - Systemkontrollpunkt

RP205: 2011-02-18 10:50:35 - Software Distribution Service 3.0

RP206: 2011-02-19 08:50:35 - Software Distribution Service 3.0

RP207: 2011-02-19 10:35:47 - Advanced SystemCare RestorePoint

RP208: 2011-02-19 10:36:44 - Före inst av Adobe Acrobat

RP209: 2011-02-19 11:20:30 - Installed Adobe Acrobat X Pro - English, Français, Deutsch.

RP210: 2011-02-19 14:04:24 - Microsoft Antimalware Checkpoint

RP211: 2011-02-20 15:20:38 - Systemkontrollpunkt

RP212: 2011-02-21 06:12:16 - Software Distribution Service 3.0

RP213: 2011-02-22 07:56:22 - Systemkontrollpunkt

RP214: 2011-02-22 21:03:15 - Installed Age of Empires III

RP215: 2011-02-22 21:34:31 - Removed Age of Empires III

RP216: 2011-02-24 09:27:30 - Software Distribution Service 3.0

RP217: 2011-02-25 04:18:15 - Software Distribution Service 3.0

RP218: 2011-02-25 22:31:42 - Installed SpyHunter

RP219: 2011-02-27 08:05:43 - Systemkontrollpunkt

RP220: 2011-03-01 17:58:52 - Microsoft Antimalware Checkpoint

RP221: 2011-03-01 20:45:29 - Advanced SystemCare RestorePoint

RP222: 2011-03-01 20:47:48 - Före RegEdit

RP223: 2011-03-03 08:00:07 - Systemkontrollpunkt

RP224: 2011-03-04 08:20:55 - Systemkontrollpunkt

RP225: 2011-03-06 10:37:48 - Systemkontrollpunkt

RP226: 2011-03-07 19:06:50 - Systemkontrollpunkt

 

==== Installed Programs ======================

 

AC3Filter 1.63b

Acer Crystal Eye webcam 2.2.0.2

Acer eRecovery Management

Acer Product Registration

Acer ScreenSaver

Acer VCM

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.2 - Svenska

Advanced SystemCare 3

Ant.com IE add-on

Any DVD Converter Professional 4.0.3

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver

Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program

BitTorrent

Choice Guard

Compatibility Pack för Office 2007-systemet

Definition update for Microsoft Office 2010 (KB982726)

DesktopEarth

eSobi v2

FastStone Capture 6.5

Flash Saving Plugin

FVDIEPlugin

Google Desktop

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB915800-v4)

HTML Slideshow Powertoy for Windows XP

Huawei Generic Driver

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IObit Security 360

Java Auto Updater

Java 6 Update 24

JMicron Flash Media Controller Driver

Junk Mail filter update

Launch Manager

Lexmark 2600 Series

Lexmark Verktygsfält

Macromedia Dreamweaver 8

Macromedia Extension Manager

McAfee SiteAdvisor

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Antimalware Service SV-SE Language Pack

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (Swedish) 2010

Microsoft Office Excel MUI (Swedish) 2010

Microsoft Office Groove MUI (Swedish) 2010

Microsoft Office InfoPath MUI (Swedish) 2010

Microsoft Office OneNote MUI (Swedish) 2010

Microsoft Office Outlook MUI (Swedish) 2010

Microsoft Office PowerPoint MUI (Swedish) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Finnish) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Swedish) 2010

Microsoft Office Proofing (Swedish) 2010

Microsoft Office Publisher MUI (Swedish) 2010

Microsoft Office Shared MUI (Swedish) 2010

Microsoft Office Word MUI (Swedish) 2010

Microsoft Security Client

Microsoft Security Client SV-SE Language Pack

Microsoft Security Essentials

Microsoft Software Update for Web Folders (Swedish) 14

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.5.16)

Mozilla Firefox 4.0b11 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 1.7.0105.35.0

OpenOffice.org 3.1

Process Hacker 2.12

QuickTime

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Security Update for Windows Search 4 - KB963093

Segoe UI

SimpLite-MSN 2.2

Slideshow Generator Powertoy for Windows XP

Snabbkorrigering för Windows XP (KB2443685)

Snabbkorrigering för Windows XP (KB942288-v3)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127-v2)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB969897)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2360131)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2482017)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)

Säkerhetsuppdatering för Windows Media Player (KB952069)

Säkerhetsuppdatering för Windows XP (KB2296199)

Säkerhetsuppdatering för Windows XP (KB2393802)

Säkerhetsuppdatering för Windows XP (KB2419632)

Säkerhetsuppdatering för Windows XP (KB2423089)

Säkerhetsuppdatering för Windows XP (KB2436673)

Säkerhetsuppdatering för Windows XP (KB2440591)

Säkerhetsuppdatering för Windows XP (KB2443105)

Säkerhetsuppdatering för Windows XP (KB2476687)

Säkerhetsuppdatering för Windows XP (KB2478960)

Säkerhetsuppdatering för Windows XP (KB2478971)

Säkerhetsuppdatering för Windows XP (KB2479628)

Säkerhetsuppdatering för Windows XP (KB2483185)

Säkerhetsuppdatering för Windows XP (KB2485376)

Sothink FLV Player

Sothink Web Video Downloader

Spybot - Search & Destroy

SpyHunter

Synaptics Pointing Device Driver

Tele2 Connect

Tele2 Connect Monitor

TMPGEnc Authoring Works 4

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft OneNote 2010 (KB2433299)

Update for Microsoft Outlook Social Connector (KB2289116)

Uppdatering för Microsoft Outlook Social Connector (KB2289116)

Uppdatering för Windows Internet Explorer 8 (KB976662)

Uppdatering för Windows XP (KB2467659)

Uppdatering för Windows XP (KB951978)

Uppdatering för Windows XP (KB971029)

USB2.0 Card Reader Software

WebCam

WebFldrs XP

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Plus! 1.1

Windows Search 4.0

WinZip 12.1

XP SysPad V7.9.6 by xtort.net ©

 

==== End Of File ===========================

[Cecilia]

Tack för fina ord!

 

1.

TeaTimer-funktionen i Spybot S&D är väldigt bra, men just nu så kan den störa de nödvändiga förändringarna i registret så du behöver stänga av den. Kom ihåg att sätta på den när datorn är ren men inte förrän dess. Om det då kommer upp frågor om ändringar ska tillåtas så välj att tillåta dem.

 

Högerklicka på Spybot-ikonen vid klockan och välj "Reset lists". Ikonen ser ut ungefär som ett Windows-fönster med ett hänglås på.

 

Starta Spybot S&D

Välj Advanced i Mode-menyn

Till vänster välj Tools - Resident

Ta bort bocken för TeaTimer

Avsluta programmet.

 

2.

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

Mer detaljerad vägledning finns på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[emigranten-2]

Hej igen

 

Jag har parallellt med denna övning köpt och installerat Trend Micro Titanium Maximum Security.

Detta program ville inte jobba tillsammans med Spybot så detta program togs bort.

Sökningar med Trend visar inga hot.

 

Det finns alltså lite ändringar i datorn under resans gång.

