MaPe

Tack så hjärtligt för all hjälp och ha det så gott!

Har inte kunnat ta bort den gamla Javaversionen du nämner, kunde inte hitta något via kontrollpanelen I övrigt verkar datorn vara ok, har inte märkts några konstigheter längre.

2. Har avinstallerat Premium Codec mha Kontrollpanelen Avinstallera/Lägg till program 4. DDS log: DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by sul11isak at 20:45:21 on 2012-10-22 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.703 [GMT 2:00] . AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned> BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\SUL11I~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoAutorun = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B3250C6D-0ECF-4138-BD7C-7083043B1945} : DHCPNameServer = 172.23.10.10 172.21.10.10 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3}\C42435 : DHCPNameServer = 172.23.10.10 172.21.10.10 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-21 56208] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600] R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-21 30520] R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-5-8 35840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-9-21 301232] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-21 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-9-21 158720] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832] R3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;C:\Windows\System32\drivers\NETwNs64.sys [2012-9-21 8507392] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-9-21 75776] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-9-21 177152] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 188224] R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2012-9-21 59008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-7 250808] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-21 1432400] S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 113120] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-10-22 11:26:53 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DC0CFF2-203E-4644-993F-D971A32645A2}\mpengine.dll 2012-10-22 05:39:31 -------- d-sh--w- C:\$RECYCLE.BIN 2012-10-21 14:01:59 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Malwarebytes 2012-10-21 14:01:21 -------- d-----w- C:\ProgramData\Malwarebytes 2012-10-21 11:30:11 98816 ----a-w- C:\Windows\sed.exe 2012-10-21 11:30:11 256000 ----a-w- C:\Windows\PEV.exe 2012-10-21 11:30:11 208896 ----a-w- C:\Windows\MBR.exe 2012-10-20 15:06:36 -------- d-----w- C:\found.000 2012-10-18 18:05:32 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37:14 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17:47 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-10-11 17:56:12 -------- d-----w- C:\Program Files (x86)\StarCraft II 2012-10-11 17:23:59 -------- d-----w- C:\ProgramData\Battle.net 2012-10-11 16:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13:12 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49:57 -------- d-----w- C:\Program Files (x86)\LucasArts 2012-10-10 06:55:49 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 06:55:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 06:55:30 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 06:55:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 06:55:28 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 06:55:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 06:55:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 06:55:27 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 06:55:26 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 06:55:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-08 18:15:17 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-02 09:32:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-10-01 16:57:27 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-24 09:05:27 -------- d-----w- C:\Windows\SysWow64\xlive 2012-09-24 09:05:27 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58:05 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:01 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58:01 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57:15 -------- d-----w- C:\Windows\System32\RsFx 2012-09-24 08:53:02 -------- d-----w- C:\Program Files\Microsoft SQL Server 2012-09-24 08:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-09-24 08:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-09-24 08:51:34 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-09-24 08:48:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2012-09-24 08:48:45 -------- d-----w- C:\Program Files\IIS 2012-09-24 08:48:44 -------- d-----w- C:\Program Files (x86)\IIS 2012-09-24 08:41:22 -------- d-----w- C:\Windows\SysWow64\1033 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Microsoft F# 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules 2012-09-24 08:26:34 2380224 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19:16 -------- d-----w- C:\Windows\System32\appmgmt 2012-09-24 08:17:28 -------- d-----w- C:\Windows\System32\1033 2012-09-24 07:36:46 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Help Viewer . ==================== Find3M ==================== . 2012-10-09 13:17:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 07:45:39 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-21 07:45:39 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-21 07:44:42 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-21 07:44:42 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll . ============= FINISH: 20:45:44,35 =============== attach2.txt

