Hjälp

21 mars, 2011

Första filen från GMER:

xxxxxxxxxxxxxxxxxxxxxxxx

GMER 1.0.15.15570 - <a href='http://www.gmer.net' class='bbc_url' title='Extern länk' rel='nofollow external'>http://www.gmer.net</a>

Rootkit quick scan 2011-03-21 08:56:54

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG01

Running: nv50j56l.exe; Driver: C:\DOCUME~1\Leif\LOKALA~1\Temp\uwldqaoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\Normandy.SYS ZwSystemDebugControl [0xF68A1747]

Code \SystemRoot\System32\Drivers\Normandy.SYS ExAllocatePool

Code \SystemRoot\System32\Drivers\Normandy.SYS ExAllocatePoolWithTag

Code \SystemRoot\System32\Drivers\Normandy.SYS KeDelayExecutionThread

---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

21 mars, 2011

Andra filen från GMER:

xxxxxxxxxxxxxxxxxxxxxxxxx

GMER 1.0.15.15570 - <a href='http://www.gmer.net' class='bbc_url' title='Extern länk' rel='nofollow external'>http://www.gmer.net</a>

Rootkit scan 2011-03-21 10:18:39

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.FG01

Running: nv50j56l.exe; Driver: C:\DOCUME~1\Leif\LOKALA~1\Temp\uwldqaoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\Normandy.SYS ZwSystemDebugControl [0xF68A1747]

Code \SystemRoot\System32\Drivers\Normandy.SYS ExAllocatePool

Code \SystemRoot\System32\Drivers\Normandy.SYS ExAllocatePoolWithTag

Code \SystemRoot\System32\Drivers\Normandy.SYS KeDelayExecutionThread

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeDelayExecutionThread 804E14F6 5 Bytes JMP F68A1584 \SystemRoot\System32\Drivers\Normandy.SYS

.text ntoskrnl.exe!ExAllocatePool 8050D57A 5 Bytes JMP F68A1525 \SystemRoot\System32\Drivers\Normandy.SYS PAGE ntoskrnl.exe!ZwSystemDebugControl 80651A75 5 Bytes JMP F68A174B \SystemRoot\System32\Drivers\Normandy.SYS

.text win32k.sys!EngSetLastError + 375 BF81CCDC 5 Bytes JMP F68A169F \SystemRoot\System32\Drivers\Normandy.SYS

.text win32k.sys!EngPaint + F4A9 BF837517 5 Bytes JMP F68A1661 \SystemRoot\System32\Drivers\Normandy.SYS

.text win32k.sys!EngMulDiv + 4969 BF843043 5 Bytes JMP F68A16DE \SystemRoot\System32\Drivers\Normandy.SYS

? System32\Drivers\Normandy.SYS Det går inte att hitta sökvägen. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

21 mars, 2011

Beträffande RegEdit:

När jag smittats AntiMalware GO försökte jag med olika medel få bort dess "makt" över min dator.

Vad jag än klickade på fick jag meddelandet att programmet var smittat och det gick inte att öppna.

Detta gäller även RegEdit som jag försökte köra.

När jag fått bort AntiMalware GO kunde jag återigen köra alla program jag tidigare försökt använda utan problem.

Jag kan även köra RegEdit numera.

Varför är bara RegEdit smittat?

Borde inte även de andra program jag försökte med - Aktivitetshandlaren etc etc - vara smittade?

Var finns logiken?

mvh

22 mars, 2011

Var finns logiken?

Skadliga program behöver inte vara logiska i hur de smittar, normalt har de någon viss förbestämd Windows-fil som smittas och det påverkas inte av vad man gör vid datorn.

ComboFix hade ändrat i min dator. Bl.a. var alla filer i uppstart borta utom ACER VCM (tror jag bestämt den hette) och Winzip.

Är du säker på att det inte är Advanced SystemCare eller något annat för jag har inte hört något om att ComboFix skulle göra sådant förut. Åtminstone 8 program ser ut att startas automatiskt när du loggar in enligt senaste ComboFix-loggen. Däremot nollställer ComboFix en del inställningar som skadliga program ofta ändrar.

Har du någon länk till "What´s in startup" och till KProcessHacker?

22 mars, 2011

Låt oss säga så här - JAG har inte aktivt medverkat till att ändra startmenyn och Advanced SystemCare gör inte detta utan att programmet instrueras om att ändra så vitt jag vet.

Det gick inte att logga in på nätverket varken via nätverksanslutningens fjärranslutning eller via Tele2 på "normalt vis".

Jag gjorde helt enkelt en återställning till den status som rådde innan jag körde de två senaste programmen du bad mig om.

Kan något av dessa ändrat?