 

Jag sitter med en liten Acer Aspire One som saknar cd-läsare.

Jag kör internet via ett USB-modem eller USB-nätverkskort.

 

Förändrar detta förutsättningarna ovan?

[Cecilia]

För det mesta går det bra med USB-anslutna modem men ibland kan man behöva installera om modemets program/drivrutin för att få internet-anslutningen att fungera. Kan du göra det om det behövs?

[emigranten-2]

Körde ComboFix, men ingen logg kom upp.

Kan heller inte hitta sådan någonstans.

Var brukar den "lägga sig"?

[Cecilia]

Kolla i C:\ om där finns en fil ComboFix.txt. Om den inte finns där så kör ComboFix en gång till.

[emigranten-2]

Kan det ha berott på att ComboFix sparades ner i en mapp och öppnades via genväg?

 

I vilket fall som helst - nu fick jag en logg:

'

ComboFix 11-03-10.04 - Leif 2011-03-11 20:39:58.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.644 [GMT 1:00]

Körs från: c:\documents and settings\Leif\Skrivbord\ComboFix.exe

AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !!

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\leasrsa.dll

c:\windows\system32\nt011.info

c:\windows\system32\Sdat.dat

.

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-02-11 till 2011-03-11 ))))))))))))))))))))))))))))))

.

.

2011-03-09 10:45 . 2011-03-09 10:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro

2011-03-09 10:06 . 2011-03-09 10:06 -------- d-----w- c:\documents and settings\All Users\Uniblue

2011-03-09 09:56 . 2011-03-09 10:05 -------- d-----w- c:\documents and settings\Leif\Application Data\Uniblue

2011-03-09 09:56 . 2011-03-09 10:06 -------- d-----w- c:\program\Uniblue

2011-03-08 20:44 . 2011-03-08 20:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro

2011-03-08 20:43 . 2011-03-08 20:37 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2011-03-08 20:43 . 2011-03-08 20:37 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2011-03-08 20:43 . 2011-03-08 20:37 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2011-03-08 20:43 . 2011-03-08 20:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-08 20:43 . 2011-03-08 20:43 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\Trend Micro

2011-03-08 20:38 . 2011-03-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2011-03-08 20:38 . 2011-03-08 20:40 -------- d-----w- c:\program\Trend Micro

2011-03-05 16:39 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E0D371-A1FD-4C7A-962E-A92C22C406B5}\mpengine.dll

2011-03-02 12:36 . 2011-03-08 20:34 -------- d-----w- c:\program\Spybot - Search & Destroy

2011-03-02 12:36 . 2011-03-08 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-02-27 06:33 . 2011-02-27 06:33 -------- d-----r- c:\documents and settings\NetworkService\Favoriter

2011-02-26 17:11 . 2011-02-26 17:11 110080 ----a-r- c:\documents and settings\Leif\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe

2011-02-26 17:11 . 2011-02-26 17:11 110080 ----a-r- c:\documents and settings\Leif\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe

2011-02-26 17:11 . 2011-02-26 17:11 -------- d-----w- C:\sh4ldr

2011-02-26 17:09 . 2011-02-26 17:11 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2011-02-26 16:25 . 2011-02-26 16:25 -------- d-----w- c:\program\Delade filer\Java

2011-02-26 16:23 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-26 16:22 . 2011-02-26 16:22 -------- d-----w- c:\documents and settings\Leif\Application Data\Process Hacker 2

2011-02-26 16:17 . 2011-02-26 16:17 -------- d-----w- c:\program\XPSysPad

2011-02-26 16:05 . 2011-02-26 16:05 -------- d-----w- c:\program\Mozilla Firefox 4.0 Beta 11

2011-02-26 15:58 . 2011-02-26 16:26 -------- d-----w- c:\program\DesktopEarth

2011-02-26 15:33 . 2011-02-26 15:33 -------- d-----w- c:\program\Process Hacker 2

2011-02-22 20:09 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-02-19 10:37 . 2011-02-19 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-02-16 12:00 . 2011-02-16 12:00 -------- d-----w- c:\program\SourceTec

2011-02-14 22:35 . 2011-02-14 22:35 -------- d-----w- c:\program\Enigma Software Group

2011-02-14 22:33 . 2011-02-26 15:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 10:10 . 2009-07-23 17:53 1606368 ----a-w- c:\windows\system32\drivers\athw.sys

2011-03-09 10:09 . 2009-07-23 17:54 307200 ----a-w- c:\windows\system32\vsnp2uvc.dll

2011-03-09 10:09 . 2009-07-23 17:54 1759744 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2011-03-09 10:09 . 2009-07-23 17:54 28544 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2011-03-09 10:09 . 2009-07-23 17:54 196608 ----a-w- c:\windows\system32\csnp2uvc.dll

2011-03-09 10:09 . 2009-07-23 17:54 94208 ----a-w- c:\windows\PLFSetL.exe

2011-03-09 10:09 . 2009-07-23 17:54 225280 ----a-w- c:\windows\system32\rsnp2uvc.dll

2011-02-11 06:54 . 2011-02-08 08:07 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-02-09 13:54 . 2009-03-05 05:47 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2009-03-05 05:47 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 18:19 . 2009-07-26 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2009-03-04 21:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2009-03-04 21:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2009-03-05 05:47 439808 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-11 08:37 . 2011-01-11 07:55 38944 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS

2011-01-11 08:37 . 2011-01-11 07:55 59240 ----a-w- c:\windows\system32\GenSvcInst.exe

2011-01-11 08:37 . 2011-01-11 07:55 139264 ----a-w- c:\windows\system32\bgsvcgen.exe

2011-01-07 14:09 . 2009-03-05 05:46 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04 . 2009-03-05 05:47 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2009-03-05 05:47 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52 . 2009-03-05 05:47 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52 . 2009-03-05 05:47 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52 . 2009-03-05 05:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25 . 2009-03-05 05:47 730624 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2009-03-05 05:47 385024 ----a-w- c:\windows\system32\html.iec

2011-01-28 06:34 . 2011-01-28 06:34 119808 ----a-w- c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B171655-A70C-5c18-B693-6CB5DC269D44}]

2010-06-10 22:44 1702912 ----a-w- c:\program\FVDIEP~1\FVDIEPlugin_1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2B171655-A70C-5c18-B693-6CB5DC269D41}"= "c:\program\FVDIEP~1\FVDIEPlugin_1.dll" [2010-06-10 1702912]

.

[HKEY_CLASSES_ROOT\clsid\{2b171655-a70c-5c18-b693-6cb5dc269d41}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A70C-5c18-B693-6CB5DC269D40}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{2B171655-A70C-5C18-B693-6CB5DC269D41}"= "c:\program\FVDIEP~1\FVDIEPlugin_1.dll" [2010-06-10 1702912]

.