1. CombFis log: ComboFix 12-10-21.01 - sul11isak 2012-10-22 7:30.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.671 [GMT 2:00] Körs från: c:\users\Sul11Isak\Desktop\ComboFix.exe Kommandoväxlar som använts :: c:\users\Sul11Isak\Desktop\CFScript.txt AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\programdata\Babylon c:\users\Sul11Isak\AppData\Local\Conduit c:\users\Sul11Isak\AppData\Roaming\Babylon c:\users\Sul11Isak\AppData\Roaming\Babylon\log_file.txt . . (((((((((((((((((((((((( Filer skapade från 2012-09-22 till 2012-10-22 )))))))))))))))))))))))))))))) . . 2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\sa.mdt\AppData\Local\temp 2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\Administratör\AppData\Local\temp 2012-10-22 05:24 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57510484-6776-4F6C-9337-556194912D4E}\mpengine.dll 2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Malwarebytes 2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\programdata\Malwarebytes 2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-10-21 14:01 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-20 17:33 . 2012-10-20 17:35 -------- d-----w- c:\program files (x86)\ERUNT 2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- C:\found.000 2012-10-18 18:05 . 2012-10-18 18:05 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37 . 2012-10-17 11:37 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17 . 2012-10-15 07:17 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29 . 2012-10-14 15:29 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56 . 2012-10-11 18:52 -------- d-----w- c:\program files (x86)\StarCraft II 2012-10-11 17:56 . 2012-10-11 18:31 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-10-11 17:23 . 2012-10-11 17:24 -------- d-----w- c:\programdata\Battle.net 2012-10-11 16:58 . 2012-10-11 18:32 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13 . 2012-10-10 15:13 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49 . 2012-10-10 13:57 -------- d-----w- c:\program files (x86)\LucasArts 2012-10-10 13:49 . 2012-10-10 13:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-10-10 13:47 . 2012-10-10 13:47 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\InstallShield 2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 06:55 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 06:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 06:55 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 06:55 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 06:55 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 06:55 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-08 18:15 . 2012-10-08 18:15 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03 . 2012-10-09 13:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-07 09:31 . 2012-10-07 09:33 -------- d--h--w- c:\windows\AxInstSV 2012-10-02 09:32 . 2012-10-02 09:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-10-01 16:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\windows\SysWow64\xlive 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57 . 2012-09-24 08:57 -------- d-----w- c:\windows\system32\RsFx 2012-09-24 08:56 . 2012-09-24 08:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2012-09-24 08:40 . 2012-09-25 17:33 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2012-09-24 08:40 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\Microsoft F# 2012-09-24 08:40 . 2012-09-24 08:42 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-09-24 08:28 . 2012-09-24 08:29 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\vlc 2012-09-24 08:26 . 2012-09-25 17:39 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20 . 2012-09-24 08:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19 . 2012-09-24 08:20 -------- d-----w- c:\windows\system32\appmgmt 2012-09-24 08:17 . 2012-09-24 08:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-09-24 08:17 . 2012-09-24 08:56 -------- d-----w- c:\windows\system32\1033 2012-09-24 07:36 . 2012-09-24 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-09-24 07:26 . 2012-09-24 08:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\windows\symbols 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-09-22 15:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-12 07:19 . 2012-09-21 16:08 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-09 13:17 . 2012-09-21 08:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-25 17:39 . 2012-09-24 08:26 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-21 09:11 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-09-21 08:14 . 2012-09-21 08:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-09-21 08:14 . 2012-09-21 08:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-09-21 08:14 . 2012-09-21 08:14 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-09-21 08:14 . 2012-09-21 08:14 222208 ----a-w- c:\windows\system32\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 197120 ----a-w- c:\windows\system32\msrating.dll 2012-09-21 08:14 . 2012-09-21 08:14 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-09-21 08:14 . 2012-09-21 08:14 149504 ----a-w- c:\windows\system32\occache.dll 2012-09-21 08:14 . 2012-09-21 08:14 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-09-21 08:14 . 2012-09-21 08:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 12288 ----a-w- c:\windows\system32\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 114176 ----a-w- c:\windows\system32\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-09-21 08:14 . 2012-09-21 08:14 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 82432 ----a-w- c:\windows\system32\icardie.dll 2012-09-21 08:14 . 2012-09-21 08:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-09-21 08:14 . 2012-09-21 08:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-09-21 08:14 . 2012-09-21 08:14 448512 ----a-w- c:\windows\system32\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-09-21 08:14 . 2012-09-21 08:14 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-09-21 08:14 . 2012-09-21 08:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-09-21 08:14 . 2012-09-21 08:14 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-09-21 08:14 . 2012-09-21 08:14 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-09-21 08:14 . 2012-09-21 08:14 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 103936 ----a-w- c:\windows\system32\inseng.dll 2012-09-21 07:45 . 2012-09-21 07:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-21 07:45 . 2012-09-21 07:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 07:36 . 2012-09-21 07:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll 2012-08-22 18:12 . 2012-09-21 16:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-21 16:07 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-21 16:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-21 16:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:38 . 2012-10-10 06:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-02 17:58 . 2012-09-21 16:07 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-21 16:07 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . c:\users\Sul11Isak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ OCS Inventory NG Systray.lnk - c:\program files (x86)\OCS Inventory Agent\OcsSystray.exe [2011-5-8 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\0\0] "Script"=LastLogin.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\1\0] "Script"=login-mapping-domain.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\2\0] "Script"=OCS-Agent.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-21 1432400] R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-19 89600] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-09 30520] S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-05-08 35840] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-19 301232] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-07-19 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-19 8507392] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-19 75776] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-19 177152] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2011-07-19 59008] . . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:17] . 2012-10-22 c:\windows\Tasks\CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job - c:\programdata\Premium\Codec\Codec.exe [2012-09-21 12:31] . 2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-19 489472] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2012-10-22 07:43:07 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-22 05:43 . Före genomsökningen: 170 107 650 048 byte ledigt Efter genomsökningen: 169 774 804 992 byte ledigt . - - End Of File - - 528FAD4666C76B4426D2A20843BAF170 2. Resultat av onlinescaninning: C:\ProgramData\Premium\Codec\runtime.dll Win32/GenUpdater application C:\Users\All Users\Premium\Codec\runtime.dll Win32/GenUpdater application C:\Users\Sul11Isak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EUNIRV4X\f003c44deab679aa2edfaff864c77402[1].htm HTML/Iframe.B.Gen virus 3. Detta är en sk elevdator som Isak lånar under terminstid, så antivirusprogrammet har skolan valt.