Nej, jag kommer tyvärr inte ihåg från vilka sidor jag laddat ner de program du nämner.

mvh

22 mars, 2011

Vare sig Rootkit Unhooker eller Gmer gör några ändringar i datorn utan att man ger dem särskilda instruktioner. Däremot händer det ju att skadliga program gör förändringar för att det ska bli svårare att få bort dem.

Inget av de två programmen visar på att det skulle finnas något dolt rootkit i datorn. Nu kan jag bara komma på en sak till att pröva för att komma fram till vad som kan ha hänt regedit. Det är då bäst att inte ha Windows igång utan du behöver starta datorn från en CD-skiva. Ladda ner från en av länkarna:

http://oldtimer.geekstogo.com/OTLPEStd.exe

http://ottools.noahdfear.net/OTLPEStd.exe

Stoppa in en tom CD-skiva.

Starta det nedladdade programmet och det kommer automatiskt att bränna OTLPE på CD-skivan.

Kopiera alla raderna i rutan och klistra in i Anteckningar.

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
regedit.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav

Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara som filen otlfix.txt i mappen C:\.

Vet du hur du får datorn att starta från en CD-skiva i stället för från en hårddisk? Om inte så fråga.

När datorn har startat från CD-skivan visas REATOGO-X-PE skrivbord.

Dubbelklicka på ikonen OTLPE.

Om du får frågan "Do you wish to load the remote registry", välj Yes/OK.

När du får frågan "Do you wish to load remote user profile(s) for scanning", välj Yes/OK.

Se till att "Automatically Load All Remaining Users" är vald om det valet finns och klicka OK.

Programmet OTL startar.

Låt inställningen Use safelist vara kvar för Drivers.

Dubbelklicka på rutan "Custom Scans/Fixes".

Det kommer upp en fråga om du vill hämta en fix från en fil. Välj då C:\otlfix.txt.

Tryck på Run Fix för att starta genomsökningen.

När skanningen är klar så kommer loggfilen OTL.txt att sparas i mappen C:\.

Starta om datorn från hårddisken och klistra in loggfilen OTL.txt i ditt svar.

23 mars, 2011

Hej igen

Min dator har ingen CD-läsare (Acer Apire One, du vet den där lilla plutten).

Går det lika bra att använda USB?

(Jag glömde - Trend gillade inte Advanced System Care så det finns inte längre på datorn.)

23 mars, 2011

Okej, kolla den här tråden om hur man får OTLPE på ett bootbart UDB-minne:

http://forums.majorgeeks.com/showthread.php?t=216844

Om det är något du inte förstår så fråga.

24 mars, 2011

På sidan vill man även ladda ner eeepcfr.zip.

Detta nämner inte du.

Förbiseende eller skall detta vara så (frågar för att vara 100% säker, inte för att jag misstror dig ;-) )

24 mars, 2011

När man har OTLPE på en skiva behövs inte eeepcfr.zip utan det är just för att få ett USB-minne bootbart. Följ MajorGeeks sida för att göra ett bootbart USB-minne med OTLPE.

24 mars, 2011

Okay.

Jag har efter bästa förmåga följt instruktionerna.

På skrivbordet finns nu:

- OTLPEStd.exe

- mappen OTLPEStd

- mappen OTLPE

- och mappen OTLPE_New_Std

När jag startar om datorn får jag upp följande text:

INF file txtsetup.sif is corrupt or missing, status 14.

Setup cannot continue.

Press any key to exit.

Filen ifråga saknas.

24 mars, 2011

Menar du när du startar datorn från USB-minnet?

Läs igenom texten noga så att du verkligen gjorde på rätt sätt.

25 mars, 2011

Ja, min dator är inställd på att alltid starta från USB eftersom den saknar cd-läsare.

Gör väl om hela processen igen, men min sticka "heter" nu OTLPE (F:) och det finns nu lite över 300 MB använt utrymme.

Det finns fyra filer utan mapp:

- AUTORUN.INF

- ntdetect.com

- ntldr

- winbom.ini

Sedan finns en mapp med namnet "minint" som har 7 st undermappar, så nog har någonting skrivits på sticka alltid.

Gör ett försök till

mvh

25 mars, 2011

Det verkar ju som att där borde finnas en fil txtsetup.sif i någon mapp också, men att den saknas eller är felaktig.

25 mars, 2011

Har nu gjort om det igen och fått fram en loggfil.

TROR jag avslutade "usb_prep8.cmd" innan detta "jobbat färdigt".

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Error: Unable to interpret <%SYSTEMDRIVE%\*.*> in the current context!

Error: Unable to interpret </md5start> in the current context!

Error: Unable to interpret <eventlog.dll> in the current context!