[HKEY_CLASSES_ROOT\clsid\{2b171655-a70c-5c18-b693-6cb5dc269d41}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A70C-5c18-B693-6CB5DC269D40}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program\Launch Manager\LManager.exe" [2009-02-20 817672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2009-01-22 1422632]

"ConnecteSupport"="c:\program\Tific\Tific Client G1\ConnecteSupport.exe" [2010-03-17 2218528]

"Trend Micro Client Framework"="c:\program\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-08 112632]

"Trend Micro Titanium"="c:\program\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-03-08 1062224]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2011-03-09 196608]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Leif\Start-meny\Program\Autostart\

DesktopEarth AutoStart.lnk - c:\documents and settings\Leif\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2011-2-26 29926]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Connect Monitor.lnk - c:\program\Tele2 Connect\WVPNMonitor.exe [2010-10-1 3458368]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\~Disabled

Acer VCM.lnk - c:\program\Acer\Acer VCM\AcerVCM.exe [2009-3-4 565248]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2009-5-11 525640]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"oduwjblmkjufynwjwliqTaskMgr"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\program\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msmsgs"="c:\program\Messenger\msmsgs.exe"

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Persistence"=c:\windows\system32\igfxpers.exe

"IgfxTray"=c:\windows\system32\igfxtray.exe

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

"snp2uvc"=rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS

"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" -atboottime

"lxdnmon.exe"="c:\program\Lexmark 2600 Series\lxdnmon.exe"

"lxdnamon"="c:\program\Lexmark 2600 Series\lxdnamon.exe"

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe"

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\BitTorrent\\bittorrent.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=

"c:\\Program\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\Program\\Lexmark 2600 Series\\frun.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-gruppering

"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 KProcessHacker2;KProcessHacker2;c:\program\Process Hacker 2\kprocesshacker.sys [2011-02-26 32840]

R2 Amsp;Trend Micro Solution Platform;c:\program\Trend Micro\AMSP\coreServiceShell.exe [2011-03-08 196320]

R2 AntUpdaterService;Ant Toolbar updater service;c:\program\Ant.com\IE add-on\AntUpdaterService.exe [2010-12-22 515096]

R2 CTATSvc;Tele2 Connect AT Service;c:\program\Tele2 Connect\ATService.exe [2010-10-01 578880]

R2 CTConnect;Tele2 Connect Monitor;c:\program\Tele2 Connect\Connect.exe [2010-10-01 2602304]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-10-02 98984]

R2 RS_Service;Raw Socket Service;c:\program\Acer\Acer VCM\RS_Service.exe [2009-03-04 237568]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\program\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-05-18 327064]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-03-08 64080]

S1 MpKsl0bd57535;MpKsl0bd57535; [x]

S1 MpKsl3ea683a2;MpKsl3ea683a2; [x]

S1 MpKsl5151f3e2;MpKsl5151f3e2; [x]

S1 MpKsl52e2f260;MpKsl52e2f260; [x]

S1 MpKsl554800c2;MpKsl554800c2; [x]

S1 MpKsl8de3d5c7;MpKsl8de3d5c7; [x]

S1 MpKsl9e6acdc4;MpKsl9e6acdc4; [x]

S1 MpKslc0dc6068;MpKslc0dc6068; [x]

S1 MpKsle77b73dd;MpKsle77b73dd; [x]

S1 MpKsledafdfd3;MpKsledafdfd3; [x]

S1 MpKslf1ec8a81;MpKslf1ec8a81; [x]

S3 esgiguard;esgiguard;c:\program\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]

S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-04 30192]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-01-15 100736]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]

S3 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [2009-03-05 14336]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-03-04 112480]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-07-30 7680]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-03-05 14336]

S3 osppsvc;Office Software Protection Platform;c:\program\Delade filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-07-30 110080]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2009-07-30 104960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-11 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

- c:\program\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

.

2011-03-11 c:\windows\Tasks\RegistryBooster.job

- c:\program\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-09 12:18]

.

2011-03-11 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-03-09 14:40]

.

.

------- Extra genomsökning -------

.

uStart Page = about:blank

uInternet Settings,ProxyServer = http=127.0.0.1:33440

IE: &Windows Live Search - c:\program\Windows Live Toolbar\msntb.dll/search.htm

IE: Append Link Target to Existing PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office14\EXCEL.EXE/3000

IE: FVDIEPlugin Add Page - c:\program\FVDIEP~1\FVDIEPlugin_1.dll/IECONTEXT.DLL.HTM

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Save Flash - c:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210

IE: Save YouTube Video - c:\program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217

IE: Ski&cka till OneNote - c:\program\MICROS~2\Office14\ONBttnIE.dll/105

IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program\Ant.com\IE add-on\Download.dll

Trusted Zone: bodymass.org

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program\Delade filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox 4.0 Beta 11\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Trend Micro Toolbar: {22181a4d-af90-4ca3-a569-faed9118d6bc} - c:\program\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKCU-Run-Advanced SystemCare 3 - :c:\program\IObit\Advanced SystemCare 3\AWC.exe

HKCU-Run-Process Hacker 2 - :c:\program\Process Hacker 2\ProcessHacker.exe

HKLM-Run-Adobe Acrobat Speed Launcher - :c:\program\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe

HKLM-Run-Acrobat Assistant 8.0 - :c:\program\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe

HKLM-Run-SunJavaUpdateSched - :c:\program\Delade filer\Java\Java Update\jusched.exe

HKLM-Run-SpyHunter Security Suite - :c:\program\Enigma Software Group\SpyHunter\SpyHunter4.exe

HKLM-Run-PLFSetL - :c:\windows\PLFSetL.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-11 20:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'explorer.exe'(1460)

c:\program\DELADE~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\program\MICROS~2\Office14\1053\GrooveIntlResource.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Trend Micro\AMSP\coreFrameworkHost.exe

c:\windows\system32\bgsvcgen.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdncoms.exe

c:\program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

c:\program\DesktopEarth\DesktopEarth.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

.

**************************************************************************

.

Sluttid: 2011-03-11 20:55:55 - datorn startades om.

ComboFix-quarantined-files.txt 2011-03-11 19:55

.

Före genomsökningen: 136 469 397 504 byte ledigt

Efter genomsökningen: 136 733 138 944 byte ledigt

.

- - End Of File - - 04800535972E2540FCAD28203670AFD4

[Cecilia]

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här.

c:\program\FVDIEP~1\FVDIEPlugin_1.dll

 

Kan du starta Aktivitetshanteraren?

 

Det vore bra om återställningskonsolen blev installerad av ComboFix innan du fortsätter med resten. Fick du upp någon fråga om återställningskonsolen när du körde COmboFix?

 

Kopiera alla rader i rutan:

Driver::
MpKsl0bd57535
MpKsl3ea683a2
MpKsl5151f3e2
MpKsl52e2f260
MpKsl554800c2
MpKsl8de3d5c7
MpKsl9e6acdc4
MpKslc0dc6068
MpKsle77b73dd
MpKsledafdfd3
MpKslf1ec8a81
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:33440
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

[emigranten-2]

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5:c16c6aaef1537ec620c72489904d8a8a Date first seen:2010-07-14 17:09:17 (UTC) Date last seen:2010-07-14 17:09:17 (UTC) Detection ratio:0/42 What do you wish to do?