2. Avinstalleat 3. MBAM loggen kommer här: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Databasversion: v2012.10.21.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 sul11isak :: LLD359LT [administratör] 2012-10-21 16:03:05 mbam-log-2012-10-21 (16-03-05).txt Skanningstyp: Fullständig skanning (C:\|) Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM Inaktiverade skanningsalternativ: P2P Antal skannade objekt: 469784 Förfluten tid: 1 timme(ar), 2 minut(er), 27 sekund(er) Upptäckta minnesprocesser: 0 (Inga skadliga poster hittades) Upptäckta minnesmoduler: 0 (Inga skadliga poster hittades) Upptäckta registernycklar: 0 (Inga skadliga poster hittades) Upptäckta registervärden: 0 (Inga skadliga poster hittades) Upptäckta registerdataposter: 0 (Inga skadliga poster hittades) Upptäckta mappar: 0 (Inga skadliga poster hittades) Upptäckta filer: 0 (Inga skadliga poster hittades) (klar)

1. Enligt Isak behövs Codec (http://www.allpremiumsoft.com) tillsammans med DivX Plus för att titta på en viss streamad film. För att även höra ljud ska en Direct Show encoder laddas ner, men det har han inte lyckats med ännu. 2. Länkar till VirusTotal: https://www.virustotal.com/file/de1c043cd39c887c12ab24581903cd242287afeb46c7c02e9b52a659ae2945a7/analysis/1350817155/ https://www.virustotal.com/file/4eaf177ee831e9b99e3e8704264d2f25cbc33f24d59fbbe5f98e288f2a35d606/analysis/1350817532/ 3. Avinstallerat 4. Såvitt vi kunde se kom inget särskilt meddelande upp från ComboFix, detta är loggen: ComboFix 12-10-21.01 - sul11isak 2012-10-21 13:32:04.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.769 [GMT 2:00] Körs från: c:\users\Sul11Isak\Desktop\ComboFix.exe AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_nvsvc . . (((((((((((((((((((((((( Filer skapade från 2012-09-21 till 2012-10-21 )))))))))))))))))))))))))))))) . . 2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- c:\users\sa.mdt\AppData\Local\temp 2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-20 17:33 . 2012-10-20 17:35 -------- d-----w- c:\program files (x86)\ERUNT 2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- C:\found.000 2012-10-18 18:05 . 2012-10-18 18:05 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37 . 2012-10-17 11:37 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17 . 2012-10-15 07:17 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29 . 2012-10-14 15:29 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56 . 2012-10-11 18:52 -------- d-----w- c:\program files (x86)\StarCraft II 2012-10-11 17:56 . 2012-10-11 18:31 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-10-11 17:23 . 2012-10-11 17:24 -------- d-----w- c:\programdata\Battle.net 2012-10-11 16:58 . 2012-10-11 18:32 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13 . 2012-10-10 15:13 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49 . 2012-10-10 13:57 -------- d-----w- c:\program files (x86)\LucasArts 2012-10-10 13:49 . 2012-10-10 13:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2012-10-10 13:47 . 2012-10-10 13:47 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\InstallShield 2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 06:55 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 06:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 06:55 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 06:55 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 06:55 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 06:55 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 06:55 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-08 18:15 . 2012-10-08 18:15 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03 . 2012-10-09 13:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-07 09:31 . 2012-10-07 09:33 -------- d--h--w- c:\windows\AxInstSV 2012-10-02 09:32 . 2012-10-02 09:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-10-01 16:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\windows\SysWow64\xlive 2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57 . 2012-09-24 08:57 -------- d-----w- c:\windows\system32\RsFx 2012-09-24 08:56 . 2012-09-24 08:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2012-09-24 08:40 . 2012-09-25 17:33 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2012-09-24 08:40 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\Microsoft F# 2012-09-24 08:40 . 2012-09-24 08:42 -------- d-----w- c:\program files (x86)\HTML Help Workshop 2012-09-24 08:28 . 2012-09-24 08:29 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\vlc 2012-09-24 08:26 . 2012-09-25 17:39 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20 . 2012-09-24 08:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19 . 2012-09-24 08:20 -------- d-----w- c:\windows\system32\appmgmt 2012-09-24 08:17 . 2012-09-24 08:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0 2012-09-24 08:17 . 2012-09-24 08:56 -------- d-----w- c:\windows\system32\1033 2012-09-24 07:36 . 2012-09-24 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA 2012-09-24 07:26 . 2012-09-24 08:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\windows\symbols 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0 2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Help Viewer 2012-09-22 15:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-09-21 17:24 . 2012-09-21 07:30 -------- d-----w- c:\windows\Panther 2012-09-21 17:23 . 2012-09-21 17:23 -------- d-----w- C:\Boot 2012-09-21 17:20 . 2012-09-21 17:20 -------- d-----w- c:\program files\Synaptics 2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\windows\system32\Wat 2012-09-21 17:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-09-21 17:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-09-21 17:03 . 2011-07-19 07:43 8507392 ----a-w- c:\windows\system32\drivers\NETwNs64.sys 2012-09-21 17:02 . 2011-07-19 07:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-09-21 17:01 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll 2012-09-21 17:01 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys 2012-09-21 17:01 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-09-21 17:01 . 2011-07-19 07:45 90112 ----a-w- c:\windows\system32\snymsico.dll 2012-09-21 17:01 . 2011-07-19 07:45 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 59008 ----a-w- c:\windows\system32\drivers\rismcx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys 2012-09-21 17:01 . 2011-07-19 07:45 172032 ----a-w- c:\windows\system32\rixdicon.dll 2012-09-21 17:01 . 2011-07-19 07:39 75776 ----a-w- c:\windows\system32\drivers\nusb3hub.sys 2012-09-21 17:01 . 2011-07-19 07:39 177152 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys 2012-09-21 16:23 . 2012-09-21 16:23 -------- d-----w- c:\program files (x86)\Conduit 2012-09-21 16:23 . 2012-09-24 08:24 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Conduit 2012-09-21 16:08 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-21 15:55 . 