Error: Unable to interpret <scecli.dll> in the current context!

Error: Unable to interpret <netlogon.dll> in the current context!

Error: Unable to interpret <cngaudit.dll> in the current context!

Error: Unable to interpret <sceclt.dll> in the current context!

Error: Unable to interpret <ntelogon.dll> in the current context!

Error: Unable to interpret <logevent.dll> in the current context!

Error: Unable to interpret <iaStor.sys> in the current context!

Error: Unable to interpret <nvstor.sys> in the current context!

Error: Unable to interpret <atapi.sys> in the current context!

Error: Unable to interpret <IdeChnDr.sys> in the current context!

Error: Unable to interpret <viasraid.sys> in the current context!

Error: Unable to interpret <AGP440.sys> in the current context!

Error: Unable to interpret <vaxscsi.sys> in the current context!

Error: Unable to interpret <nvatabus.sys> in the current context!

Error: Unable to interpret <viamraid.sys> in the current context!

Error: Unable to interpret <nvata.sys> in the current context!

Error: Unable to interpret <nvgts.sys> in the current context!

Error: Unable to interpret <iastorv.sys> in the current context!

Error: Unable to interpret <ViPrt.sys> in the current context!

Error: Unable to interpret <eNetHook.dll> in the current context!

Error: Unable to interpret <ahcix86.sys> in the current context!

Error: Unable to interpret <KR10N.sys> in the current context!

Error: Unable to interpret <nvstor32.sys> in the current context!

Error: Unable to interpret <ahcix86s.sys> in the current context!

Error: Unable to interpret <nvrd32.sys> in the current context!

Error: Unable to interpret <regedit.exe> in the current context!

Error: Unable to interpret </md5stop> in the current context!

Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!

Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!

OTLPE by OldTimer - Version 3.1.46.0 log created on 03252011_104346

25 mars, 2011

Något problem med scriptet ser det ut som. Kör en gång utan användning av scriptet:

När datorn har startat från CD-skivan visas REATOGO-X-PE skrivbord.

Dubbelklicka på ikonen OTLPE.

Om du får frågan "Do you wish to load the remote registry", välj Yes/OK.

När du får frågan "Do you wish to load remote user profile(s) for scanning", välj Yes/OK.

Se till att "Automatically Load All Remaining Users" är vald om det valet finns och klicka OK.

Programmet OTL startar.

Låt inställningen Use safelist vara kvar för Drivers.

Tryck på Run Scan för att starta genomsökningen.

När skanningen är klar så kommer loggfilen OTL.txt att sparas i mappen C:\.

Starta om datorn från hårddisken och klistra in loggfilen OTL.txt i ditt svar

25 mars, 2011

http://www.woofiles.com/dl-236030-HljlvOQ4-OTL.Txt

25 mars, 2011

På sidan http://www.virustotal.com klickar du på Bläddra -knappen och klistrar in ett av följande filnamn i rutan, klicka på Öppna och sedan på Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in länken till resultatet här. Upprepa med nästa filnamn.

C:\Documents and Settings\Leif\updater.html

C:\WINDOWS\System32\AVERM.dll

C:\WINDOWS\System32\AVEQT.dll

Klistrar in loggen så att den är lätt att återvända till.

OTL logfile created on: 3/25/2011 5:28:36 PM - Run

OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

1,012.00 Mb Total Physical Memory | 794.00 Mb Available Physical Memory | 79.00% Memory free

900.00 Mb Paging File | 835.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1516 1516 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 143.05 Gb Total Space | 126.84 Gb Free Space | 88.67% Space Free | Partition Type: NTFS

Drive E: | 16.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive X: | 3.73 Gb Total Space | 3.33 Gb Free Space | 89.23% Space Free | Partition Type: FAT

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)

SRV - [2011/01/11 04:37:40 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)

SRV - [2010/12/22 12:14:12 | 000,515,096 | ---- | M] (Ant.com) [Auto] -- C:\Program\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)

SRV - [2010/11/29 05:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®

SRV - [2010/11/11 07:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/10/01 13:07:32 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV - [2010/10/01 06:48:36 | 000,578,880 | ---- | M] (Tele2) [Auto] -- C:\Program\Tele2 Connect\ATService.exe -- (CTATSvc)

SRV - [2010/10/01 06:48:28 | 002,602,304 | ---- | M] (Tele2) [Auto] -- C:\Program\Tele2 Connect\Connect.exe -- (CTConnect)

SRV - [2008/11/27 06:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/09/12 09:01:28 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2008/04/15 08:00:00 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)

SRV - [2008/04/15 08:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)

SRV - [2008/02/27 05:07:26 | 000,594,600 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)