 

 

 

 

 

Jag valde view last report. Här följer det:

 

Antivirus Version Last Update Result a-squared 5.0.0.31 2010.07.14 - AhnLab-V3 2010.07.14.01 2010.07.14 - AntiVir 8.2.4.10 2010.07.14 - Antiy-AVL 2.0.3.7 2010.07.14 - Authentium 5.2.0.5 2010.07.14 - Avast 4.8.1351.0 2010.07.14 - Avast5 5.0.332.0 2010.07.14 - AVG 9.0.0.836 2010.07.14 - BitDefender 7.2 2010.07.14 - CAT-QuickHeal 11.00 2010.07.14 - ClamAV 0.96.0.3-git 2010.07.14 - Comodo 5425 2010.07.14 - DrWeb 5.0.2.03300 2010.07.14 - eSafe 7.0.17.0 2010.07.14 - eTrust-Vet 36.1.7706 2010.07.14 - F-Prot 4.6.1.107 2010.07.14 - F-Secure 9.0.15370.0 2010.07.14 - Fortinet 4.1.143.0 2010.07.14 - GData 21 2010.07.14 - Ikarus T3.1.1.84.0 2010.07.14 - Jiangmin 13.0.900 2010.07.14 - Kaspersky 7.0.0.125 2010.07.14 - McAfee 5.400.0.1158 2010.07.14 - McAfee-GW-Edition 2010.1 2010.07.14 - Microsoft 1.5902 2010.07.14 - NOD32 5277 2010.07.14 - Norman 6.05.11 2010.07.14 - nProtect 2010-07-14.01 2010.07.14 - Panda 10.0.2.7 2010.07.14 - PCTools 7.0.3.5 2010.07.14 - Prevx 3.0 2010.07.14 - Rising 22.56.02.04 2010.07.14 - Sophos 4.55.0 2010.07.14 - Sunbelt 6579 2010.07.14 - SUPERAntiSpyware 4.40.0.1006 2010.07.14 - Symantec 20101.1.1.7 2010.07.14 - TheHacker 6.5.2.1.313 2010.07.13 - TrendMicro 9.120.0.1004 2010.07.14 - TrendMicro-HouseCall 9.120.0.1004 2010.07.14 - VBA32 3.12.12.6 2010.07.13 - ViRobot 2010.7.12.3932 2010.07.14 - VirusBuster 5.0.27.0 2010.07.14 - Additional information Show all MD5 : c16c6aaef1537ec620c72489904d8a8a SHA1 : 69d8d75bebed7465be1639ccaa233d6558994d6a SHA256: 129528e6fc51f5564b8a3259d9a8dd06434483b0c0df8eac9e1ab065783aa218 ssdeep: 12288:Ibe2C0PfvmfVXFv79ovUZcwEjcuHb/tYnPOAF79qYvydZxHxYPtD+TToGF6Y3jbf:Ib7+

j9kxYQTToGF13kT1KOqPFuxxSFA File size : 1702912 bytes First seen: 2010-07-14 17:09:17 Last seen : 2010-07-14 17:09:17 Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit TrID:

DirectShow filter (53.7%)

Windows OCX File (32.9%)

Win32 Executable MS Visual C++ (generic) (10.0%)

Win32 Executable Generic (2.2%)

Generic Win/DOS Executable (0.5%) sigcheck:

publisher....: paulov.ru

copyright....: © 2010 Roman Paulov, http://paulov.ru/, © 2010 FVD Suite. All rights reserved.

product......: FVD Suite IE Plugin

description..: FVD Suite IE Plugin

original name: FVDIEPlugin.dll

internal name: FVDIEPlugin.dll

file version.: 1.02

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEiD: - PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x9E437

timedatestamp....: 0x4C116AE2 (Thu Jun 10 22:44:50 2010)

machinetype......: 0x14C (Intel I386)

 

[[ 7 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.textbss, 0x1000, 0x9B1E6, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e

.text, 0x9D000, 0x14C6F3, 0x14C800, 5.62, 23532d745abaa8aa3536efd9824344f5

.rdata, 0x1EA000, 0x2E8C9, 0x2EA00, 4.51, 0ad047d2c1f777926ccdf13170fbffff

.data, 0x219000, 0x6A34, 0x3E00, 3.86, 4f97d52efbae9acc0f8702adc74138d3

.idata, 0x220000, 0x376F, 0x3800, 4.99, a545e87488b294932fec51809b005f6d

.rsrc, 0x224000, 0x12513, 0x12600, 4.68, 54ba506e274532332781ae8e321e02f9

.reloc, 0x237000, 0xA974, 0xAA00, 6.07, c0b4fd0d8cdef3c62bf1ee51d082b015

 

[[ 11 import(s) ]]

advapi32.dll: RegEnumValueW, RegQueryValueExW, RegQueryValueExA, RegOpenKeyA, RegDeleteValueA, RegQueryInfoKeyA, RegCreateKeyA, RegEnumValueA, RegDeleteKeyA, RegEnumKeyExA, RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegCloseKey, RegSetValueExW

gdi32.dll: CreateRectRgn, GdiFlush, CreateDIBSection, FillRgn, CombineRgn, GetDIBits, FrameRgn, BitBlt, CreateRectRgnIndirect, CreateDCA, LPtoDP, SaveDC, SetMapMode, SetWindowOrgEx, SetViewportOrgEx, RestoreDC, SetTextAlign, TextOutA, CreateBitmap, CreatePatternBrush, OffsetRgn, SetBkMode, Rectangle, SelectObject, CreateSolidBrush, CreatePen, DeleteObject, CreateCompatibleBitmap, CreateCompatibleDC, CreateFontIndirectA, TextOutW, GetDeviceCaps, ExtTextOutA, SetBkColor, ExtCreatePen, Polygon, LineTo, MoveToEx, ExcludeClipRect, SelectClipRgn, SetPolyFillMode, GetStockObject, DeleteDC, SetTextColor, GetObjectA