2012-09-21 15:55 -------- d-----w- c:\windows\SysWow64\searchplugins 2012-09-21 15:55 . 2012-09-21 15:55 -------- d-----w- c:\windows\SysWow64\Extensions 2012-09-21 15:55 . 2012-09-21 15:55 315 ----a-w- C:\user.js 2012-09-21 15:54 . 2012-09-21 15:54 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Babylon 2012-09-21 15:54 . 2012-09-21 15:54 -------- d-----w- c:\programdata\Babylon 2012-09-21 15:44 . 2012-09-21 15:44 -------- d-----w- c:\users\Sul11Isak\AppData\Local\DDMSettings 2012-09-21 15:38 . 2012-09-21 16:07 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\DivX 2012-09-21 15:37 . 2012-09-21 15:38 -------- d-----w- c:\program files\DivX 2012-09-21 15:37 . 2012-09-21 15:38 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2012-09-21 15:37 . 2012-09-21 15:37 -------- d-----w- c:\program files\Google 2012-09-21 15:36 . 2012-09-21 15:39 -------- d-----w- c:\program files (x86)\DivX 2012-09-21 15:35 . 2012-09-21 15:39 -------- d-----w- c:\programdata\DivX 2012-09-21 15:32 . 2012-09-30 00:46 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Google 2012-09-21 15:32 . 2012-09-21 15:32 -------- d-----w- c:\programdata\Premium 2012-09-21 15:31 . 2012-09-21 15:58 -------- d-----w- c:\programdata\Codec-V 2012-09-21 15:30 . 2012-09-21 15:32 -------- d-----w- c:\programdata\InstallMate 2012-09-21 11:54 . 2012-10-19 06:52 -------- d-----w- c:\users\Sul11Isak\AppData\Local\cache 2012-09-21 11:49 . 2012-10-20 15:44 -------- d-----w- c:\programdata\FLEXnet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 13:17 . 2012-09-21 08:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-25 17:39 . 2012-09-24 08:26 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-21 09:11 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-09-21 08:14 . 2012-09-21 08:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-09-21 08:14 . 2012-09-21 08:14 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-09-21 08:14 . 2012-09-21 08:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-09-21 08:14 . 2012-09-21 08:14 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-21 08:14 . 2012-09-21 08:14 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-09-21 08:14 . 2012-09-21 08:14 222208 ----a-w- c:\windows\system32\msls31.dll 2012-09-21 08:14 . 2012-09-21 08:14 197120 ----a-w- c:\windows\system32\msrating.dll 2012-09-21 08:14 . 2012-09-21 08:14 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-09-21 08:14 . 2012-09-21 08:14 149504 ----a-w- c:\windows\system32\occache.dll 2012-09-21 08:14 . 2012-09-21 08:14 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-09-21 08:14 . 2012-09-21 08:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-09-21 08:14 . 2012-09-21 08:14 12288 ----a-w- c:\windows\system32\mshta.exe 2012-09-21 08:14 . 2012-09-21 08:14 114176 ----a-w- c:\windows\system32\admparse.dll 2012-09-21 08:14 . 2012-09-21 08:14 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-09-21 08:14 . 2012-09-21 08:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-09-21 08:14 . 2012-09-21 08:14 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-09-21 08:14 . 2012-09-21 08:14 82432 ----a-w- c:\windows\system32\icardie.dll 2012-09-21 08:14 . 2012-09-21 08:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-09-21 08:14 . 2012-09-21 08:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-09-21 08:14 . 2012-09-21 08:14 448512 ----a-w- c:\windows\system32\html.iec 2012-09-21 08:14 . 2012-09-21 08:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-09-21 08:14 . 2012-09-21 08:14 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-09-21 08:14 . 2012-09-21 08:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-09-21 08:14 . 2012-09-21 08:14 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-09-21 08:14 . 2012-09-21 08:14 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-09-21 08:14 . 2012-09-21 08:14 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-09-21 08:14 . 2012-09-21 08:14 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\wextract.exe 2012-09-21 08:14 . 2012-09-21 08:14 103936 ----a-w- c:\windows\system32\inseng.dll 2012-09-21 07:45 . 2012-09-21 07:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-21 07:45 . 2012-09-21 07:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 955840 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-21 07:44 . 2012-09-21 07:45 839096 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-21 07:36 . 2012-09-21 07:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll 2012-08-24 10:13 . 2012-09-22 15:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-20 17:38 . 2012-10-10 06:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5CDCDF85-0810-472D-16EC-9B4C7A811901}] 2012-09-21 15:34 145920 ----a-w- c:\programdata\Codec-V\505c89129062c.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . c:\users\Sul11Isak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ OCS Inventory NG Systray.lnk - c:\program files (x86)\OCS Inventory Agent\OcsSystray.exe [2011-5-8 57344] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoAutorun"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\0\0] "Script"=LastLogin.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\1\0] "Script"=login-mapping-domain.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\2\0] "Script"=OCS-Agent.bat . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-21 1432400] R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-19 89600] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-09 30520] S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-05-08 35840] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-19 301232] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-07-19 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-19 8507392] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-19 75776] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-19 177152] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2011-07-19 59008] . . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WS2IFSL . Innehåll i mappen 'Schemalagda aktiviteter': . 2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:17] . 2012-10-21 c:\windows\Tasks\CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job - c:\programdata\Premium\Codec\Codec.exe [2012-09-21 12:31] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . 2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-19 489472] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680] . ------- Extra genomsökning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) Toolbar-Locked - (no file) Toolbar-Locked - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Sluttid: 2012-10-21 13:44:36 - datorn startades om. ComboFix-quarantined-files.txt 2012-10-21 11:44 . Före genomsökningen: 168 676 032 512 byte ledigt Efter genomsökningen: 170 102 509 568 byte ledigt . - - End Of File - - 58A0FDA57AB9B1128E3B718F332175C8