SRV - [2008/02/27 05:07:14 | 000,098,984 | ---- | M] () [Auto] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)

SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)

DRV - File not found [Kernel | On_Demand] -- -- (Rts516xIR)

DRV - File not found [Kernel | On_Demand] -- -- (RSUSBSTOR)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] -- -- (int15.sys)

DRV - File not found [Kernel | On_Demand] -- -- (hwusbfake)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - File not found [Kernel | On_Demand] -- -- (catchme)

DRV - [2011/03/21 11:39:33 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2011/03/21 11:39:33 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2011/03/21 11:39:33 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2011/03/21 11:39:33 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2011/03/09 06:10:45 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)

DRV - [2011/03/09 06:09:27 | 001,759,744 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2011/02/24 18:53:10 | 000,032,840 | ---- | M] (wj32) [Kernel | System] -- C:\Program\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)

DRV - [2011/01/11 04:37:40 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)

DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/12/07 14:53:00 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2009/10/12 10:21:00 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)

DRV - [2009/02/23 23:22:48 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)

DRV - [2009/02/03 06:53:48 | 000,112,480 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

DRV - [2009/01/20 06:53:06 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2008/12/08 11:21:20 | 000,110,080 | R--- | M] (ZTE Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)

DRV - [2008/12/08 11:21:20 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV - [2008/12/08 11:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)

DRV - [2008/12/08 11:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV - [2008/12/08 11:21:20 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV - [2008/12/08 11:21:20 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Leif_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\Leif_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0

FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.2.2

FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:2.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:3.0.0.1303

FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:6.5.0.1234

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/02/19 06:24:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2011/03/21 11:44:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/03/24 13:58:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program\Mozilla Firefox\components [2011/03/08 15:57:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program\Mozilla Firefox\plugins [2011/03/08 15:57:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program\Mozilla Firefox 4.0 Beta 11\components [2011/02/26 12:05:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program\Mozilla Firefox 4.0 Beta 11\plugins

[2009/07/23 09:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leif\Application Data\Mozilla\Extensions

[2011/03/24 16:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\extensions

[2010/11/23 01:58:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/26 15:02:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/02/26 12:13:43 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\extensions\anttoolbar@ant.com

[2011/03/05 13:10:48 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Documents and Settings\Leif\Application Data\Mozilla\Firefox\Profiles\p7e0rniu.default\extensions\artur.dubovoy@gmail.com

[2011/03/23 13:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions

[2010/11/24 03:57:28 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Program\Mozilla Firefox\extensions\artur.dubovoy@gmail.com

[2010/11/24 03:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program\Mozilla Firefox\extensions\staged-xpis

[2011/02/19 06:24:58 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

[2009/07/26 09:46:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/03/24 13:58:09 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM\TREND MICRO\AMSP\MODULE\20004\1.5.1381\6.5.1234\FIREFOXEXTENSION

[2011/03/21 11:44:15 | 000,000,000 | ---D | M] (Trend Micro Toolbar) -- C:\PROGRAM\TREND MICRO\TITANIUM\UIFRAMEWORK\TOOLBAR\FIREFOXEXTENSION

[2010/11/19 09:32:49 | 000,001,470 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\allaannonser-sv-SE.xml

[2010/11/19 09:32:49 | 000,002,670 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\prisjakt-sv-SE.xml

[2010/11/19 09:32:49 | 000,000,948 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\tyda-sv-SE.xml

[2010/11/19 09:32:49 | 000,001,174 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\wikipedia-sv-SE.xml

[2010/11/19 09:32:49 | 000,000,647 | ---- | M] () -- C:\Program\Mozilla Firefox\searchplugins\yahoo-sv-SE.xml

O1 HOSTS File: ([2011/03/20 07:53:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Lexmark Verktygsfält) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2 - BHO: (Open FVD Suite IE Plugin) - {2B171655-A70C-5c18-B693-6CB5DC269D44} - C:\Program\FVDIEPlugin\FVDIEPlugin_1.dll (paulov.ru)

O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program\Ant.com\IE add-on\Download.dll (Ant.com)

O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (IEButton Class) - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Program\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (UnH Solutions)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Lexmark Verktygsfält) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (FVD Suite IE Plugin) - {2B171655-A70C-5c18-B693-6CB5DC269D41} - C:\Program\FVDIEPlugin\FVDIEPlugin_1.dll (paulov.ru)

O3 - HKLM\..\Toolbar: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O3 - HKU\Leif_ON_C\..\Toolbar\ShellBrowser: (Lexmark Verktygsfält) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program\Lexmark Toolbar\toolband.dll ()