kernel32.dll: lstrlenA, GetVersionExA, InterlockedIncrement, MultiByteToWideChar, LeaveCriticalSection, EnterCriticalSection, GetCurrentThreadId, RaiseException, lstrcpyA, GetCurrentProcessId, MulDiv, lstrcmpA, FreeLibrary, CloseHandle, CreateProcessA, GetModuleFileNameA, lstrlenW, WideCharToMultiByte, DisableThreadLibraryCalls, DeleteCriticalSection, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcmpiA, IsDBCSLeadByte, InitializeCriticalSection, GlobalAlloc, GetLocalTime, CreateThread, WaitForSingleObject, GetExitCodeThread, TerminateThread, CreateEventA, SetEvent, CopyFileA, lstrcatA, GetFileSize, CreateFileA, SetFilePointer, WriteFile, ReadFile, SetFileTime, GetFileTime, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetSystemDirectoryA, lstrcpyW, GetCurrentProcess, SystemTimeToFileTime, GetCurrentDirectoryA, LocalFileTimeToFileTime, CreateDirectoryA, GetFileAttributesA, SetCurrentDirectoryA, GetShortPathNameA, SetFileAttributesA, lstrcpynW, GetPrivateProfileStringA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionW, GetPrivateProfileSectionA, WritePrivateProfileStringA, GetTimeZoneInformation, DeleteFileA, RemoveDirectoryA, LockResource, LocalFree, LocalSize, LocalAlloc, FormatMessageA, HeapFree, HeapAlloc, GetProcessHeap, FileTimeToSystemTime, GetFileInformationByHandle, GetTickCount, FormatMessageW, CreateFileW, IsDBCSLeadByteEx, FlushInstructionCache, InterlockedDecrement, LoadLibraryA, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetModuleHandleA, GetModuleFileNameW, LoadLibraryW, OutputDebugStringA, GetLastError, SetLastError, GlobalLock, GlobalUnlock, FreeEnvironmentStringsA, GetEnvironmentStrings, GetStdHandle, GetCommandLineA, LCMapStringA, LCMapStringW, GetCPInfo, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThread, HeapCreate, HeapDestroy, FatalAppExitA, HeapReAlloc, HeapSize, ExitProcess, GetACP, GetOEMCP, IsValidCodePage, SetConsoleCtrlHandler, SetHandleCount, GetStartupInfoA, FreeEnvironmentStringsW, InterlockedCompareExchange, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, Sleep, InterlockedExchange, RtlUnwind, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualProtect, GetSystemInfo, VirtualQuery, WriteConsoleW, GetEnvironmentStringsW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, InitializeCriticalSectionAndSpinCount, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, FlushFileBuffers, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, CompareStringA, CompareStringW, SetEnvironmentVariableA, lstrcpynA, GetFileType

ole32.dll: CoTaskMemAlloc, CoCreateInstance, CoTaskMemFree, StringFromGUID2, CoTaskMemRealloc, CreateStreamOnHGlobal, RegisterDragDrop, OleUninitialize, OleInitialize, OleRegEnumVerbs, OleRegGetUserType, CreateOleAdviseHolder, OleRegGetMiscStatus, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, OleLockRunning, CoUninitialize, CoInitialize, CoCreateGuid, ReleaseStgMedium

oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

pcre3.dll: -, -

shell32.dll: ShellExecuteA, DoEnvironmentSubstA, SHGetFolderPathA

shlwapi.dll: StrCmpNIA, PathParseIconLocationA, PathFindFileNameA, UrlGetPartA, PathIsDirectoryA, PathFileExistsA, StrStrW, StrToIntExA, StrToIntA, StrRStrIA, StrStrIA, UrlIsA, PathIsNetworkPathA, PathIsFileSpecA, StrChrA, PathRemoveFileSpecA, StrToIntExW, StrStrA, PathAddBackslashA

urlmon.dll: URLDownloadToCacheFileA, FindMimeFromData

user32.dll: SetCursor, TrackMouseEvent, GetDlgCtrlID, UnregisterClassA, GetWindowRgn, LoadStringW, SetForegroundWindow, SetActiveWindow, GetForegroundWindow, DdeClientTransaction, DdeCreateDataHandle, FindWindowA, DdeUninitialize, DdeDisconnect, DdeFreeStringHandle, DdeConnect, DdeCreateStringHandleA, DdeInitializeA, GetIconInfo, SetRect, SetTimer, EnumWindows, CopyIcon, SetSystemCursor, CharNextW, IsDialogMessageA, SetDlgItemTextA, SendDlgItemMessageA, GetDlgItemTextA, EndDialog, GetDlgItem, CreateDialogParamA, ShowWindow, MessageBoxA, DialogBoxParamA, DestroyWindow, CreateWindowExA, RegisterClassExA, LoadCursorA, GetClassInfoExA, LoadBitmapA, MonitorFromPoint, GetMonitorInfoA, SetFocus, SystemParametersInfoA, MapWindowPoints, PeekMessageA, GetDCEx, OffsetRect, GetClassNameA, SetRectEmpty, CallNextHookEx, GetCursorPos, PtInRect, DrawStateA, ModifyMenuA, GetMenuItemID, RegisterWindowMessageA, GetMessagePos, ShowCursor, FrameRect, GetActiveWindow, GetWindowThreadProcessId, CharNextA, CharLowerA, IsWindowVisible, IsWindowEnabled, MessageBeep, DrawEdge, InflateRect, SetWindowsHookExA, UnhookWindowsHookEx, ReleaseDC, GetWindowDC, GetWindowLongA, CallWindowProcA, InvalidateRect, UpdateWindow, IsMenu, IsWindow, ValidateRect, GetComboBoxInfo, CreateIconFromResourceEx, CreateIconFromResource, RegisterClassA, EnumChildWindows, CopyRect, GetSysColor, DrawTextA, RedrawWindow, ScreenToClient, PostMessageA, GetWindowRect, LoadMenuA, GetSubMenu, GetMenuItemCount, GetMenuItemInfoA, SetMenuItemInfoA, DestroyMenu, GetUpdateRect, GetFocus, BeginPaint, GetSysColorBrush, FillRect, DrawIconEx, EndPaint, LoadImageA, wsprintfA, GetWindowTextLengthA, LoadStringA, GetParent, GetWindow, GetClientRect, SetWindowPos, GetWindowTextA, SetWindowLongA, DefWindowProcA, GetSystemMetrics, SetWindowTextA, SendMessageA, GetKeyState, LoadIconA, DestroyIcon, TranslateMessage, DispatchMessageA, InvalidateRgn, SetCapture, ReleaseCapture, ClientToScreen, MoveWindow, CreateAcceleratorTableA, GetDesktopWindow, DestroyAcceleratorTable, IsChild, IntersectRect, EqualRect, SetWindowRgn, UnionRect, GetDC, EnableWindow, MonitorFromWindow, IsDlgButtonChecked, CheckDlgButton, WindowFromPoint, KillTimer, TrackPopupMenuEx

wininet.dll: InternetCheckConnectionA, HttpQueryInfoA, HttpAddRequestHeadersA, HttpSendRequestExA, InternetWriteFile, HttpEndRequestA, InternetSetOptionA, InternetOpenW, InternetConnectW, HttpSendRequestW, HttpSendRequestExW, HttpQueryInfoW, InternetSetOptionW, HttpOpenRequestA, HttpSendRequestA, InternetConnectA, InternetCloseHandle, InternetOpenA, InternetReadFile

 

[[ 4 export(s) ]]

DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

 

 

 

JA, JAG KAN ÖPPNA AKTIVITETSHANTERAREN

 

"Det vore bra om återställningskonsolen blev installerad av ComboFix innan du fortsätter med resten. Fick du upp någon fråga om återställningskonsolen när du körde COmboFix?"

 

HOPPSAN - HÄR MISSADE JAG NOG NÅGOT.

Om inte - hur återställer man?

[Cecilia]

Kör ComboFix igen och se om det inte dyker upp någon fråga om återställningskonsolen. Om frågan inte kommer följ anvisningarna på http://www.bleepingcomputer.com/combofix/se/hur-combofix-ska-anvandas#manual_recovery där det finns två alternativ beroende på om du har en XP-skiva eller inte.

[emigranten-2]

Klistrade in CFScript som du sa.