Hej, Här kommer rapporten: RogueKiller V8.1.1 [10/01/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : sul11isak [Admin rights] Mode : Scan -- Date : 10/21/2012 10:46:35 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] Codec.exe -- C:\ProgramData\Premium\Codec\Codec.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job : C:\ProgramData\Premium\Codec\Codec.exe -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2556GSY +++++ --- User --- [MBR] 94944553cd40f81590d2277d1c1ae0f3 [bSP] 2aa1f76fa8ce7440a39b3b87a99c8b9c : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

Hej, Min son råkade idag ut för det som tidigare kallats polistrojan, vilket "låste" datorn. I felsäkert läge gjorde vi en systemåterställning, varefter datorn är "upplåst" igen. Nu skulle vi vilja få hjälp med att ta bort resterna av detta otyg. Tack på förhand! Hälsningar MaPe DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by sul11isak at 19:15:13 on 2012-10-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.700 [GMT 2:00] . AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\ProgramData\Premium\Codec\Codec.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662 uDefault_Page_URL = lbs.se uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned> BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Codec-V Class: {5CDCDF85-0810-472D-16EC-9B4C7A811901} - C:\ProgramData\Codec-V\505c89129062c.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\SUL11I~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoAutorun = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{B3250C6D-0ECF-4138-BD7C-7083043B1945} : DHCPNameServer = 172.23.10.10 172.21.10.10 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3}\C42435 : DHCPNameServer = 172.23.10.10 172.21.10.10 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF - ExtSQL: 2012-09-21 11:13; {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-21 56208] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600] R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-21 30520] R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-5-8 35840] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-9-21 301232] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-21 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-9-21 158720] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832] R3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;C:\Windows\System32\drivers\NETwNs64.sys [2012-9-21 8507392] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-9-21 75776] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-9-21 177152] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 188224] R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2012-9-21 59008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-7 250808] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-21 1432400] S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 113120] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1" ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2012-10-20 15:50:45 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA5B6542-FFE8-44DD-920D-1A91AA0DB923}\mpengine.dll 2012-10-20 15:06:36 -------- d-sh--w- C:\found.000 2012-10-18 18:05:32 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Diagnostics 2012-10-17 11:37:14 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Macromedia 2012-10-15 07:17:47 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Foxit Software 2012-10-14 15:29:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Mozilla 2012-10-11 17:56:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-10-11 17:56:12 -------- d-----w- C:\Program Files (x86)\StarCraft II 2012-10-11 17:23:59 -------- d-----w- C:\ProgramData\Battle.net 2012-10-11 16:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-10-10 15:13:12 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Apple 2012-10-10 13:49:57 -------- d-----w- C:\Program Files (x86)\LucasArts 2012-10-10 06:55:49 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 06:55:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 06:55:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 06:55:30 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 06:55:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 06:55:28 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 06:55:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 06:55:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 06:55:27 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 06:55:26 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 06:55:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-08 18:15:17 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\OpenOffice.org 2012-10-07 10:03:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-07 09:31:24 -------- d--h--w- C:\Windows\AxInstSV 2012-10-02 09:32:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2012-10-01 16:57:27 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll 2012-09-26 08:15:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-24 09:05:27 -------- d-----w- C:\Windows\SysWow64\xlive 2012-09-24 09:05:27 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2012-09-24 08:58:05 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll 2012-09-24 08:58:01 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:58:01 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll 2012-09-24 08:57:15 -------- d-----w- C:\Windows\System32\RsFx 2012-09-24 08:53:02 -------- d-----w- C:\Program Files\Microsoft SQL Server 2012-09-24 08:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2012-09-24 08:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-09-24 08:51:34 -------- d-----w- C:\ProgramData\PreEmptive Solutions 2012-09-24 08:48:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET 2012-09-24 08:48:45 -------- d-----w- C:\Program Files\IIS 2012-09-24 08:48:44 -------- d-----w- C:\Program Files (x86)\IIS 2012-09-24 08:41:22 -------- d-----w- C:\Windows\SysWow64\1033 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Microsoft F# 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop 2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules 2012-09-24 08:26:34 2380224 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-09-24 08:20:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0 2012-09-24 08:19:16 -------- d-----w- C:\Windows\System32\appmgmt 2012-09-24 08:17:28 -------- d-----w- C:\Windows\System32\1033 2012-09-24 07:36:46 -------- d-----w- C:\Program Files (x86)\Microsoft XNA 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0 2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Help Viewer 2012-09-22 15:02:12 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-09-21 17:24:04 -------- d-----w- C:\Windows\Panther 2012-09-21 17:23:51 -------- d-sh--w- C:\Boot 2012-09-21 17:20:43 -------- d-----w- C:\Program Files\Synaptics 2012-09-21 17:17:52 -------- d-----w- C:\Windows\SysWow64\Wat 2012-09-21 17:17:51 -------- d-----w- C:\Windows\System32\Wat 2012-09-21 17:14:51 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-09-21 17:13:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-09-21 17:03:39 8507392 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys 2012-09-21 17:02:51 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll 2012-09-21 17:01:55 31040 ----a-w- C:\Windows\System32\nvhdap64.dll 2012-09-21 17:01:55 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys 2012-09-21 17:01:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll 2012-09-21 17:01:53 90112 ----a-w- C:\Windows\System32\snymsico.dll 2012-09-21 17:01:53 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys 2012-09-21 17:01:53 59008 ----a-w- C:\Windows\System32\drivers\rismcx64.sys 2012-09-21 17:01:53 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys 2012-09-21 17:01:53 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys 2012-09-21 17:01:53 172032 ----a-w- C:\Windows\System32\rixdicon.dll 2012-09-21 17:01:52 75776 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys 2012-09-21 17:01:52 177152 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys 2012-09-21 16:23:49 -------- d-----w- C:\Program Files (x86)\Conduit 2012-09-21 16:23:46 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Conduit 2012-09-21 16:08:51 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-21 15:55:36 -------- d-----w- C:\Windows\SysWow64\searchplugins 2012-09-21 15:55:36 -------- d-----w- C:\Windows\SysWow64\Extensions 2012-09-21 15:54:43 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Babylon 2012-09-21 15:54:43 -------- d-----w- C:\ProgramData\Babylon 2012-09-21 15:44:18 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\DDMSettings 2012-09-21 15:37:51 -------- d-----w- C:\Program Files\DivX 2012-09-21 15:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2012-09-21 15:36:24 -------- d-----w- C:\Program Files (x86)\DivX 2012-09-21 15:35:29 -------- d-----w- C:\ProgramData\DivX 2012-09-21 15:32:56 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Google 2012-09-21 15:32:43 -------- d-----w- C:\ProgramData\Premium 2012-09-21 15:31:04 -------- d-----w- C:\ProgramData\Codec-V 2012-09-21 15:30:48 -------- d-----w- C:\ProgramData\InstallMate 2012-09-21 11:54:33 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\cache 2012-09-21 11:39:21 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared 2012-09-21 11:38:33 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Autodesk 2012-09-21 11:35:57 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared 2012-09-21 11:35:57 -------- d-----w- C:\Program Files\Autodesk 2012-09-21 11:32:59 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared 2012-09-21 11:32:59 -------- d-----w- C:\Program Files (x86)\Autodesk 2012-09-21 11:31:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Autodesk 2012-09-21 11:01:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Adobe 2012-09-21 09:14:54 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes 2012-09-21 09:13:49 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 2012-09-21 09:12:28 -------- d-----w- C:\Windows\sv 2012-09-21 09:11:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-09-21 09:10:51 -------- d-----w- C:\Windows\PCHEALTH 2012-09-21 09:10:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\DSETUP.dll 2012-09-21 09:10:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\DXSETUP.exe 2012-09-21 09:10:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\DXSETUP.exe 2012-09-21 09:10:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\dsetup32.dll 2012-09-21 09:10:18 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\DSETUP.dll 2012-09-21 09:10:18 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\dsetup32.dll 2012-09-21 09:10:15 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-09-21 09:08:51 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-09-21 09:03:50 -------- d-----w- C:\Program Files (x86)\Unity 2012-09-21 09:02:15 -------- d-----w- C:\totalcmd 2012-09-21 09:00:24 -------- d-----w- C:\Program Files (x86)\FreeMind 2012-09-21 08:58:59 -------- d-----w- C:\Program Files (x86)\Foxit Software 2012-09-21 08:58:36 -------- d-----w- C:\Program Files (x86)\Lame For Audacity 2012-09-21 08:58:27 -------- d-----w- C:\Program Files (x86)\Audacity 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-09-21 08:46:23 -------- d-----w- C:\ProgramData\ALM 2012-09-21 08:27:49 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2012-09-21 08:27:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys 2012-09-21 08:27:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys 2012-09-21 08:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2012-09-21 08:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2012-09-21 08:20:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 08:16:35 -------- d-----w- C:\Program Files (x86)\OCS Inventory Agent 2012-09-21 08:16:09 -------- d-----w- C:\ProgramData\OCS Inventory NG 2012-09-21 08:09:43 142336 ----a-w- C:\Windows\System32\poqexec.exe 2012-09-21 08:09:43 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe 2012-09-21 07:46:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-21 07:46:02 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-21 07:45:09 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-21 07:45:09 839096 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-21 07:36:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll 2012-09-21 07:31:40 -------- d-sh--w- C:\Windows\Installer 2012-09-21 07:31:40 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-09-21 07:31:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-09-21 07:31:10 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-09-21 07:31:03 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-09-21 07:31:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-09-21 07:30:50 -------- d-----w- C:\Windows\wlansvc 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Start-meny 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Skrivbord 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Programdata 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Mallar 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Favoriter 2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Dokument 2012-09-21 07:30:44 -------- d-sh--we C:\Program Files\Delade filer 2012-09-21 07:30:44 -------- d-sh--we C:\Program 2012-09-21 07:30:44 -------- d-sh--w- C:\Recovery . ==================== Find3M ==================== . 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll . ============= FINISH: 19:16:07,57 =============== Attach1.txt