O3 - HKU\Leif_ON_C\..\Toolbar\WebBrowser: (Lexmark Verktygsfält) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program\Lexmark Toolbar\toolband.dll ()

O3 - HKU\Leif_ON_C\..\Toolbar\WebBrowser: (FVD Suite IE Plugin) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - C:\Program\FVDIEPlugin\FVDIEPlugin_1.dll (paulov.ru)

O3 - HKU\Leif_ON_C\..\Toolbar\WebBrowser: (Ant.com Download Toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program\Ant.com\IE add-on\AntToolbar.dll (Ant.com)

O3 - HKU\Leif_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\Leif_ON_C\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ConnecteSupport] C:\Program\Tific\Tific Client G1\ConnecteSupport.exe (Tific)

O4 - HKLM..\Run: [iAAnotif] C:\Program\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )

O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program\Delade filer\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\Leif_ON_C..\Run: [LManager] C:\Program\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Connect Monitor.lnk = C:\Program\Tele2 Connect\WVPNMonitor.exe (Tele2)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\~Disabled [2011/03/09 16:02:48 | 000,000,000 | -H-D | M]

O4 - Startup: C:\Documents and Settings\Leif\Start-meny\Program\Autostart\DesktopEarth AutoStart.lnk = C:\Documents and Settings\Leif\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Leif_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Leif_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Leif_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\Leif_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Leif_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\Leif_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: oduwjblmkjufynwjwliqTaskMgr = 0

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program\Ant.com\IE add-on\Download.dll (Ant.com)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Min aktuella startsida) - About:Home

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/03/04 17:03:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/09/09 19:32:00 | 000,149,368 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2009/06/18 04:06:19 | 000,000,052 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2006/03/24 12:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 10:41:08 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/03/25 03:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Skrivbord\OTLPE

[2011/03/25 03:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Skrivbord\OTLPEStd

[2011/03/24 04:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\7-Zip

[2011/03/24 04:08:31 | 000,000,000 | ---D | C] -- C:\Program\7-Zip

[2011/03/24 03:22:49 | 098,078,016 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Leif\Skrivbord\OTLPEStd.exe

[2011/03/21 12:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trend Micro

[2011/03/21 11:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Start-meny\Program\Trend Micro Titanium Maximum Security

[2011/03/21 11:45:22 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/03/21 11:45:22 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2011/03/21 11:45:22 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2011/03/21 11:44:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Trend Micro

[2011/03/21 11:16:27 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/03/21 10:59:49 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro

[2011/03/21 10:59:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/03/21 08:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Trend Micro(2)

[2011/03/21 08:23:16 | 000,000,000 | ---D | C] -- C:\Program\Trend Micro(2)

[2011/03/20 11:18:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)

[2011/03/20 07:51:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2011/03/20 07:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Mina dokument\Mina skyddade filer

[2011/03/19 17:39:48 | 000,000,000 | ---D | C] -- C:\temp

[2011/03/18 07:28:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Lokala inställningar\Application Data\Trend Micro

[2011/03/17 02:58:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies

[2011/03/13 11:31:13 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/03/12 02:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Columbitech

[2011/03/12 02:18:28 | 000,000,000 | ---D | C] -- C:\Program\Tele2 Connect

[2011/03/12 02:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Lokala inställningar\Application Data\Tific

[2011/03/12 02:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Application Data\Tific

[2011/03/12 02:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tele2 Connect

[2011/03/12 02:17:59 | 000,000,000 | ---D | C] -- C:\Program\Tific

[2011/03/12 02:17:52 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Tific

[2011/03/11 15:38:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/03/11 15:38:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/03/11 15:38:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/03/11 15:38:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/03/11 15:37:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/03/09 15:42:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/03/09 05:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Application Data\Uniblue

[2011/03/09 05:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Uniblue

[2011/03/09 05:56:12 | 000,000,000 | ---D | C] -- C:\Program\Uniblue

[2011/03/08 16:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trend Micro

[2011/03/08 16:43:51 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys

[2011/03/08 16:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro

[2011/02/27 02:33:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favoriter

[2011/02/26 13:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Start-meny\Program\SpyHunter

[2011/02/26 13:11:22 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2011/02/26 12:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2011/02/26 12:25:54 | 000,000,000 | ---D | C] -- C:\Program\Delade filer\Java

[2011/02/26 12:23:35 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2011/02/26 12:23:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2011/02/26 12:23:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2011/02/26 12:23:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2011/02/26 12:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leif\Application Data\Process Hacker 2

[2011/02/26 12:17:01 | 000,000,000 | ---D | C] -- C:\Program\XPSysPad

[2011/02/26 12:05:13 | 000,000,000 | ---D | C] -- C:\Program\Mozilla Firefox 4.0 Beta 11