Under körningen kom följande meddelande upp:

 

Error saving file

C\:ComboFix\HIV\SECURITY !

 

Continue with next file?

 

(RegSaveKeyEx: 1016 - Ett oåterkalleligt fel uppstod i en I/O-åtgärd initierad av registret. Registret kan inte läsa, skriva eller tömma en av filerna som innehåller avbildningen av registret.)

 

Valde ja och samma meddelande dök upp med ett nytt filnamn (någonting med "000001" i).

Körde vidare och fick sedan ut följande logg:

 

ComboFix 11-03-10.04 - Leif 2011-03-13 16:32:38.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1012.593 [GMT 1:00]

Körs från: c:\documents and settings\Leif\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Leif\Skrivbord\CFScript.txt

AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\regedit.exe . . . är infekterad!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MPKSL0BD57535

-------\Legacy_MPKSL3EA683A2

-------\Legacy_MPKSL5151F3E2

-------\Legacy_MPKSL52E2F260

-------\Legacy_MPKSL554800C2

-------\Legacy_MPKSL8DE3D5C7

-------\Legacy_MPKSL9E6ACDC4

-------\Legacy_MPKSLC0DC6068

-------\Legacy_MPKSLE77B73DD

-------\Legacy_MPKSLEDAFDFD3

-------\Legacy_MPKSLF1EC8A81

-------\Service_MpKsl0bd57535

-------\Service_MpKsl3ea683a2

-------\Service_MpKsl5151f3e2

-------\Service_MpKsl52e2f260

-------\Service_MpKsl554800c2

-------\Service_MpKsl8de3d5c7

-------\Service_MpKsl9e6acdc4

-------\Service_MpKslc0dc6068

-------\Service_MpKsle77b73dd

-------\Service_MpKsledafdfd3

-------\Service_MpKslf1ec8a81

.

.

(((((((((((((((((((((((( Filer Skapade från 2011-02-13 till 2011-03-13 ))))))))))))))))))))))))))))))

.

.

2011-03-12 06:18 . 2011-03-12 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Columbitech

2011-03-12 06:18 . 2011-03-13 08:32 -------- d-----w- c:\program\Tele2 Connect

2011-03-12 06:18 . 2011-03-12 06:22 -------- d-----w- c:\documents and settings\Leif\Application Data\Tific

2011-03-12 06:18 . 2011-03-12 06:18 -------- d-----w- c:\documents and settings\Leif\Lokala inställningar\Application Data\Tific

2011-03-12 06:17 . 2011-03-12 06:17 -------- d-----w- c:\program\Tific

2011-03-12 06:17 . 2011-03-12 06:17 -------- d-----w- c:\program\Delade filer\Tific

2011-03-09 10:45 . 2011-03-09 10:45 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trend Micro

2011-03-09 10:06 . 2011-03-09 10:06 -------- d-----w- c:\documents and settings\All Users\Uniblue

2011-03-09 09:56 . 2011-03-09 10:05 -------- d-----w- c:\documents and settings\Leif\Application Data\Uniblue

2011-03-09 09:56 . 2011-03-09 10:06 -------- d-----w- c:\program\Uniblue

2011-03-08 20:44 . 2011-03-08 20:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro

2011-03-08 20:43 . 2011-03-08 20:37 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2011-03-08 20:43 . 2011-03-08 20:37 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2011-03-08 20:43 . 2011-03-08 20:37 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2011-03-08 20:43 . 2011-03-08 20:37 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-03-08 20:43 . 2011-03-08 20:43 -------- d-----w- c:\documents and settings\LocalService\Lokala inställningar\Application Data\Trend Micro

2011-03-08 20:38 . 2011-03-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2011-03-08 20:38 . 2011-03-08 20:40 -------- d-----w- c:\program\Trend Micro

2011-03-05 16:39 . 2011-02-11 06:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A6E0D371-A1FD-4C7A-962E-A92C22C406B5}\mpengine.dll

2011-03-02 12:36 . 2011-03-08 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-02-27 06:33 . 2011-02-27 06:33 -------- d-----r- c:\documents and settings\NetworkService\Favoriter

2011-02-26 17:11 . 2011-02-26 17:11 110080 ----a-r- c:\documents and settings\Leif\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe

2011-02-26 17:11 . 2011-02-26 17:11 110080 ----a-r- c:\documents and settings\Leif\Application Data\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe

2011-02-26 17:11 . 2011-02-26 17:11 -------- d-----w- C:\sh4ldr

2011-02-26 17:09 . 2011-03-13 07:50 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP

2011-02-26 16:25 . 2011-02-26 16:25 -------- d-----w- c:\program\Delade filer\Java

2011-02-26 16:23 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-02-26 16:22 . 2011-02-26 16:22 -------- d-----w- c:\documents and settings\Leif\Application Data\Process Hacker 2

2011-02-26 16:17 . 2011-02-26 16:17 -------- d-----w- c:\program\XPSysPad

2011-02-26 16:05 . 2011-02-26 16:05 -------- d-----w- c:\program\Mozilla Firefox 4.0 Beta 11

2011-02-26 15:58 . 2011-02-26 16:26 -------- d-----w- c:\program\DesktopEarth

2011-02-26 15:33 . 2011-02-26 15:33 -------- d-----w- c:\program\Process Hacker 2

2011-02-22 20:09 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2011-02-19 10:37 . 2011-02-19 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2011-02-16 12:00 . 2011-02-16 12:00 -------- d-----w- c:\program\SourceTec

2011-02-14 22:33 . 2011-02-26 15:44 -------- d-----w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-09 10:10 . 2009-07-23 17:53 1606368 ----a-w- c:\windows\system32\drivers\athw.sys

2011-03-09 10:09 . 2009-07-23 17:54 307200 ----a-w- c:\windows\system32\vsnp2uvc.dll

2011-03-09 10:09 . 2009-07-23 17:54 1759744 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2011-03-09 10:09 . 2009-07-23 17:54 28544 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2011-03-09 10:09 . 2009-07-23 17:54 196608 ----a-w- c:\windows\system32\csnp2uvc.dll

2011-03-09 10:09 . 2009-07-23 17:54 94208 ----a-w- c:\windows\PLFSetL.exe

2011-03-09 10:09 . 2009-07-23 17:54 225280 ----a-w- c:\windows\system32\rsnp2uvc.dll

2011-02-11 06:54 . 2011-02-08 08:07 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-02-09 13:54 . 2009-03-05 05:47 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2009-03-05 05:47 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-02 18:19 . 2009-07-26 13:46 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-02-02 07:58 . 2009-03-04 21:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2009-03-04 21:00 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-21 14:44 . 2009-03-05 05:47 439808 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-11 08:37 . 2011-01-11 07:55 38944 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS

2011-01-11 08:37 . 2011-01-11 07:55 59240 ----a-w- c:\windows\system32\GenSvcInst.exe

2011-01-11 08:37 . 2011-01-11 07:55 139264 ----a-w- c:\windows\system32\bgsvcgen.exe

2011-01-07 14:09 . 2009-03-05 05:46 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 14:04 . 2009-03-05 05:47 1854976 ----a-w- c:\windows\system32\win32k.sys