Combofix-log: ComboFix 11-06-05.01 - Magnus Petterson 2011-06-07 19:52:12.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1259 [GMT 2:00] Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\pagerage c:\program files\pagerage\YontooIEClient.dll . . (((((((((((((((((((((((( Filer Skapade från 2011-05-07 till 2011-06-07 )))))))))))))))))))))))))))))) . . 2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes 2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip 2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-07 06:12 . 2011-06-07 06:12 16384 c:\windows\temp\Perflib_Perfdata_e4.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216] "nwiz"="nwiz.exe" [2006-03-16 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768] "RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"= "d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110] R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278] S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.asus.com/ uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/ IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-07 19:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*] "D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Sluttid: 2011-06-07 20:00:57 ComboFix-quarantined-files.txt 2011-06-07 18:00 ComboFix2.txt 2011-06-05 16:20 ComboFix3.txt 2011-06-05 14:49 . Före genomsökningen: 19 559 550 976 bytes free Efter genomsökningen: 19 559 931 904 byte ledigt . - - End Of File - - FD24E53C3069D55696382CFEFC00DAB0

http://forums.spybot.info/showthread.php?t=62640 Jag hittade länken ovan som beskriver manuell borttagning av Yontoo.Pagerage och min Combofix-log i inlägg #11 verkar innehålla det mesta förutom den .dll-fil som finns i DDS-logen i inlägg #13. Jag hittar inga andra filer än YontooIEClient.dll i programmappen - kan det vara så att allt annat har tagits bort? Inlägg #11 Combofix-log: ((((( Andra raderingar ))))) c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe Inlägg #13 Combofix-log: (((((Filer Skapade från 2011-05-05 till 2011-06-05 ))))) 2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage DDS-log: =====Pseudo HJT Report===== BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll =====CreatedLast30===== 2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage

C:\Program Files\PageRage\YontooIEClient.dll Innan jag gör det avslutande undrar jag kring filen ovan: Jag hittar ingen PageRage i min kontrollpanel, inget som börjar på Yontoo* heller. När jag Googlade på filnamnet fick jag intrycket av att man skulle försöka göra sig av med den och att det behövdes särskilda verktyg för detta. Nu vet jag inte riktigt vad jag ska tro, vad är din åsikt om det hela? När det gäller din fråga om Kaspersky, det är ungefär så det har varit ett tag - veligt... men nu är det uppenbarligen hög tid att bestämma sig

YontooIEClient.dll som tydligen kan ligga i en mapp som heter Yontoo Layers ligger hos mig i mappen PageRage. Ska jag försöka ta bort detta manuellt enligt anvisningar eller tar slutstädningen hand om detta? När det gäller Antimalware Doctor verkar det som borttagningen har lyckats. Vad ska jag göra härnäst?

Verkar inte vara något problem med program. Combofixlog: ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 18:08:10.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1424 [GMT 2:00] Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . (((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 )))))))))))))))))))))))))))))) . . 2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes 2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage 2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip 2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 ))))))))))))))))))))))))))))))))))))))))) . + 2011-06-05 16:16 . 2011-06-05 16:16 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat - 2011-06-05 14:45 . 2011-06-05 14:45 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216] "nwiz"="nwiz.exe" [2006-03-16 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768] "RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"= "d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110] R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278] S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.asus.com/ uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/ IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-05 18:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*] "D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLer som "laddats" under processer som körs --------------------- . - - - - - - - > 'explorer.exe'(3864) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Andra processer som körs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\windows\system32\ACEngSvr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\windows\ATK0100\ATKOSD.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe c:\windows\system32\dllhost.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Sluttid: 2011-06-05 18:20:41 - datorn startades om. ComboFix-quarantined-files.txt 2011-06-05 16:20 ComboFix2.txt 2011-06-05 14:49 . Före genomsökningen: 19 660 242 944 bytes free Efter genomsökningen: 19 651 694 592 byte ledigt . - - End Of File - - AC667EC5060B251A427DE1782959C08C DDS-log: . DDS (Ver_2011-06-03.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Magnus Petterson at 18:22:01 on 2011-06-05 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1404 [GMT 2:00] . AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\SearchProtocolHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.asus.com/ uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/ BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized mRun: [HControl] c:\windows\atk0100\HControl.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sMSERIAL] c:\windows\sm56hlpr.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1 mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: klogon - c:\windows\system32\klogon.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ============= SERVICES / DRIVERS =============== . R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408] R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110] R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278] S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984] . =============== Created Last 30 ================ . 2011-06-05 14:35:47 98816 ----a-w- c:\windows\sed.exe 2011-06-05 14:35:47 518144 ----a-w- c:\windows\SWREG.exe 2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes 2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage 2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip . ==================== Find3M ==================== . . ============= FINISH: 18:22:28,75 ===============

Internetanslutning ok, här kommer Combofix-log: ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 16:37:14.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1380 [GMT 2:00] Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\dC28601MlHgC28601 c:\documents and settings\All Users\Application Data\dC28601MlHgC28601\dC28601MlHgC28601.exe c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\documents and settings\Magnus Petterson\Application Data\Adobe\plugs c:\documents and settings\Magnus Petterson\Application Data\Adobe\shed c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55 c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\enemies-names.txt c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\local.ini c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lsrslt.ini c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\upd_debug.exe c:\windows\system32\shimg.dll . . (((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 )))))))))))))))))))))))))))))) . . 2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes 2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage 2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip 2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . . . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216] "nwiz"="nwiz.exe" [2006-03-16 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768] "RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848] "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224] "Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112] "ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"= "d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472] R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110] R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278] S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984] . --- Övriga tjänster/drivrutiner i minnet --- . *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.asus.com/ uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/ IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - . AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-05 16:48 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LÅSTA REGISTERNYCKLAR --------------------- . [HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*] "D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLer som "laddats" under processer som körs --------------------- . - - - - - - - > 'explorer.exe'(2716) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Andra processer som körs ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\ehome\mcrdsvc.exe c:\windows\system32\SearchIndexer.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\eHome\ehmsas.exe c:\windows\system32\ACEngSvr.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\windows\ATK0100\ATKOSD.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe c:\windows\system32\dllhost.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Sluttid: 2011-06-05 16:49:30 - datorn startades om. ComboFix-quarantined-files.txt 2011-06-05 14:49 . Före genomsökningen: 19 660 824 576 bytes free Efter genomsökningen: 19 661 324 288 byte ledigt . - - End Of File - - C7A8B8EAC43DEB3A251AACC025594365

Bredbandsanslutningen sker mha usb-modem, men det finns väl inget som hindrar att man ominstallerar detta vid behov?