[2011/02/26 11:58:33 | 000,000,000 | ---D | C] -- C:\Program\DesktopEarth

[2011/02/26 11:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start-meny\Program\Process Hacker 2

[2011/02/26 11:33:19 | 000,000,000 | ---D | C] -- C:\Program\Process Hacker 2

[2011/02/26 10:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/02/26 10:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/02/25 17:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2011/02/25 17:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2009/10/02 04:48:10 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll

[2009/10/02 04:48:09 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll

[2009/10/02 04:48:09 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll

[2009/10/02 04:48:09 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll

[2009/10/02 04:48:09 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll

[2009/10/02 04:48:09 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll

[2009/10/02 04:48:08 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll

[2009/10/02 04:48:08 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll

[2009/10/02 04:48:07 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll

[2009/10/02 04:48:07 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe

[2009/10/02 04:48:06 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe

[2009/10/02 04:48:05 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll

[2009/10/02 04:48:05 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll

[2009/10/02 04:48:05 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe

[2009/07/23 13:54:44 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2009/07/23 13:54:41 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2009/03/05 01:47:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 09:41:56 | 000,002,788 | ---- | M] () -- C:\Documents and Settings\Leif\Application Data\wklnhst.dat

[2011/03/25 09:23:48 | 000,494,472 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2011/03/25 09:23:48 | 000,460,402 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/03/25 09:23:48 | 000,101,212 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2011/03/25 09:23:48 | 000,077,116 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/03/25 09:20:06 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\Leif\Start-meny\Program\Autostart\DesktopEarth AutoStart.lnk

[2011/03/25 09:19:28 | 000,424,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/03/25 09:16:04 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

[2011/03/25 07:27:48 | 000,000,067 | ---- | M] () -- C:\WINDOWS\xpsyspad.ini

[2011/03/24 09:07:54 | 000,657,616 | ---- | M] () -- C:\Documents and Settings\Leif\Mina dokument\Lisbeth.pdf

[2011/03/24 06:37:03 | 000,259,584 | ---- | M] () -- C:\Documents and Settings\Leif\Skrivbord\Eforum.wps

[2011/03/24 04:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start-meny\Program\7-Zip

[2011/03/24 03:42:51 | 098,078,016 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Leif\Skrivbord\OTLPEStd.exe

[2011/03/22 03:38:55 | 000,184,320 | ---- | M] () -- C:\Documents and Settings\Leif\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/21 11:47:04 | 000,000,914 | ---- | M] () -- C:\Documents and Settings\Leif\Skrivbord\Trend Micro Titanium Maximum Security.lnk

[2011/03/21 11:39:33 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/03/21 11:39:33 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmtdi.sys

[2011/03/21 11:39:33 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2011/03/21 11:39:33 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2011/03/21 11:04:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/03/20 07:53:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/03/18 04:56:51 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Leif\Skrivbord\Internet Explorer.lnk

[2011/03/14 02:13:38 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Connect Monitor.lnk

[2011/03/14 02:13:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart

[2011/03/13 11:31:20 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/03/13 04:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start-meny\Program\Advanced SystemCare 3

[2011/03/12 02:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tele2 Connect

[2011/03/09 06:10:45 | 001,606,368 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\athw.sys

[2011/03/09 06:09:27 | 001,759,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2011/03/09 06:09:27 | 000,307,200 | ---- | M] (Sonix) -- C:\WINDOWS\System32\vsnp2uvc.dll

[2011/03/09 06:09:26 | 000,225,280 | ---- | M] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2011/03/09 06:09:26 | 000,196,608 | ---- | M] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[2011/03/09 06:09:26 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe

[2011/03/09 06:09:26 | 000,028,544 | ---- | M] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2011/03/09 06:09:26 | 000,000,304 | ---- | M] () -- C:\WINDOWS\PidList.ini

[2011/03/09 06:06:19 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\DriverScanner.lnk

[2011/03/09 06:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start-meny\Program\Uniblue

[2011/03/09 06:03:59 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\SpeedUpMyPC.lnk

[2011/03/09 05:56:21 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\RegistryBooster.lnk

[2011/03/08 17:07:17 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/03/08 16:56:31 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/03/08 16:22:03 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2011/03/05 13:26:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/03/03 02:22:55 | 000,022,279 | ---- | M] () -- C:\Documents and Settings\Leif\Mina dokument\program i system32.gif

[2011/03/02 09:45:06 | 000,437,370 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110302-155801.backup

[2011/03/01 01:45:28 | 000,007,486 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110302-144506.backup

[2011/02/26 13:06:53 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Leif\updater.html