2010-12-22 12:34 . 2009-03-05 05:47 301568 ----a-w- c:\windows\system32\kerberos.dll

2010-12-20 23:52 . 2009-03-05 05:47 916480 ----a-w- c:\windows\system32\wininet.dll

2010-12-20 23:52 . 2009-03-05 05:47 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-20 23:52 . 2009-03-05 05:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-12-20 17:25 . 2009-03-05 05:47 730624 ----a-w- c:\windows\system32\lsasrv.dll

2010-12-20 12:55 . 2009-03-05 05:47 385024 ----a-w- c:\windows\system32\html.iec

2011-01-28 06:34 . 2011-01-28 06:34 119808 ----a-w- c:\program\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-11_19.49.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-13 15:39 . 2011-03-13 15:39 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat

- 2009-03-05 05:47 . 2011-03-11 14:24 93186 c:\windows\system32\perfc01D.dat

+ 2009-03-05 05:47 . 2011-03-13 09:41 93186 c:\windows\system32\perfc01D.dat

+ 2009-03-05 05:47 . 2011-03-13 09:41 72914 c:\windows\system32\perfc009.dat

- 2009-03-05 05:47 . 2011-03-11 14:24 72914 c:\windows\system32\perfc009.dat

- 2009-03-04 21:59 . 2008-04-14 21:07 58240 c:\windows\system32\drivers\redbook.sys

+ 2009-03-04 21:59 . 2008-04-14 20:07 58240 c:\windows\system32\drivers\redbook.sys

+ 2011-03-13 07:50 . 2011-03-13 07:50 27494 c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCall.dll

- 2009-03-05 05:47 . 2011-03-11 14:24 470790 c:\windows\system32\perfh01D.dat

+ 2009-03-05 05:47 . 2011-03-13 09:41 470790 c:\windows\system32\perfh01D.dat

- 2009-03-05 05:47 . 2011-03-11 14:24 448348 c:\windows\system32\perfh009.dat

+ 2009-03-05 05:47 . 2011-03-13 09:41 448348 c:\windows\system32\perfh009.dat

+ 2011-03-12 06:18 . 2011-03-12 06:18 410984 c:\windows\Installer\{787E4869-4D11-49B4-8F3D-17FD32D7E2AA}\NewShortcut1_787E48694D1149B48F3D17FD32D7E2AA.exe

- 2011-01-31 08:43 . 2011-02-27 05:47 410984 c:\windows\Installer\{787E4869-4D11-49B4-8F3D-17FD32D7E2AA}\NewShortcut1_787E48694D1149B48F3D17FD32D7E2AA.exe

+ 2011-03-12 06:18 . 2011-03-12 06:18 410984 c:\windows\Installer\{787E4869-4D11-49B4-8F3D-17FD32D7E2AA}\ARPPRODUCTICON.exe

- 2011-01-31 08:43 . 2011-02-27 05:47 410984 c:\windows\Installer\{787E4869-4D11-49B4-8F3D-17FD32D7E2AA}\ARPPRODUCTICON.exe

+ 2011-03-13 07:50 . 2011-03-13 07:50 130193 c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla4.dll

+ 2011-03-13 07:50 . 2011-03-13 07:50 130755 c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla3.dll

+ 2011-03-13 07:50 . 2011-03-13 07:50 130112 c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla2.dll

+ 2011-03-13 07:50 . 2011-03-13 07:50 131991 c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.dll

+ 2011-03-13 07:50 . 2011-03-13 07:50 131039 c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla.exe

+ 2011-03-12 06:18 . 2011-03-12 06:18 1366016 c:\windows\Installer\33d9b.msi

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B171655-A70C-5c18-B693-6CB5DC269D44}]

2010-06-10 22:44 1702912 ----a-w- c:\program\FVDIEP~1\FVDIEPlugin_1.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{2B171655-A70C-5c18-B693-6CB5DC269D41}"= "c:\program\FVDIEP~1\FVDIEPlugin_1.dll" [2010-06-10 1702912]

.

[HKEY_CLASSES_ROOT\clsid\{2b171655-a70c-5c18-b693-6cb5dc269d41}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A70C-5c18-B693-6CB5DC269D40}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{2B171655-A70C-5C18-B693-6CB5DC269D41}"= "c:\program\FVDIEP~1\FVDIEPlugin_1.dll" [2010-06-10 1702912]

.

[HKEY_CLASSES_ROOT\clsid\{2b171655-a70c-5c18-b693-6cb5dc269d41}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A70C-5c18-B693-6CB5DC269D40}]

[HKEY_CLASSES_ROOT\FVDIEPlugin.CFVDIEPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LManager"="c:\program\Launch Manager\LManager.exe" [2009-02-20 817672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2009-01-22 1422632]

"Trend Micro Client Framework"="c:\program\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-03-08 112632]

"Trend Micro Titanium"="c:\program\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-03-08 1062224]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2011-03-09 196608]

"ConnecteSupport"="c:\program\Tific\Tific Client G1\ConnecteSupport.exe" [2010-03-17 2218528]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Leif\Start-meny\Program\Autostart\

DesktopEarth AutoStart.lnk - c:\documents and settings\Leif\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2011-2-26 29926]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\

Connect Monitor.lnk - c:\program\Tele2 Connect\WVPNMonitor.exe [2010-3-16 3454272]

.

c:\documents and settings\All Users\Start-meny\Program\Autostart\~Disabled

Acer VCM.lnk - c:\program\Acer\Acer VCM\AcerVCM.exe [2009-3-4 565248]

WinZip Quick Pick.lnk - c:\program\WinZip\WZQKPICK.EXE [2009-5-11 525640]

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"oduwjblmkjufynwjwliqTaskMgr"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"msmsgs"="c:\program\Messenger\msmsgs.exe"

"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

"swg"="c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Persistence"=c:\windows\system32\igfxpers.exe

"IgfxTray"=c:\windows\system32\igfxtray.exe

"HotKeysCmds"=c:\windows\system32\hkcmd.exe

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

"snp2uvc"=rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS

"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" -atboottime

"lxdnmon.exe"="c:\program\Lexmark 2600 Series\lxdnmon.exe"

"lxdnamon"="c:\program\Lexmark 2600 Series\lxdnamon.exe"

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe"

"Adobe ARM"="c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program\\BitTorrent\\bittorrent.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program\\Messenger\\msmsgs.exe"=

"c:\\WINDOWS\\system32\\lxdncoms.exe"=

"c:\\Program\\Lexmark 2600 Series\\lxdnmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnwbgw.exe"=

"c:\\Program\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program\\Lexmark 2600 Series\\lxdnlscn.exe"=

"c:\\Program\\Lexmark 2600 Series\\frun.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-gruppering

"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R1 KProcessHacker2;KProcessHacker2;c:\program\Process Hacker 2\kprocesshacker.sys [2011-02-26 32840]

R2 Amsp;Trend Micro Solution Platform;c:\program\Trend Micro\AMSP\coreServiceShell.exe [2011-03-08 196320]

R2 AntUpdaterService;Ant Toolbar updater service;c:\program\Ant.com\IE add-on\AntUpdaterService.exe [2010-12-22 515096]

R2 CTATSvc;Tele2 Connect AT Service;c:\program\Tele2 Connect\ATService.exe [2010-03-16 574784]

R2 CTConnect;Tele2 Connect Monitor;c:\program\Tele2 Connect\Connect.exe [2010-03-16 2581824]

R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]

R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-10-02 98984]

R2 RS_Service;Raw Socket Service;c:\program\Acer\Acer VCM\RS_Service.exe [2009-03-04 237568]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-03-08 64080]

S3 esgiguard;esgiguard; [x]

S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-04 30192]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-01-15 100736]

S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys --> c:\windows\system32\DRIVERS\ewusbfake.sys [?]

S3 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [2009-03-05 14336]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-03-04 112480]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-07-30 7680]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-03-05 14336]

S3 osppsvc;Office Software Protection Platform;c:\program\Delade filer\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2009-07-30 110080]

S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2009-07-30 104960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Innehållet i mappen 'Schemalagda aktiviteter':

.

2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

2011-03-13 c:\windows\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

- c:\program\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]

.

2011-03-13 c:\windows\Tasks\RegistryBooster.job

- c:\program\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-09 12:18]

.

2011-03-13 c:\windows\Tasks\SpeedUpMyPC.job

- c:\program\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-03-09 14:40]

.

.

------- Extra genomsökning -------

.

uStart Page = about:blank

IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program\Ant.com\IE add-on\Download.dll

Trusted Zone: bodymass.org

TCP: {05055A95-2AF7-4E39-A5CC-5E97452BD061} = 130.244.127.161 130.244.127.169

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program\Delade filer\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox 4.0 Beta 11\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com

FF - Ext: Flash Video Downloader (Youtube Downloader): artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Trend Micro Toolbar: {22181a4d-af90-4ca3-a569-faed9118d6bc} - c:\program\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension

FF - user.js: network.http.max-connections-per-server - 6

FF - user.js: network.http.max-persistent-connections-per-server - 3

FF - user.js: nglayout.initialpaint.delay - 750

FF - user.js: content.notify.interval - 750000

FF - user.js: content.max.tokenizing.time - 2250000

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

.

Toolbar-Locked - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-13 16:40

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

.

- - - - - - - > 'explorer.exe'(3248)

c:\program\DELADE~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\program\MICROS~2\Office14\1053\GrooveIntlResource.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\windows\system32\bgsvcgen.exe

c:\program\Java\jre6\bin\jqs.exe

c:\windows\system32\lxdncoms.exe

c:\program\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program\DesktopEarth\DesktopEarth.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\program\Trend Micro\AMSP\coreFrameworkHost.exe

c:\program\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe

.

**************************************************************************

.

Sluttid: 2011-03-13 16:56:04 - datorn startades om.

ComboFix-quarantined-files.txt 2011-03-13 15:55

ComboFix2.txt 2011-03-11 19:55

.

Före genomsökningen: 136 769 052 672 byte ledigt

Efter genomsökningen: 136 851 517 440 byte ledigt

.

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 6225F1CACB7FC28B0D471DEE12F678F4

[Cecilia]

Spara SystemLook på Skrivbordet från en av dessa länkar:

http://jpshortstuff.247fixes.com/SystemLook.exe

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

 

Dubbelklicka på SystemLook-filen för att köra den.

 

Kopiera alla rader i rutan

:filefind 
regedit.*
:file
c:\windows\regedit.exe

och klistra in i det stora textfältet i SýstemLook.

Tryck på knappen Look för att starta sökningen.

När det är klart så kommer Anteckningar upp med en logg, och den klistrar du in här. Om loggen inte kommer upp så finns den som SystemLook.txt på Skrivbordet.

[emigranten-2]

Först lite om "RegEdit". När jag söker får jag fyra träffar: regedit.exe.ND_ i mappen C:\ComboFix; ändrad den 13 mars 2011 REGEDIT.EXE i mappen C:\i386; ändrad den 15 april 2008 regedit.exe i mappen C:\WINDOWS; ändrad den 15 april 2008 REGEDIT.EXE-2AE3423E.pf i mappen C:\WINDOWS\Prefetch; - skapad den 1 mars 2011 - ändrad den 13 mars 2011 - använd den 9 mars 2011 Beträffande SystemLook: Filen sparas, men när jag klickar på den kommer det upp en ruta med valet "LOOK". Klickar jag här kommer SystemLook error: "Script required"

[Cecilia]

Det som står i rutan i mitt förra inlägg ska klistras in i SystemLook, det är de raderna som är ett "script".

[emigranten-2]

Sorry att jag är så korkad ;-)

 

SystemLook 04.09.10 by jpshortstuff

Log created at 13:08 on 14/03/2011 by Leif Administrator - Elevation successful

========== filefind ========== Searching for "regedit.*"

C:\ComboFix\regedit.exe.ND_ --a---- 14 bytes [15:29 13/03/2011] [15:29 13/03/2011] C08ECC2B53E59F723C8B3F0BA4939593

C:\i386\REGEDIT.CH_ --a---- 41524 bytes [08:48 09/09/2008] [12:00 15/04/2008] 035195EE3FAE0FC01523512BEC9CC750

C:\i386\REGEDIT.EXE --a---- 148480 bytes [08:49 09/09/2008] [12:00 15/04/2008] 808A3BE3398C870DF3CD3E4F15B0B27D

C:\i386\REGEDIT.HL_ --a---- 2378 bytes [08:50 09/09/2008] [12:00 15/04/2008] E53A339380A213D282DDB54197B0484E

C:\WINDOWS\regedit.exe ------- 148480 bytes [05:47 05/03/2009] [12:00 15/04/2008] 808A3BE3398C870DF3CD3E4F15B0B27D

C:\WINDOWS\Help\regedit.chm --a---- 48471 bytes [05:47 05/03/2009] [12:00 15/04/2008] D326215C4EE038DB38554DA468E61CA6

C:\WINDOWS\Help\regedit.hlp --a---- 8782 bytes [05:47 05/03/2009] [12:00 15/04/2008] 874CC99D8D128A766CE1642512BECFE3

C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf --a---- 14852 bytes [19:35 01/03/2011] [08:58 14/03/2011] 47133E0DAF5EBAEE160AB7A0571930D4

========== file ==========

c:\windows\regedit.exe - File found and opened.

MD5: 808A3BE3398C870DF3CD3E4F15B0B27D

Created at 05:47 on 05/03/2009

Modified at 12:00 on 15/04/2008

Size: 148480 bytes

Attributes: ------- F

ileDescription: Registereditorn

FileVersion: 5.1.2600.5512 (xpsp.080413-2111)

ProductVersion: 5.1.2600.5512

OriginalFilename: REGEDIT.EXE

InternalName: REGEDIT

ProductName: Operativsystemet Microsoft® Windows®

CompanyName: Microsoft Corporation

LegalCopyright: © Microsoft Corporation. Med ensamrätt.

-= EOF =-