[2011/02/26 12:17:08 | 000,000,608 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\XPSysPad.lnk

[2011/02/26 12:17:08 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Leif\Skrivbord\XPSysPad.lnk

[2011/02/26 12:05:19 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\Leif\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk

[2011/02/26 12:05:19 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Mozilla Firefox 4.0 Beta 11.lnk

[2011/02/26 11:33:24 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\Leif\Skrivbord\Process Hacker.lnk

[2011/02/26 11:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start-meny\Program\Process Hacker 2

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 09:07:53 | 000,657,616 | ---- | C] () -- C:\Documents and Settings\Leif\Mina dokument\Lisbeth.pdf

[2011/03/24 03:15:41 | 000,259,584 | ---- | C] () -- C:\Documents and Settings\Leif\Skrivbord\Eforum.wps

[2011/03/21 11:46:54 | 000,000,914 | ---- | C] () -- C:\Documents and Settings\Leif\Skrivbord\Trend Micro Titanium Maximum Security.lnk

[2011/03/18 04:56:51 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Leif\Skrivbord\Internet Explorer.lnk

[2011/03/13 11:31:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/03/13 11:31:15 | 000,260,784 | RHS- | C] () -- C:\cmldr

[2011/03/12 02:18:34 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Connect Monitor.lnk

[2011/03/11 15:38:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/03/11 15:38:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/03/11 15:38:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/03/11 15:38:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/03/11 15:38:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/03/09 06:06:19 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\DriverScanner.lnk

[2011/03/09 06:04:10 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job

[2011/03/09 06:03:59 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\SpeedUpMyPC.lnk

[2011/03/09 05:56:35 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job

[2011/03/09 05:56:21 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\RegistryBooster.lnk

[2011/03/03 02:22:55 | 000,022,279 | ---- | C] () -- C:\Documents and Settings\Leif\Mina dokument\program i system32.gif

[2011/02/27 02:15:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/02/26 13:01:42 | 000,002,568 | ---- | C] () -- C:\Documents and Settings\Leif\updater.html

[2011/02/26 12:28:03 | 000,000,067 | ---- | C] () -- C:\WINDOWS\xpsyspad.ini

[2011/02/26 12:17:08 | 000,000,608 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\XPSysPad.lnk

[2011/02/26 12:17:08 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Leif\Skrivbord\XPSysPad.lnk

[2011/02/26 12:05:19 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\Leif\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 11.lnk

[2011/02/26 12:05:19 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Mozilla Firefox 4.0 Beta 11.lnk

[2011/02/26 11:58:34 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\Leif\Start-meny\Program\Autostart\DesktopEarth AutoStart.lnk

[2011/02/26 11:58:34 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\Leif\Start-meny\Program\DesktopEarth.lnk

[2011/02/26 11:33:24 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\Leif\Skrivbord\Process Hacker.lnk

[2011/02/22 16:08:58 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2011/01/11 04:03:52 | 000,346,120 | ---- | C] () -- C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\FontCache3.0.0.0.dat

[2011/01/02 02:13:15 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll

[2011/01/02 02:13:15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll

[2009/10/02 04:50:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll

[2009/10/02 04:50:20 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll

[2009/10/02 04:49:24 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll

[2009/10/02 04:49:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll

[2009/10/02 04:49:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll

[2009/10/02 04:48:10 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll

[2009/10/02 04:48:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lxdnjswr.dll

[2009/10/02 04:48:08 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxdninsr.dll

[2009/10/02 04:48:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll

[2009/10/02 04:48:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxdncur.dll

[2009/08/29 00:10:39 | 000,002,788 | ---- | C] () -- C:\Documents and Settings\Leif\Application Data\wklnhst.dat

[2009/07/26 13:45:39 | 000,184,320 | ---- | C] () -- C:\Documents and Settings\Leif\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/07/23 13:55:35 | 000,626,688 | ---- | C] () -- C:\WINDOWS\Image.dll

[2009/07/23 13:54:44 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys

[2009/07/23 13:54:43 | 001,759,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2009/07/23 13:54:43 | 000,000,304 | ---- | C] () -- C:\WINDOWS\PidList.ini

[2009/07/23 09:04:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/03/05 04:25:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/03/05 01:47:23 | 000,494,472 | ---- | C] () -- C:\WINDOWS\System32\perfh01D.dat

[2009/03/05 01:47:23 | 000,274,932 | ---- | C] () -- C:\WINDOWS\System32\perfi01D.dat

[2009/03/05 01:47:23 | 000,101,212 | ---- | C] () -- C:\WINDOWS\System32\perfc01D.dat

[2009/03/05 01:47:23 | 000,033,234 | ---- | C] () -- C:\WINDOWS\System32\perfd01D.dat

[2009/03/05 01:47:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2009/03/05 01:47:09 | 000,460,402 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2009/03/05 01:47:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2009/03/05 01:47:09 | 000,077,116 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2009/03/05 01:47:09 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2009/03/05 01:47:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2009/03/05 01:47:08 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2009/03/05 01:47:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2009/03/05 01:47:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2009/03/05 01:47:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2009/03/05 01:46:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2009/03/05 01:46:57 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2009/03/04 17:58:11 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/03/04 17:57:28 | 000,424,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/03/04 17:53:48 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/03/04 17:51:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX2.dat

[2009/03/04 17:51:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat

[2009/03/04 17:51:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat

[2009/03/04 17:51:54 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat

[2009/03/04 17:51:54 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat

[2009/03/04 17:06:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe

[2009/03/04 17:06:13 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/03/04 17:05:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2009/03/04 17:01:35 | 000,021,700 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2009/03/04 17:00:46 | 000,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2009/02/24 22:20:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\LauncheRyDiscCalc.exe

[2008/12/31 11:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2008/12/31 11:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe

[2008/05/26 18:10:02 | 000,014,772 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/26 18:10:00 | 000,022,298 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/26 18:09:58 | 000,014,614 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/05/26 16:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008/05/26 16:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

========== LOP Check ==========

[2009/03/04 18:27:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer

[2009/07/29 15:34:27 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore

[2009/03/04 18:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Acer

[2010/11/23 16:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\AnvSoft

[2011/01/15 17:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Any Video Converter Professional

[2011/03/18 04:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\BitTorrent

[2010/12/12 14:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\DMCache

[2009/07/23 14:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\eSobi

[2010/12/16 01:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\FVDIEPlugin

[2009/07/24 06:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\GlobalSCAPE

[2011/01/11 04:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\LEAPS

[2009/10/03 02:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Lexmark Productivity Studio

[2009/07/26 14:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\OpenOffice.org

[2011/01/11 05:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Pegasys Inc

[2011/02/26 12:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Process Hacker 2

[2011/02/01 13:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\SourceTec

[2009/09/19 23:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Template

[2011/03/12 02:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Tific

[2011/03/09 06:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Uniblue

[2011/01/22 15:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\uTorrent

[2010/12/14 02:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Windows Desktop Search

[2011/02/01 22:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Windows Live Writer

[2010/12/15 05:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Windows Search

[2011/01/22 15:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\XBMC

[2010/12/12 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leif\Application Data\Youtube Downloader HD

[2009/07/23 08:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2009/07/30 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone

[2011/02/01 12:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com

[2010/11/23 02:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology

[2011/03/12 02:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Columbitech

[2010/11/20 05:56:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2010/11/20 04:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi

[2011/02/19 06:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/03/24 16:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009/07/24 08:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/09/07 04:49:00 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2011/03/25 09:16:04 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 194 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

25 mars, 2011

http://www.virustotal.com/file-scan/report.html?id=41569b511dfa8c163ea1b41a4dea49dbe0f4b304b9938422dca5cd3b8c098982-1301080828

http://www.virustotal.com/file-scan/reanalysis.html?id=c58b812b7f688ca96adc65fd74281ddad9682417509280bb0f65b9c091d0908c-1301080747

http://www.virustotal.com/file-scan/reanalysis.html?id=b296f482a598fd83a59a65212aaeb99a2e007853773155b79dc473890186eb3d-1301080856

25 mars, 2011

De filerna såg ju bra ut.

Starta Anteckningar.

Kopiera alla raderna i rutan:

%SYSTEMDRIVE%\*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
regedit.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\System32\config\*.sav

Klistra in dem i Anteckningar. Se till att det ser likadant ut när det gäller radbrytningar. Spara filen som C:\FixOTLPE.txt. OBS! Mappen C:\.

Starta om datorn från OTLPE-skivan igen. Svara likadant på frågorna.

Dubbelklicka i rutan för Custom Scans/Fixes. Det kommer upp en fråga om du vill läsa in "custom scan" från en fil. Välj Yes.

Leta upp C:\FixOTLPE.txt och klicka Open.

Tryck på Run Fix.

När skanningen är klar så kommer loggfilen OTL.txt att sparas i mappen C:\, eller enligt vissa i mappen C:\_OTL eller dess undermappar.

Starta om datorn från hårddisken och klistra in loggfilen OTL.txt i ditt svar.

26 mars, 2011

Ja, bara en av filerna hade någon form av "kommentar", och då av Trend.

Körde en fullskanning av Trend efter detta men med resultatet "0 hot".

26 mars, 2011

Sorry, men: