MaPe
-
Innehållsantal
47 -
Gick med
-
Besökte senast
Inlägg postade av MaPe
-
-
Har inte kunnat ta bort den gamla Javaversionen du nämner, kunde inte hitta något via kontrollpanelen
I övrigt verkar datorn vara ok, har inte märkts några konstigheter längre.
-
2. Har avinstallerat Premium Codec mha Kontrollpanelen Avinstallera/Lägg till program
4. DDS log:
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by sul11isak at 20:45:21 on 2012-10-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.703 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\SUL11I~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B3250C6D-0ECF-4138-BD7C-7083043B1945} : DHCPNameServer = 172.23.10.10 172.21.10.10
TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3}\C42435 : DHCPNameServer = 172.23.10.10 172.21.10.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-21 56208]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-21 30520]
R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-5-8 35840]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-9-21 301232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-9-21 158720]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;C:\Windows\System32\drivers\NETwNs64.sys [2012-9-21 8507392]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-9-21 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-9-21 177152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 188224]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2012-9-21 59008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-7 250808]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-21 1432400]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-10-22 11:26:53 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DC0CFF2-203E-4644-993F-D971A32645A2}\mpengine.dll
2012-10-22 05:39:31 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-21 14:01:59 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Malwarebytes
2012-10-21 14:01:21 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-21 11:30:11 98816 ----a-w- C:\Windows\sed.exe
2012-10-21 11:30:11 256000 ----a-w- C:\Windows\PEV.exe
2012-10-21 11:30:11 208896 ----a-w- C:\Windows\MBR.exe
2012-10-20 15:06:36 -------- d-----w- C:\found.000
2012-10-18 18:05:32 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Diagnostics
2012-10-17 11:37:14 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Macromedia
2012-10-15 07:17:47 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Foxit Software
2012-10-14 15:29:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Mozilla
2012-10-11 17:56:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-10-11 17:56:12 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-10-11 17:23:59 -------- d-----w- C:\ProgramData\Battle.net
2012-10-11 16:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-10-10 15:13:12 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Apple
2012-10-10 13:49:57 -------- d-----w- C:\Program Files (x86)\LucasArts
2012-10-10 06:55:49 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 06:55:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 06:55:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 06:55:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 06:55:30 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 06:55:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 06:55:28 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 06:55:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 06:55:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 06:55:27 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 06:55:26 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 06:55:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-08 18:15:17 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\OpenOffice.org
2012-10-07 10:03:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-02 09:32:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-10-01 16:57:27 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-09-26 08:15:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 09:05:27 -------- d-----w- C:\Windows\SysWow64\xlive
2012-09-24 09:05:27 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-09-24 08:58:05 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58:01 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:58:01 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:57:15 -------- d-----w- C:\Windows\System32\RsFx
2012-09-24 08:53:02 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-09-24 08:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-24 08:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-09-24 08:51:34 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-09-24 08:48:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-09-24 08:48:45 -------- d-----w- C:\Program Files\IIS
2012-09-24 08:48:44 -------- d-----w- C:\Program Files (x86)\IIS
2012-09-24 08:41:22 -------- d-----w- C:\Windows\SysWow64\1033
2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-09-24 08:26:34 2380224 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-24 08:20:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-09-24 08:19:16 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-24 08:17:28 -------- d-----w- C:\Windows\System32\1033
2012-09-24 07:36:46 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Help Viewer
.
==================== Find3M ====================
.
2012-10-09 13:17:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 07:45:39 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-21 07:45:39 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 07:44:42 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-21 07:44:42 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 20:45:44,35 ===============
-
1. CombFis log:
ComboFix 12-10-21.01 - sul11isak 2012-10-22 7:30.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.671 [GMT 2:00]
Körs från: c:\users\Sul11Isak\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Sul11Isak\Desktop\CFScript.txt
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\programdata\Babylon
c:\users\Sul11Isak\AppData\Local\Conduit
c:\users\Sul11Isak\AppData\Roaming\Babylon
c:\users\Sul11Isak\AppData\Roaming\Babylon\log_file.txt
.
.
(((((((((((((((((((((((( Filer skapade från 2012-09-22 till 2012-10-22 ))))))))))))))))))))))))))))))
.
.
2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\sa.mdt\AppData\Local\temp
2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-22 05:37 . 2012-10-22 05:37 -------- d-----w- c:\users\Administratör\AppData\Local\temp
2012-10-22 05:24 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57510484-6776-4F6C-9337-556194912D4E}\mpengine.dll
2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Malwarebytes
2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\programdata\Malwarebytes
2012-10-21 14:01 . 2012-10-21 14:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-21 14:01 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-20 17:33 . 2012-10-20 17:35 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- C:\found.000
2012-10-18 18:05 . 2012-10-18 18:05 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Diagnostics
2012-10-17 11:37 . 2012-10-17 11:37 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Macromedia
2012-10-15 07:17 . 2012-10-15 07:17 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Foxit Software
2012-10-14 15:29 . 2012-10-14 15:29 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Mozilla
2012-10-11 17:56 . 2012-10-11 18:52 -------- d-----w- c:\program files (x86)\StarCraft II
2012-10-11 17:56 . 2012-10-11 18:31 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-11 17:23 . 2012-10-11 17:24 -------- d-----w- c:\programdata\Battle.net
2012-10-11 16:58 . 2012-10-11 18:32 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-10 15:13 . 2012-10-10 15:13 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Apple
2012-10-10 13:49 . 2012-10-10 13:57 -------- d-----w- c:\program files (x86)\LucasArts
2012-10-10 13:49 . 2012-10-10 13:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-10-10 13:47 . 2012-10-10 13:47 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\InstallShield
2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 06:55 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 06:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 06:55 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:55 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:55 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:55 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 06:55 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:55 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-08 18:15 . 2012-10-08 18:15 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\OpenOffice.org
2012-10-07 10:03 . 2012-10-09 13:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-07 09:31 . 2012-10-07 09:33 -------- d--h--w- c:\windows\AxInstSV
2012-10-02 09:32 . 2012-10-02 09:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-10-01 16:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2012-09-26 08:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\windows\SysWow64\xlive
2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-09-24 08:58 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:58 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:57 . 2012-09-24 08:57 -------- d-----w- c:\windows\system32\RsFx
2012-09-24 08:56 . 2012-09-24 08:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-24 08:40 . 2012-09-25 17:33 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-09-24 08:40 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-09-24 08:40 . 2012-09-24 08:42 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-09-24 08:28 . 2012-09-24 08:29 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\vlc
2012-09-24 08:26 . 2012-09-25 17:39 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-24 08:20 . 2012-09-24 08:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-09-24 08:19 . 2012-09-24 08:20 -------- d-----w- c:\windows\system32\appmgmt
2012-09-24 08:17 . 2012-09-24 08:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-24 08:17 . 2012-09-24 08:56 -------- d-----w- c:\windows\system32\1033
2012-09-24 07:36 . 2012-09-24 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-09-24 07:26 . 2012-09-24 08:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\windows\symbols
2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-22 15:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-12 07:19 . 2012-09-21 16:08 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 13:17 . 2012-09-21 08:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 17:39 . 2012-09-24 08:26 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-21 09:11 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-21 08:14 . 2012-09-21 08:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-21 08:14 . 2012-09-21 08:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-21 08:14 . 2012-09-21 08:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-21 08:14 . 2012-09-21 08:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-21 08:14 . 2012-09-21 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-21 08:14 . 2012-09-21 08:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-21 08:14 . 2012-09-21 08:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-21 08:14 . 2012-09-21 08:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-21 08:14 . 2012-09-21 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-21 08:14 . 2012-09-21 08:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-21 08:14 . 2012-09-21 08:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-21 08:14 . 2012-09-21 08:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-21 08:14 . 2012-09-21 08:14 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-21 08:14 . 2012-09-21 08:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-21 08:14 . 2012-09-21 08:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-21 08:14 . 2012-09-21 08:14 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-21 08:14 . 2012-09-21 08:14 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-21 08:14 . 2012-09-21 08:14 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-21 08:14 . 2012-09-21 08:14 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-21 08:14 . 2012-09-21 08:14 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-21 08:14 . 2012-09-21 08:14 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-21 08:14 . 2012-09-21 08:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-21 08:14 . 2012-09-21 08:14 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-21 08:14 . 2012-09-21 08:14 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-21 08:14 . 2012-09-21 08:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-21 08:14 . 2012-09-21 08:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-21 08:14 . 2012-09-21 08:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-21 08:14 . 2012-09-21 08:14 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-21 08:14 . 2012-09-21 08:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-21 08:14 . 2012-09-21 08:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-21 08:14 . 2012-09-21 08:14 448512 ----a-w- c:\windows\system32\html.iec
2012-09-21 08:14 . 2012-09-21 08:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-21 08:14 . 2012-09-21 08:14 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-21 08:14 . 2012-09-21 08:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-21 08:14 . 2012-09-21 08:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-21 08:14 . 2012-09-21 08:14 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-21 08:14 . 2012-09-21 08:14 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-21 08:14 . 2012-09-21 08:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-21 08:14 . 2012-09-21 08:14 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-21 07:45 . 2012-09-21 07:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-21 07:45 . 2012-09-21 07:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-21 07:44 . 2012-09-21 07:45 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 07:44 . 2012-09-21 07:45 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-21 07:36 . 2012-09-21 07:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll
2012-08-22 18:12 . 2012-09-21 16:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-21 16:07 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-21 16:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-21 16:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 06:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-21 16:07 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-21 16:07 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Sul11Isak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OCS Inventory NG Systray.lnk - c:\program files (x86)\OCS Inventory Agent\OcsSystray.exe [2011-5-8 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\0\0]
"Script"=LastLogin.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\1\0]
"Script"=login-mapping-domain.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\2\0]
"Script"=OCS-Agent.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-21 1432400]
R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-19 89600]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-09 30520]
S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-05-08 35840]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-19 301232]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-07-19 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-19 8507392]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-19 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-19 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2011-07-19 59008]
.
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:17]
.
2012-10-22 c:\windows\Tasks\CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job
- c:\programdata\Premium\Codec\Codec.exe [2012-09-21 12:31]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-19 489472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-10-22 07:43:07 - datorn startades om.
ComboFix-quarantined-files.txt 2012-10-22 05:43
.
Före genomsökningen: 170 107 650 048 byte ledigt
Efter genomsökningen: 169 774 804 992 byte ledigt
.
- - End Of File - - 528FAD4666C76B4426D2A20843BAF170
2. Resultat av onlinescaninning:
C:\ProgramData\Premium\Codec\runtime.dll Win32/GenUpdater application
C:\Users\All Users\Premium\Codec\runtime.dll Win32/GenUpdater application
C:\Users\Sul11Isak\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EUNIRV4X\f003c44deab679aa2edfaff864c77402[1].htm HTML/Iframe.B.Gen virus
3. Detta är en sk elevdator som Isak lånar under terminstid, så antivirusprogrammet har skolan valt.
-
2. Avinstalleat
3. MBAM loggen kommer här:
Malwarebytes Anti-Malware 1.65.1.1000
Databasversion: v2012.10.21.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sul11isak :: LLD359LT [administratör]
2012-10-21 16:03:05
mbam-log-2012-10-21 (16-03-05).txt
Skanningstyp: Fullständig skanning (C:\|)
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 469784
Förfluten tid: 1 timme(ar), 2 minut(er), 27 sekund(er)
Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)
Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)
Upptäckta registernycklar: 0
(Inga skadliga poster hittades)
Upptäckta registervärden: 0
(Inga skadliga poster hittades)
Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)
Upptäckta mappar: 0
(Inga skadliga poster hittades)
Upptäckta filer: 0
(Inga skadliga poster hittades)
(klar)
-
1. Enligt Isak behövs Codec (http://www.allpremiumsoft.com) tillsammans med DivX Plus för att titta på en viss streamad film. För att även höra ljud ska en Direct Show encoder laddas ner, men det har han inte lyckats med ännu.
2. Länkar till VirusTotal:
3. Avinstallerat
4. Såvitt vi kunde se kom inget särskilt meddelande upp från ComboFix, detta är loggen:
ComboFix 12-10-21.01 - sul11isak 2012-10-21 13:32:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.769 [GMT 2:00]
Körs från: c:\users\Sul11Isak\Desktop\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((( Filer skapade från 2012-09-21 till 2012-10-21 ))))))))))))))))))))))))))))))
.
.
2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- c:\users\sa.mdt\AppData\Local\temp
2012-10-21 11:38 . 2012-10-21 11:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-20 17:33 . 2012-10-20 17:35 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-20 15:06 . 2012-10-20 15:06 -------- d-----w- C:\found.000
2012-10-18 18:05 . 2012-10-18 18:05 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Diagnostics
2012-10-17 11:37 . 2012-10-17 11:37 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Macromedia
2012-10-15 07:17 . 2012-10-15 07:17 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Foxit Software
2012-10-14 15:29 . 2012-10-14 15:29 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Mozilla
2012-10-11 17:56 . 2012-10-11 18:52 -------- d-----w- c:\program files (x86)\StarCraft II
2012-10-11 17:56 . 2012-10-11 18:31 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-10-11 17:23 . 2012-10-11 17:24 -------- d-----w- c:\programdata\Battle.net
2012-10-11 16:58 . 2012-10-11 18:32 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-10-10 15:13 . 2012-10-10 15:13 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Apple
2012-10-10 13:49 . 2012-10-10 13:57 -------- d-----w- c:\program files (x86)\LucasArts
2012-10-10 13:49 . 2012-10-10 13:57 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-10-10 13:47 . 2012-10-10 13:47 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\InstallShield
2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 06:55 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 06:55 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 06:55 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:55 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:55 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:55 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 06:55 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:55 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-08 18:15 . 2012-10-08 18:15 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\OpenOffice.org
2012-10-07 10:03 . 2012-10-09 13:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-07 09:31 . 2012-10-07 09:33 -------- d--h--w- c:\windows\AxInstSV
2012-10-02 09:32 . 2012-10-02 09:32 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-10-01 16:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2012-09-26 08:15 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\windows\SysWow64\xlive
2012-09-24 09:05 . 2012-09-24 09:05 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-09-24 08:58 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:58 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:57 . 2012-09-24 08:57 -------- d-----w- c:\windows\system32\RsFx
2012-09-24 08:56 . 2012-09-24 08:56 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-24 08:40 . 2012-09-25 17:33 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-09-24 08:40 . 2012-09-24 08:44 -------- d-----w- c:\program files (x86)\Microsoft F#
2012-09-24 08:40 . 2012-09-24 08:42 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-09-24 08:28 . 2012-09-24 08:29 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\vlc
2012-09-24 08:26 . 2012-09-25 17:39 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-24 08:20 . 2012-09-24 08:51 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-09-24 08:19 . 2012-09-24 08:20 -------- d-----w- c:\windows\system32\appmgmt
2012-09-24 08:17 . 2012-09-24 08:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-24 08:17 . 2012-09-24 08:56 -------- d-----w- c:\windows\system32\1033
2012-09-24 07:36 . 2012-09-24 07:36 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-09-24 07:26 . 2012-09-24 08:52 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\windows\symbols
2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-24 07:26 . 2012-09-24 07:26 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-22 15:02 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-21 17:24 . 2012-09-21 07:30 -------- d-----w- c:\windows\Panther
2012-09-21 17:23 . 2012-09-21 17:23 -------- d-----w- C:\Boot
2012-09-21 17:20 . 2012-09-21 17:20 -------- d-----w- c:\program files\Synaptics
2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\windows\SysWow64\Wat
2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\windows\system32\Wat
2012-09-21 17:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-21 17:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-21 17:03 . 2011-07-19 07:43 8507392 ----a-w- c:\windows\system32\drivers\NETwNs64.sys
2012-09-21 17:02 . 2011-07-19 07:43 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-09-21 17:01 . 2012-01-17 12:46 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-09-21 17:01 . 2012-01-17 12:45 188224 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-09-21 17:01 . 2012-01-17 12:45 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-09-21 17:01 . 2011-07-19 07:45 90112 ----a-w- c:\windows\system32\snymsico.dll
2012-09-21 17:01 . 2011-07-19 07:45 67584 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2012-09-21 17:01 . 2011-07-19 07:45 59008 ----a-w- c:\windows\system32\drivers\rismcx64.sys
2012-09-21 17:01 . 2011-07-19 07:45 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2012-09-21 17:01 . 2011-07-19 07:45 55296 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2012-09-21 17:01 . 2011-07-19 07:45 172032 ----a-w- c:\windows\system32\rixdicon.dll
2012-09-21 17:01 . 2011-07-19 07:39 75776 ----a-w- c:\windows\system32\drivers\nusb3hub.sys
2012-09-21 17:01 . 2011-07-19 07:39 177152 ----a-w- c:\windows\system32\drivers\nusb3xhc.sys
2012-09-21 16:23 . 2012-09-21 16:23 -------- d-----w- c:\program files (x86)\Conduit
2012-09-21 16:23 . 2012-09-24 08:24 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Conduit
2012-09-21 16:08 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 15:55 . 2012-09-21 15:55 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-09-21 15:55 . 2012-09-21 15:55 -------- d-----w- c:\windows\SysWow64\Extensions
2012-09-21 15:55 . 2012-09-21 15:55 315 ----a-w- C:\user.js
2012-09-21 15:54 . 2012-09-21 15:54 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\Babylon
2012-09-21 15:54 . 2012-09-21 15:54 -------- d-----w- c:\programdata\Babylon
2012-09-21 15:44 . 2012-09-21 15:44 -------- d-----w- c:\users\Sul11Isak\AppData\Local\DDMSettings
2012-09-21 15:38 . 2012-09-21 16:07 -------- d-----w- c:\users\Sul11Isak\AppData\Roaming\DivX
2012-09-21 15:37 . 2012-09-21 15:38 -------- d-----w- c:\program files\DivX
2012-09-21 15:37 . 2012-09-21 15:38 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-09-21 15:37 . 2012-09-21 15:37 -------- d-----w- c:\program files\Google
2012-09-21 15:36 . 2012-09-21 15:39 -------- d-----w- c:\program files (x86)\DivX
2012-09-21 15:35 . 2012-09-21 15:39 -------- d-----w- c:\programdata\DivX
2012-09-21 15:32 . 2012-09-30 00:46 -------- d-----w- c:\users\Sul11Isak\AppData\Local\Google
2012-09-21 15:32 . 2012-09-21 15:32 -------- d-----w- c:\programdata\Premium
2012-09-21 15:31 . 2012-09-21 15:58 -------- d-----w- c:\programdata\Codec-V
2012-09-21 15:30 . 2012-09-21 15:32 -------- d-----w- c:\programdata\InstallMate
2012-09-21 11:54 . 2012-10-19 06:52 -------- d-----w- c:\users\Sul11Isak\AppData\Local\cache
2012-09-21 11:49 . 2012-10-20 15:44 -------- d-----w- c:\programdata\FLEXnet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:17 . 2012-09-21 08:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-25 17:39 . 2012-09-24 08:26 2380224 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-21 09:11 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-21 08:14 . 2012-09-21 08:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-21 08:14 . 2012-09-21 08:14 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-21 08:14 . 2012-09-21 08:14 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-21 08:14 . 2012-09-21 08:14 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-21 08:14 . 2012-09-21 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-21 08:14 . 2012-09-21 08:14 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-21 08:14 . 2012-09-21 08:14 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-21 08:14 . 2012-09-21 08:14 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-21 08:14 . 2012-09-21 08:14 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-21 08:14 . 2012-09-21 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-21 08:14 . 2012-09-21 08:14 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-21 08:14 . 2012-09-21 08:14 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-21 08:14 . 2012-09-21 08:14 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-21 08:14 . 2012-09-21 08:14 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-21 08:14 . 2012-09-21 08:14 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-21 08:14 . 2012-09-21 08:14 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-21 08:14 . 2012-09-21 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-21 08:14 . 2012-09-21 08:14 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-21 08:14 . 2012-09-21 08:14 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-21 08:14 . 2012-09-21 08:14 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-21 08:14 . 2012-09-21 08:14 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-21 08:14 . 2012-09-21 08:14 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-21 08:14 . 2012-09-21 08:14 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-21 08:14 . 2012-09-21 08:14 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-21 08:14 . 2012-09-21 08:14 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-21 08:14 . 2012-09-21 08:14 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-21 08:14 . 2012-09-21 08:14 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-21 08:14 . 2012-09-21 08:14 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-21 08:14 . 2012-09-21 08:14 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-21 08:14 . 2012-09-21 08:14 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-21 08:14 . 2012-09-21 08:14 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-21 08:14 . 2012-09-21 08:14 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-21 08:14 . 2012-09-21 08:14 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-21 08:14 . 2012-09-21 08:14 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-21 08:14 . 2012-09-21 08:14 448512 ----a-w- c:\windows\system32\html.iec
2012-09-21 08:14 . 2012-09-21 08:14 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-21 08:14 . 2012-09-21 08:14 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-21 08:14 . 2012-09-21 08:14 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-21 08:14 . 2012-09-21 08:14 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-21 08:14 . 2012-09-21 08:14 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-21 08:14 . 2012-09-21 08:14 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-21 08:14 . 2012-09-21 08:14 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-21 08:14 . 2012-09-21 08:14 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-21 08:14 . 2012-09-21 08:14 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-21 07:45 . 2012-09-21 07:46 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-21 07:45 . 2012-09-21 07:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-21 07:44 . 2012-09-21 07:45 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 07:44 . 2012-09-21 07:45 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-21 07:36 . 2012-09-21 07:36 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll
2012-08-24 10:13 . 2012-09-22 15:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-20 17:38 . 2012-10-10 06:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5CDCDF85-0810-472D-16EC-9B4C7A811901}]
2012-09-21 15:34 145920 ----a-w- c:\programdata\Codec-V\505c89129062c.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\Sul11Isak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OCS Inventory NG Systray.lnk - c:\program files (x86)\OCS Inventory Agent\OcsSystray.exe [2011-5-8 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\0\0]
"Script"=LastLogin.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\1\0]
"Script"=login-mapping-domain.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1976306799-2774839758-2100358657-28067\Scripts\Logon\2\0]
"Script"=OCS-Agent.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Tjänsten Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-21 1432400]
R3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-21 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-07-19 89600]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-09 30520]
S2 OCS Inventory Service;OCS Inventory Service;c:\program files (x86)\OCS Inventory Agent\OcsService.exe [2011-05-08 35840]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2011-07-19 301232]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2011-07-19 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-19 8507392]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-07-19 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-07-19 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2011-07-19 59008]
.
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WS2IFSL
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:17]
.
2012-10-21 c:\windows\Tasks\CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job
- c:\programdata\Premium\Codec\Codec.exe [2012-09-21 12:31]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-21 09:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-07-19 489472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
.
------- Extra genomsökning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Sluttid: 2012-10-21 13:44:36 - datorn startades om.
ComboFix-quarantined-files.txt 2012-10-21 11:44
.
Före genomsökningen: 168 676 032 512 byte ledigt
Efter genomsökningen: 170 102 509 568 byte ledigt
.
- - End Of File - - 58A0FDA57AB9B1128E3B718F332175C8
-
Hej,
Här kommer rapporten:
RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sul11isak [Admin rights]
Mode : Scan -- Date : 10/21/2012 10:46:35
¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] Codec.exe -- C:\ProgramData\Premium\Codec\Codec.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][sUSP PATH] CodecUpdaterTask{AE8F3E24-D2D8-4BFB-A28D-419812CC81B7}.job : C:\ProgramData\Premium\Codec\Codec.exe -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK2556GSY +++++
--- User ---
[MBR] 94944553cd40f81590d2277d1c1ae0f3
[bSP] 2aa1f76fa8ce7440a39b3b87a99c8b9c : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238473 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
Hej,
Min son råkade idag ut för det som tidigare kallats polistrojan, vilket "låste" datorn. I felsäkert läge gjorde vi en systemåterställning, varefter datorn är "upplåst" igen. Nu skulle vi vilja få hjälp med att ta bort resterna av detta otyg.
Tack på förhand!
Hälsningar
MaPe
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by sul11isak at 19:15:13 on 2012-10-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.1969.700 [GMT 2:00]
.
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\ProgramData\Premium\Codec\Codec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_cpc_3812_1&babsrc=HP_ss_cr&mntrId=10c52bef000000000000705ab6b62662
uDefault_Page_URL = lbs.se
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Codec-V Class: {5CDCDF85-0810-472D-16EC-9B4C7A811901} - C:\ProgramData\Codec-V\505c89129062c.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\Users\SUL11I~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OCSINV~1.LNK - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B3250C6D-0ECF-4138-BD7C-7083043B1945} : DHCPNameServer = 172.23.10.10 172.21.10.10
TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DBD6399D-1662-492D-A9C8-0364848C12F3}\C42435 : DHCPNameServer = 172.23.10.10 172.21.10.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sul11Isak\AppData\Roaming\Mozilla\Firefox\Profiles\45xtes9t.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-09-21 10:27; web2pdfextension@web2pdf.adobedotcom; C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-09-21 11:13; {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ExtSQL: 2012-09-21 17:39; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-21 56208]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-21 30520]
R2 OCS Inventory Service;OCS Inventory Service;C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [2011-5-8 35840]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2012-9-21 301232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-9-21 158720]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
R3 NETwNs64;___ Kortdrivrutin för Windows 7 64-bitars Intel® Wireless WiFi Link 5000-serien;C:\Windows\System32\drivers\NETwNs64.sys [2012-9-21 8507392]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-9-21 75776]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-9-21 177152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-9-21 188224]
R3 rismcx64;RICOH Smart Card Reader;C:\Windows\System32\drivers\rismcx64.sys [2012-9-21 59008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Tjänsten Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-7 250808]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-21 1432400]
S3 gupdatem;Tjänsten Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-21 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-21 113120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-21 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2012-10-20 15:50:45 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EA5B6542-FFE8-44DD-920D-1A91AA0DB923}\mpengine.dll
2012-10-20 15:06:36 -------- d-sh--w- C:\found.000
2012-10-18 18:05:32 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Diagnostics
2012-10-17 11:37:14 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Macromedia
2012-10-15 07:17:47 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Foxit Software
2012-10-14 15:29:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Mozilla
2012-10-11 17:56:12 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-10-11 17:56:12 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-10-11 17:23:59 -------- d-----w- C:\ProgramData\Battle.net
2012-10-11 16:58:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-10-10 15:13:12 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Apple
2012-10-10 13:49:57 -------- d-----w- C:\Program Files (x86)\LucasArts
2012-10-10 06:55:49 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 06:55:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 06:55:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 06:55:44 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 06:55:30 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 06:55:30 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 06:55:28 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 06:55:27 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 06:55:27 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 06:55:27 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 06:55:26 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 06:55:26 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-08 18:15:17 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\OpenOffice.org
2012-10-07 10:03:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-07 09:31:24 -------- d--h--w- C:\Windows\AxInstSV
2012-10-02 09:32:49 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-10-01 16:57:27 258048 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-09-26 08:15:25 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-24 09:05:27 -------- d-----w- C:\Windows\SysWow64\xlive
2012-09-24 09:05:27 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-09-24 08:58:05 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-24 08:58:01 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:58:01 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-24 08:57:15 -------- d-----w- C:\Windows\System32\RsFx
2012-09-24 08:53:02 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-09-24 08:52:50 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-09-24 08:52:23 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-24 08:52:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-09-24 08:51:34 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-09-24 08:48:48 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2012-09-24 08:48:45 -------- d-----w- C:\Program Files\IIS
2012-09-24 08:48:44 -------- d-----w- C:\Program Files (x86)\IIS
2012-09-24 08:41:22 -------- d-----w- C:\Windows\SysWow64\1033
2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-09-24 08:40:47 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-09-24 08:26:34 2380224 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-24 08:20:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-09-24 08:19:16 -------- d-----w- C:\Windows\System32\appmgmt
2012-09-24 08:17:28 -------- d-----w- C:\Windows\System32\1033
2012-09-24 07:36:46 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-09-24 07:26:56 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2012-09-22 15:02:12 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-09-21 17:24:04 -------- d-----w- C:\Windows\Panther
2012-09-21 17:23:51 -------- d-sh--w- C:\Boot
2012-09-21 17:20:43 -------- d-----w- C:\Program Files\Synaptics
2012-09-21 17:17:52 -------- d-----w- C:\Windows\SysWow64\Wat
2012-09-21 17:17:51 -------- d-----w- C:\Windows\System32\Wat
2012-09-21 17:14:51 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-09-21 17:13:59 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-21 17:03:39 8507392 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys
2012-09-21 17:02:51 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-09-21 17:01:55 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-09-21 17:01:55 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-09-21 17:01:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-09-21 17:01:53 90112 ----a-w- C:\Windows\System32\snymsico.dll
2012-09-21 17:01:53 67584 ----a-w- C:\Windows\System32\drivers\rimmpx64.sys
2012-09-21 17:01:53 59008 ----a-w- C:\Windows\System32\drivers\rismcx64.sys
2012-09-21 17:01:53 57856 ----a-w- C:\Windows\System32\drivers\rixdpx64.sys
2012-09-21 17:01:53 55296 ----a-w- C:\Windows\System32\drivers\rimspx64.sys
2012-09-21 17:01:53 172032 ----a-w- C:\Windows\System32\rixdicon.dll
2012-09-21 17:01:52 75776 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys
2012-09-21 17:01:52 177152 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys
2012-09-21 16:23:49 -------- d-----w- C:\Program Files (x86)\Conduit
2012-09-21 16:23:46 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Conduit
2012-09-21 16:08:51 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-21 15:55:36 -------- d-----w- C:\Windows\SysWow64\searchplugins
2012-09-21 15:55:36 -------- d-----w- C:\Windows\SysWow64\Extensions
2012-09-21 15:54:43 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Babylon
2012-09-21 15:54:43 -------- d-----w- C:\ProgramData\Babylon
2012-09-21 15:44:18 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\DDMSettings
2012-09-21 15:37:51 -------- d-----w- C:\Program Files\DivX
2012-09-21 15:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2012-09-21 15:36:24 -------- d-----w- C:\Program Files (x86)\DivX
2012-09-21 15:35:29 -------- d-----w- C:\ProgramData\DivX
2012-09-21 15:32:56 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Google
2012-09-21 15:32:43 -------- d-----w- C:\ProgramData\Premium
2012-09-21 15:31:04 -------- d-----w- C:\ProgramData\Codec-V
2012-09-21 15:30:48 -------- d-----w- C:\ProgramData\InstallMate
2012-09-21 11:54:33 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\cache
2012-09-21 11:39:21 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-09-21 11:38:33 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Autodesk
2012-09-21 11:35:57 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-09-21 11:35:57 -------- d-----w- C:\Program Files\Autodesk
2012-09-21 11:32:59 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-09-21 11:32:59 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-09-21 11:31:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Roaming\Autodesk
2012-09-21 11:01:22 -------- d-----w- C:\Users\Sul11Isak\AppData\Local\Adobe
2012-09-21 09:14:54 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-09-21 09:13:49 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-09-21 09:12:28 -------- d-----w- C:\Windows\sv
2012-09-21 09:11:43 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-09-21 09:10:51 -------- d-----w- C:\Windows\PCHEALTH
2012-09-21 09:10:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\DSETUP.dll
2012-09-21 09:10:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\DXSETUP.exe
2012-09-21 09:10:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\DXSETUP.exe
2012-09-21 09:10:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ec1633f31cd97d802\dsetup32.dll
2012-09-21 09:10:18 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\DSETUP.dll
2012-09-21 09:10:18 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eb2cf1691cd97d801\dsetup32.dll
2012-09-21 09:10:15 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-09-21 09:08:51 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-09-21 09:03:50 -------- d-----w- C:\Program Files (x86)\Unity
2012-09-21 09:02:15 -------- d-----w- C:\totalcmd
2012-09-21 09:00:24 -------- d-----w- C:\Program Files (x86)\FreeMind
2012-09-21 08:58:59 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-09-21 08:58:36 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2012-09-21 08:58:27 -------- d-----w- C:\Program Files (x86)\Audacity
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-21 08:58:21 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-21 08:46:23 -------- d-----w- C:\ProgramData\ALM
2012-09-21 08:27:49 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-09-21 08:27:49 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-09-21 08:27:49 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-09-21 08:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-09-21 08:27:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-09-21 08:20:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 08:16:35 -------- d-----w- C:\Program Files (x86)\OCS Inventory Agent
2012-09-21 08:16:09 -------- d-----w- C:\ProgramData\OCS Inventory NG
2012-09-21 08:09:43 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-09-21 08:09:43 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-09-21 07:46:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-21 07:46:02 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-21 07:45:09 955840 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-21 07:45:09 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-21 07:36:37 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B5D961A0-24EC-4808-9A72-71738A0ADA88}\gapaengine.dll
2012-09-21 07:31:40 -------- d-sh--w- C:\Windows\Installer
2012-09-21 07:31:40 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-21 07:31:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-21 07:31:10 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-21 07:31:03 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-21 07:31:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-09-21 07:30:50 -------- d-----w- C:\Windows\wlansvc
2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Start-meny
2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Skrivbord
2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Programdata
2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Mallar
2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Favoriter
2012-09-21 07:30:44 -------- d-sh--we C:\ProgramData\Dokument
2012-09-21 07:30:44 -------- d-sh--we C:\Program Files\Delade filer
2012-09-21 07:30:44 -------- d-sh--we C:\Program
2012-09-21 07:30:44 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 19:16:07,57 ===============
-
Combofix-log:
ComboFix 11-06-05.01 - Magnus Petterson 2011-06-07 19:52:12.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1259 [GMT 2:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pagerage
c:\program files\pagerage\YontooIEClient.dll
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-05-07 till 2011-06-07 ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip
2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-07 06:12 . 2011-06-07 06:12 16384 c:\windows\temp\Perflib_Perfdata_e4.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 19:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Sluttid: 2011-06-07 20:00:57
ComboFix-quarantined-files.txt 2011-06-07 18:00
ComboFix2.txt 2011-06-05 16:20
ComboFix3.txt 2011-06-05 14:49
.
Före genomsökningen: 19 559 550 976 bytes free
Efter genomsökningen: 19 559 931 904 byte ledigt
.
- - End Of File - - FD24E53C3069D55696382CFEFC00DAB0
-
http://forums.spybot.info/showthread.php?t=62640
Jag hittade länken ovan som beskriver manuell borttagning av Yontoo.Pagerage och min Combofix-log i inlägg
#11 verkar innehålla det mesta förutom den .dll-fil som finns i DDS-logen i inlägg #13. Jag hittar inga andra filer än YontooIEClient.dll i programmappen - kan det vara så att allt annat har tagits bort?
Inlägg #11
Combofix-log:
((((( Andra raderingar )))))
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma
Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} -
c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
Inlägg #13
Combofix-log:
(((((Filer Skapade från 2011-05-05 till 2011-06-05 )))))
2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage
DDS-log:
=====Pseudo HJT Report=====
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program
files\pagerage\YontooIEClient.dll
=====CreatedLast30=====
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
-
C:\Program Files\PageRage\YontooIEClient.dll
Innan jag gör det avslutande undrar jag kring filen ovan:
Jag hittar ingen PageRage i min kontrollpanel, inget som börjar på Yontoo* heller. När jag Googlade på filnamnet fick jag intrycket av att man skulle försöka göra sig av med den och att det behövdes särskilda verktyg för detta.
Nu vet jag inte riktigt vad jag ska tro, vad är din åsikt om det hela?
När det gäller din fråga om Kaspersky, det är ungefär så det har varit ett tag - veligt... men nu är det uppenbarligen hög tid att bestämma sig
-
YontooIEClient.dll som tydligen kan ligga i en mapp som heter Yontoo Layers ligger hos mig i mappen PageRage. Ska jag försöka ta bort detta manuellt enligt anvisningar eller tar slutstädningen hand om detta?
När det gäller Antimalware Doctor verkar det som borttagningen har lyckats.
Vad ska jag göra härnäst?
-
Verkar inte vara något problem med program.
Combofixlog:
ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 18:08:10.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1424 [GMT 2:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage
2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip
2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-05_14.46.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-05 16:16 . 2011-06-05 16:16 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
- 2011-06-05 14:45 . 2011-06-05 14:45 16384 c:\windows\temp\Perflib_Perfdata_7bc.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 18:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Sluttid: 2011-06-05 18:20:41 - datorn startades om.
ComboFix-quarantined-files.txt 2011-06-05 16:20
ComboFix2.txt 2011-06-05 14:49
.
Före genomsökningen: 19 660 242 944 bytes free
Efter genomsökningen: 19 651 694 592 byte ledigt
.
- - End Of File - - AC667EC5060B251A427DE1782959C08C
DDS-log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 18:22:01 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1404 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
.
=============== Created Last 30 ================
.
2011-06-05 14:35:47 98816 ----a-w- c:\windows\sed.exe
2011-06-05 14:35:47 518144 ----a-w- c:\windows\SWREG.exe
2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes
2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
.
==================== Find3M ====================
.
.
============= FINISH: 18:22:28,75 ===============
-
Internetanslutning ok, här kommer Combofix-log:
ComboFix 11-06-05.01 - Magnus Petterson 2011-06-05 16:37:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1380 [GMT 2:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\dC28601MlHgC28601
c:\documents and settings\All Users\Application Data\dC28601MlHgC28601\dC28601MlHgC28601.exe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\Magnus Petterson\Application Data\Adobe\plugs
c:\documents and settings\Magnus Petterson\Application Data\Adobe\shed
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\enemies-names.txt
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\local.ini
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lsrslt.ini
c:\documents and settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\upd_debug.exe
c:\windows\system32\shimg.dll
.
.
(((((((((((((((((((((((( Filer Skapade från 2011-05-05 till 2011-06-05 ))))))))))))))))))))))))))))))
.
.
2011-06-05 13:08 . 2011-06-05 13:08 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2011-06-05 13:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07 . 2011-05-29 07:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07 . 2011-06-05 13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53 . 2011-06-01 10:54 -------- d-----w- c:\program files\PageRage
2011-05-21 20:05 . 2011-05-21 20:05 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\WinZip
2011-05-18 07:26 . 2011-05-18 07:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-02-17 20:49 191488 ------w- c:\program files\PageRage\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-10-03 340520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-2-9 610120]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Electronic Arts\\Slaget om Midgård II\\game.dat"=
"d:\\Program Files\\Electronic Arts\\Häxkungens Tid\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-02 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\GETPADD.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-06-05 39984]
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-05 16:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
.
[HKEY_USERS\S-1-5-21-4272349089-1638241896-2368076273-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Sluttid: 2011-06-05 16:49:30 - datorn startades om.
ComboFix-quarantined-files.txt 2011-06-05 14:49
.
Före genomsökningen: 19 660 824 576 bytes free
Efter genomsökningen: 19 661 324 288 byte ledigt
.
- - End Of File - - C7A8B8EAC43DEB3A251AACC025594365
-
Bredbandsanslutningen sker mha usb-modem, men det finns väl inget som hindrar att man ominstallerar detta vid behov?
-
MBAM-log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Databasversion: 6774
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2011-06-05 15:17:26
mbam-log-2011-06-05 (15-17-26).txt
Skanningstyp: Snabbskanning
Antal skannade objekt: 160921
Förfluten tid: 5 minut(er), 49 sekund(er)
Infekterade minnesprocesser: 2
Infekterade minnesmoduler: 2
Infekterade registernycklar: 6
Infekterade registervärden: 5
Infekterade registerdataposter: 4
Infekterade mappar: 0
Infekterade filer: 26
Infekterade minnesprocesser:
c:\WINDOWS\Zzigei.exe (Trojan.Downloader) -> 2244 -> Unloaded process successfully.
c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe (Trojan.FakeAlert) -> 3276 -> Unloaded process successfully.
Infekterade minnesmoduler:
c:\WINDOWS\stlgfg.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.
Infekterade registernycklar:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\5GUTNY6MFK (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\J40NOZ44HU (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Infekterade registervärden:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Lzitaneyulexahe (Trojan.Hiloti.Gen) -> Value: Lzitaneyulexahe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5GUTNY6MFK (Trojan.Downloader) -> Value: 5GUTNY6MFK -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lss700dbgg.exe (Trojan.FakeAlert) -> Value: lss700dbgg.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\R8388QA8U8 (Trojan.Downloader) -> Value: R8388QA8U8 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\p7za4d (Trojan.Downloader) -> Value: p7za4d -> Quarantined and deleted successfully.
Infekterade registerdataposter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Bad: (93.188.162.74,93.188.161.7) Good: () -> Quarantined and deleted successfully.
Infekterade mappar:
(Inga skadliga poster hittades)
Infekterade filer:
c:\WINDOWS\stlgfg.dll (Trojan.Hiloti.Gen) -> Delete on reboot.
c:\WINDOWS\Zzigei.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Documents and Settings\Magnus Petterson\Local Settings\temp\Zwj.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\magnus petterson\local settings\temp\oxcanmerws.tmp (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\local settings\temp\mwrascneox.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\local settings\application data\xaa.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigea.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigec.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zziged.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigee.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigef.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigeg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigeh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigej.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Zzigek.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cryptnet32.dll (Trojan.Tracur) -> Delete on reboot.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc112.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc3808796.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc3809531.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\magnus petterson\application data\Adobe\plugs\mmc87.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
DDS-log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 15:30:15 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1435 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: cryptnet32 - cryptnet32.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
.
=============== Created Last 30 ================
.
2011-06-05 13:08:29 -------- d-----w- c:\documents and settings\magnus petterson\application data\Malwarebytes
2011-06-05 13:07:46 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 13:07:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 13:07:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55
2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
.
==================== Find3M ====================
.
2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll
.
============= FINISH: 15:31:39,98 ===============
-
Det var två loggar, strax efter start kom några dialogrutor från "Doctorn", ser ut som om loggen kom av sig och började om:
Nr1:
2011/06/05 13:05:59.0187 3020 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 13:05:59.0218 3020 ================================================================================
2011/06/05 13:05:59.0218 3020 SystemInfo:
2011/06/05 13:05:59.0218 3020
2011/06/05 13:05:59.0218 3020 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/05 13:05:59.0218 3020 Product type: Workstation
2011/06/05 13:05:59.0218 3020 ComputerName: YOUR-508DA2F984
2011/06/05 13:05:59.0218 3020 UserName: Magnus Petterson
2011/06/05 13:05:59.0218 3020 Windows directory: C:\WINDOWS
2011/06/05 13:05:59.0218 3020 System windows directory: C:\WINDOWS
2011/06/05 13:05:59.0218 3020 Processor architecture: Intel x86
2011/06/05 13:05:59.0218 3020 Number of processors: 2
2011/06/05 13:05:59.0218 3020 Page size: 0x1000
2011/06/05 13:05:59.0218 3020 Boot type: Normal boot
2011/06/05 13:05:59.0218 3020 ================================================================================
2011/06/05 13:06:00.0437 3020 Initialize success
2011/06/05 13:06:04.0640 5184 Deinitialize success
Nr2:
2011/06/05 13:06:38.0781 4792 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 13:06:38.0906 4792 ================================================================================
2011/06/05 13:06:38.0906 4792 SystemInfo:
2011/06/05 13:06:38.0906 4792
2011/06/05 13:06:38.0906 4792 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/05 13:06:38.0906 4792 Product type: Workstation
2011/06/05 13:06:38.0906 4792 ComputerName: YOUR-508DA2F984
2011/06/05 13:06:38.0906 4792 UserName: Magnus Petterson
2011/06/05 13:06:38.0906 4792 Windows directory: C:\WINDOWS
2011/06/05 13:06:38.0906 4792 System windows directory: C:\WINDOWS
2011/06/05 13:06:38.0906 4792 Processor architecture: Intel x86
2011/06/05 13:06:38.0906 4792 Number of processors: 2
2011/06/05 13:06:38.0921 4792 Page size: 0x1000
2011/06/05 13:06:38.0921 4792 Boot type: Normal boot
2011/06/05 13:06:38.0921 4792 ================================================================================
2011/06/05 13:06:40.0109 4792 Initialize success
2011/06/05 13:06:46.0750 5784 ================================================================================
2011/06/05 13:06:46.0750 5784 Scan started
2011/06/05 13:06:46.0750 5784 Mode: Manual;
2011/06/05 13:06:46.0750 5784 ================================================================================
2011/06/05 13:06:47.0234 5784 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/05 13:06:47.0281 5784 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/05 13:06:47.0328 5784 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/05 13:06:47.0406 5784 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/05 13:06:47.0453 5784 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/05 13:06:47.0593 5784 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/05 13:06:47.0718 5784 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/05 13:06:47.0750 5784 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/05 13:06:47.0796 5784 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/05 13:06:47.0875 5784 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/05 13:06:47.0921 5784 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/05 13:06:47.0984 5784 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/05 13:06:48.0015 5784 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/05 13:06:48.0109 5784 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/05 13:06:48.0156 5784 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/05 13:06:48.0203 5784 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/05 13:06:48.0296 5784 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/05 13:06:48.0359 5784 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/05 13:06:48.0468 5784 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/05 13:06:48.0531 5784 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/05 13:06:48.0609 5784 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/05 13:06:48.0656 5784 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/05 13:06:48.0687 5784 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/05 13:06:48.0765 5784 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/05 13:06:48.0875 5784 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/05 13:06:48.0953 5784 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/05 13:06:49.0000 5784 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/05 13:06:49.0062 5784 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/05 13:06:49.0125 5784 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/05 13:06:49.0171 5784 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/05 13:06:49.0203 5784 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/05 13:06:49.0265 5784 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/05 13:06:49.0328 5784 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/05 13:06:49.0390 5784 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/05 13:06:49.0453 5784 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/05 13:06:49.0484 5784 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/05 13:06:49.0562 5784 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/05 13:06:49.0609 5784 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/05 13:06:49.0687 5784 hwdatacard (008ada74e3028fced5145f4f74230d4b) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/06/05 13:06:49.0781 5784 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/05 13:06:49.0843 5784 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/05 13:06:50.0046 5784 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/05 13:06:50.0171 5784 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/05 13:06:50.0218 5784 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/05 13:06:50.0281 5784 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/05 13:06:50.0328 5784 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/05 13:06:50.0406 5784 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/05 13:06:50.0484 5784 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/05 13:06:50.0546 5784 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/05 13:06:50.0609 5784 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/05 13:06:50.0656 5784 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/05 13:06:50.0718 5784 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/05 13:06:50.0765 5784 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2011/06/05 13:06:50.0812 5784 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2011/06/05 13:06:50.0875 5784 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2011/06/05 13:06:50.0921 5784 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2011/06/05 13:06:50.0984 5784 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2011/06/05 13:06:51.0031 5784 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/05 13:06:51.0078 5784 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/05 13:06:51.0187 5784 lvupdtio (e6784b8d8ded6054d50139481edf6724) C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys
2011/06/05 13:06:51.0250 5784 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
2011/06/05 13:06:51.0328 5784 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/05 13:06:51.0375 5784 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/05 13:06:51.0406 5784 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/05 13:06:51.0437 5784 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/06/05 13:06:51.0468 5784 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/05 13:06:51.0609 5784 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/05 13:06:51.0656 5784 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/05 13:06:51.0718 5784 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/05 13:06:51.0781 5784 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/05 13:06:51.0875 5784 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/05 13:06:51.0921 5784 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/05 13:06:51.0984 5784 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/05 13:06:52.0046 5784 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/05 13:06:52.0125 5784 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/05 13:06:52.0171 5784 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/05 13:06:52.0234 5784 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/06/05 13:06:52.0281 5784 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/05 13:06:52.0328 5784 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/05 13:06:52.0390 5784 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/05 13:06:52.0437 5784 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/05 13:06:52.0500 5784 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/05 13:06:52.0562 5784 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/05 13:06:52.0625 5784 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/05 13:06:52.0718 5784 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/05 13:06:52.0734 5784 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/05 13:06:52.0796 5784 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/05 13:06:52.0906 5784 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/05 13:06:52.0937 5784 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/05 13:06:53.0000 5784 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/05 13:06:53.0062 5784 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/05 13:06:53.0156 5784 nv (392ad6a1676fbbc80fa1dad4c9955131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/05 13:06:53.0343 5784 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/05 13:06:53.0390 5784 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/05 13:06:53.0421 5784 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/05 13:06:53.0468 5784 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/05 13:06:53.0531 5784 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/05 13:06:53.0578 5784 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/05 13:06:53.0625 5784 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/05 13:06:53.0687 5784 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/05 13:06:53.0734 5784 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/05 13:06:53.0937 5784 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/05 13:06:54.0000 5784 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/05 13:06:54.0046 5784 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/05 13:06:54.0078 5784 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/05 13:06:54.0187 5784 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/05 13:06:54.0218 5784 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/05 13:06:54.0296 5784 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/05 13:06:54.0343 5784 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/05 13:06:54.0390 5784 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/05 13:06:54.0437 5784 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/05 13:06:54.0484 5784 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/05 13:06:54.0562 5784 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/05 13:06:54.0625 5784 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/05 13:06:54.0703 5784 rimmptsk (b6e686aab08bc276d0000293f9fba0bb) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/05 13:06:54.0750 5784 rimsptsk (bcff51e0be86d6f0e2180e5142203527) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/06/05 13:06:54.0812 5784 RTL8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/05 13:06:54.0968 5784 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/06/05 13:06:55.0000 5784 s24trans (73ed6b5cac92f23f4610667b8eb8e8d6) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/05 13:06:55.0062 5784 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/05 13:06:55.0140 5784 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/05 13:06:55.0218 5784 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/05 13:06:55.0296 5784 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/05 13:06:55.0375 5784 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/05 13:06:55.0453 5784 smserial (b8c571fbf5a4b341a95cdf0de74d7b11) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/06/05 13:06:55.0546 5784 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/05 13:06:55.0625 5784 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/05 13:06:55.0671 5784 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/05 13:06:55.0750 5784 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/05 13:06:55.0828 5784 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/05 13:06:55.0890 5784 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/05 13:06:56.0078 5784 SynMini (03dc419b94c57adf3ab0fbf887b021f5) C:\WINDOWS\system32\Drivers\SynMini.sys
2011/06/05 13:06:56.0156 5784 SynScan (e4085705d8d7d4d1536d8ee907439a86) C:\WINDOWS\system32\Drivers\SynScan.sys
2011/06/05 13:06:56.0203 5784 SynTP (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/05 13:06:56.0265 5784 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/05 13:06:56.0359 5784 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/05 13:06:56.0406 5784 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/05 13:06:56.0468 5784 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/05 13:06:56.0531 5784 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/05 13:06:56.0593 5784 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
2011/06/05 13:06:56.0640 5784 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/06/05 13:06:56.0687 5784 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/06/05 13:06:56.0718 5784 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/06/05 13:06:56.0750 5784 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/06/05 13:06:56.0796 5784 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/06/05 13:06:56.0843 5784 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/06/05 13:06:56.0906 5784 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
2011/06/05 13:06:56.0937 5784 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/06/05 13:06:57.0000 5784 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/05 13:06:57.0078 5784 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/05 13:06:57.0187 5784 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/05 13:06:57.0234 5784 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/05 13:06:57.0312 5784 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/05 13:06:57.0390 5784 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/05 13:06:57.0437 5784 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/05 13:06:57.0484 5784 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/05 13:06:57.0546 5784 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/05 13:06:57.0609 5784 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/05 13:06:57.0687 5784 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/05 13:06:57.0781 5784 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/05 13:06:57.0890 5784 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/05 13:06:57.0984 5784 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/05 13:06:58.0109 5784 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/05 13:06:58.0203 5784 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/05 13:06:58.0203 5784 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/05 13:06:58.0203 5784 ================================================================================
2011/06/05 13:06:58.0203 5784 Scan finished
2011/06/05 13:06:58.0203 5784 ================================================================================
2011/06/05 13:06:58.0218 5504 Detected object count: 1
2011/06/05 13:06:58.0218 5504 Actual detected object count: 1
2011/06/05 13:07:26.0203 5504 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/05 13:07:26.0203 5504 \Device\Harddisk0\DR0 - ok
2011/06/05 13:07:26.0203 5504 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/05 13:07:36.0953 4168 Deinitialize success
Och så DDS-log:
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 13:22:46 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1463 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
svchost.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\Zzigei.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [5GUTNY6MFK] c:\windows\Zzigei.exe
uRun: [R8388QA8U8] c:\docume~1\magnus~1\locals~1\temp\Zwj.exe
uRun: [Lzitaneyulexahe] rundll32.exe "c:\windows\stlgfg.dll",Startup
uRun: [lss700dbgg.exe] c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [p7za4d] c:\docume~1\magnus~1\locals~1\temp\h25lm4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.74,93.188.161.7
Notify: cryptnet32 - cryptnet32.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
.
=============== Created Last 30 ================
.
2011-06-04 17:05:07 380928 --sha-w- c:\documents and settings\magnus petterson\local settings\application data\xaa.exe
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55
2011-05-25 23:54:12 231424 ----a-w- c:\windows\Zzigek.exe
2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
2011-05-21 14:08:27 152064 ----a-w- c:\windows\Zzigej.exe
2011-05-21 07:32:59 152064 ----a-w- c:\windows\Zzigei.exe
2011-05-20 06:26:50 152064 ----a-w- c:\windows\Zzigeh.exe
2011-05-19 17:35:55 152064 ----a-w- c:\windows\Zzigeg.exe
2011-05-19 17:35:46 152064 ----a-w- c:\windows\Zzigef.exe
2011-05-19 05:04:24 152064 ----a-w- c:\windows\Zzigee.exe
2011-05-17 15:19:43 152064 ----a-w- c:\windows\Zziged.exe
2011-05-17 05:16:59 152064 ----a-w- c:\windows\Zzigec.exe
2011-05-16 07:38:01 152064 ----a-w- c:\windows\Zzigeb.exe
2011-05-16 07:37:50 152064 ----a-w- c:\windows\Zzigea.exe
.
==================== Find3M ====================
.
2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll
2011-04-24 00:40:06 49152 ----a-w- c:\windows\system32\cryptnet32.dll
.
============= FINISH: 13:23:13,75 ===============
-
Här kommer loggfilen och den andra bifogas.
Mape
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Magnus Petterson at 11:07:38 on 2011-06-05
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1383 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\Zzigei.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [5GUTNY6MFK] c:\windows\Zzigei.exe
uRun: [R8388QA8U8] c:\docume~1\magnus~1\locals~1\temp\Zwj.exe
uRun: [Lzitaneyulexahe] rundll32.exe "c:\windows\stlgfg.dll",Startup
uRun: [lss700dbgg.exe] c:\documents and settings\magnus petterson\application data\b0eaf52d001f49a536e12421f068cd55\lss700dbgg.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [sMSERIAL] c:\windows\sm56hlpr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ASUS Live Update] c:\program files\asus\asus live update\ALU.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\asustek\asusdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Power_Gear] c:\program files\asus\power4 gear\BatteryLife.exe 1
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mExplorerRun: [p7za4d] c:\docume~1\magnus~1\locals~1\temp\h25lm4.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Lägg till i Skydd mot webbannonser - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.74,93.188.161.7
Notify: cryptnet32 - cryptnet32.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-10-3 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340520]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-1-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-1-2 8278]
S3 GETPADD;GETPADD;\??\c:\windows\system32\drivers\getpadd.sys --> c:\windows\system32\drivers\GETPADD.sys [?]
.
=============== Created Last 30 ================
.
2011-06-04 21:37:12 26624 ----a-w- c:\windows\system32\dll.dll
2011-06-04 17:05:07 380928 --sha-w- c:\documents and settings\magnus petterson\local settings\application data\xaa.exe
2011-06-01 10:53:43 -------- d-----w- c:\program files\PageRage
2011-06-01 10:53:37 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-01 10:53:01 -------- d-----w- c:\documents and settings\magnus petterson\application data\B0EAF52D001F49A536E12421F068CD55
2011-05-25 23:54:12 231424 ----a-w- c:\windows\Zzigek.exe
2011-05-22 13:02:21 -------- d-----w- c:\documents and settings\all users\application data\dC28601MlHgC28601
2011-05-21 20:05:19 -------- d-----w- c:\documents and settings\magnus petterson\local settings\application data\WinZip
2011-05-21 14:08:27 152064 ----a-w- c:\windows\Zzigej.exe
2011-05-21 07:32:59 152064 ----a-w- c:\windows\Zzigei.exe
2011-05-20 06:26:50 152064 ----a-w- c:\windows\Zzigeh.exe
2011-05-19 17:35:55 152064 ----a-w- c:\windows\Zzigeg.exe
2011-05-19 17:35:46 152064 ----a-w- c:\windows\Zzigef.exe
2011-05-19 05:04:24 152064 ----a-w- c:\windows\Zzigee.exe
2011-05-17 15:19:43 152064 ----a-w- c:\windows\Zziged.exe
2011-05-17 05:16:59 152064 ----a-w- c:\windows\Zzigec.exe
2011-05-16 07:38:01 152064 ----a-w- c:\windows\Zzigeb.exe
2011-05-16 07:37:50 152064 ----a-w- c:\windows\Zzigea.exe
.
==================== Find3M ====================
.
2011-05-12 12:05:08 296992 ----a-w- c:\windows\system32\shimg.dll
2011-04-24 00:40:06 49152 ----a-w- c:\windows\system32\cryptnet32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEKT-00F3T0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A65E6F0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a664a10]; MOV EAX, [0x8a664a8c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6DAAB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000072[0x8A6B23B8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A6E0940]
\Driver\atapi[0x8A6D4270] -> IRP_MJ_CREATE -> 0x8A65E6F0
error: Read En enhet som är ansluten till datorn fungerar inte.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A65E53B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:09:18,59 ===============
-
Hej,
Har problem med Antimalware Doctor. Med jämna mellanrum dyker det upp varningsrutor för virusangrepp eller intrångsförsök blandat med uppmaningar om att registrera och köpa produkten.
Ibland minimeras alla öppna fönster och man uppmanas att registrera, svarar man nej kommer öppna fönster tillbaka.
Antimalware Doctor dök upp som en post i Alla program, men Uninstall-kommandot tog enbart bort genvägen därifrån - allt annat verkar vara kvar. Genvägen gick till "C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe"
Förutom lss700dbgg.exe finns även enemies-names.txt, local.ini, lsrslt.ini och upd_debug.exe i denna mapp.
Tacksam för hjälp att bli av med detta.
Hälsningar
Mape
PS. När jag skulle skapa tråden i forumet från den angripna dator fick jag besked om att sidan inte kunde visas, så jag fick använda en annan.DS
Bifogar log från HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09:00, on 2011-06-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Zzigei.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\mape.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [5GUTNY6MFK] C:\WINDOWS\Zzigei.exe
O4 - HKCU\..\Run: [R8388QA8U8] C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\Zwj.exe
O4 - HKCU\..\Run: [Lzitaneyulexahe] rundll32.exe "C:\WINDOWS\stlgfg.dll",Startup
O4 - HKCU\..\Run: [lss700dbgg.exe] C:\Documents and Settings\Magnus Petterson\Application Data\B0EAF52D001F49A536E12421F068CD55\lss700dbgg.exe
O4 - HKLM\..\Policies\Explorer\Run: [p7za4d] C:\DOCUME~1\MAGNUS~1\LOCALS~1\Temp\h25lm4.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lägg till i Skydd mot webbannonser - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtuellt tangentbord - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: K&ontroll av webbadresser - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Visa eller dölj HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256894838109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256895652843
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.74,93.188.161.7
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: cryptnet32 - C:\WINDOWS\SYSTEM32\cryptnet32.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 10701 bytes
-
Nu återstår bara en sista städomgång:
Nu är detta gjort och datorn mår bra igen Hjärtlig tack för hjälpen!
När jag gjorde detta uppkom en undran:
Jag skulle jämföra ATF-Cleaner med städfunktionen i IE8 och hittade då något som verkar skadat. Nu undrar jag om detta kan ha samband med borttagandet av den skadliga koden?
På Egenskaper för IE8, under fliken Allmänt, under rubriken Webbhistorik klickade jag på knappen Inställningar och fick då upp dialogrutan Inställningar för temporära Internetfiler och Tidigare. Om jag där klickar på knappen Visa objekt får jag upp innehållet i C:\Downloaded Program Files och där finns tre filer som heter Java Runtime Environment 1.6.0 och två filer MUWebControl Class, samtliga med Status Installerat.
Dessutom finns en fil med Status Skadad:
{E2883E8F-472F-4FBO-9522-AC9BF37916A7}
Om jag högerklickar Egenskaper för denna fil får jag fram att det är
ActiveX-kontroll som skapades 2006-12-26 har 0 byte i storlek, Status=skadad och Kodbas=http://platformdl.adobe.com/NOS/getPlusPlus/1.
Under fliken Beroende:
C\WINDOWS\DOWNLOADE...\GP.OCX* Skadad
C\WINDOWS\DOWNLOADED...\GP.INF* Skadad
C:\WINDOWS\SYSTEM32\ATL.DLL* 61,440
Under fliken Version: 1.6.2.49
Är detta något som ska tas bort och reinstalleras eller bara struntas i?
MaPe
-
Kasperskys log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, February 17, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, February 17, 2010 13:04:39
Records in database: 3544318
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Objects scanned: 56049
Threats found: 1
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 01:43:47
File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Magnus Petterson\Local Settings\Application Data\wjnwiq\sivasftav.exe.vir Infected: Trojan.Win32.FraudPack.akyn 1
C:\Qoobox.zip Infected: Trojan.Win32.FraudPack.akyn 1
C:\System Volume Information\_restore{9EB4FAEC-07CE-495B-8BBE-AEECE64D0545}\RP8\A0004650.exe Infected: Trojan.Win32.FraudPack.akyn 1
Selected area has been scanned.
-
Här kommer den nya ComboFix-loggen:
ComboFix 10-02-12.01 - Magnus Petterson 2010-02-17 12:43:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1476 [GMT 1:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\Magnus Petterson\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
(((((((((((((((((((((((( Filer Skapade från 2010-01-17 till 2010-02-17 ))))))))))))))))))))))))))))))
.
2010-02-17 11:48 . 2003-07-29 02:18 3839 ----a-w- c:\windows\system32\drivers\GETPADD.sys
2010-02-16 22:22 . 2010-02-16 22:22 428772 ----a-w- C:\Qoobox.zip
2010-02-14 14:08 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 14:08 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 14:08 . 2010-02-14 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 14:05 . 2010-02-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-12 15:34 . 2010-02-12 15:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 22:39 . 2010-02-12 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2010-02-10 23:50 . 2010-02-10 23:50 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2010-02-10 23:50 . 2010-02-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 22:19 . 2010-02-10 22:19 -------- d-----w- c:\program files\Trend Micro
2010-02-07 19:45 . 2010-02-07 19:45 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\ESET
2010-02-07 19:38 . 2010-02-07 19:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 11:38 . 2009-11-05 23:22 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\HPAppData
2010-01-25 11:35 . 2009-11-14 15:22 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\HpUpdate
2010-01-17 22:33 . 2009-11-14 15:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2006-09-18 15:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-09-18 15:07 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-12-26 21:20 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:01 . 2009-12-16 17:54 19545 ----a-w- c:\windows\hpqins13.dat
2009-12-14 07:08 . 2006-09-18 15:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08 . 2006-09-18 15:07 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2009-12-08 09:23 . 2006-09-18 15:07 474112 ----a-w- c:\windows\system32\shlwapi(2)(2).dll
2009-12-04 18:22 . 2006-09-18 15:07 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-09-18 15:07 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-03 23:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-09-18 15:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-09-18 15:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2006-09-18 15:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-03 23:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 04:26 . 2009-11-27 04:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 15:51 . 2006-09-18 15:07 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-15_23.56.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 11:48 . 2010-02-17 11:48 16384 c:\windows\temp\Perflib_Perfdata_73c.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 1410304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Magnus Petterson\Start Menu\Programs\Startup\
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2009-11-27 868352]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-11-14 30728]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-14 455936]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-17 12:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\ACEngSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
c:\windows\system32\dllhost.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Sluttid: 2010-02-17 12:52:09 - datorn startades om.
ComboFix-quarantined-files.txt 2010-02-17 11:52
ComboFix2.txt 2010-02-15 23:58
Före genomsökningen: 33 708 322 816 bytes free
Efter genomsökningen: 33 673 461 760 bytes free
- - End Of File - - 8BDE6FCC976FF13E9A33DD1DF29F3A8B
-
Här kommer ComboFix-loggen. Frågan om installation av återställningskonsolen kom upp, så det gjorde jag. Jag behövde inte installera om mitt USB-modem, inga problem i övrigt.
MaPe
ComboFix 10-02-12.01 - Magnus Petterson 2010-02-16 0:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1033.18.2047.1497 [GMT 1:00]
Körs från: c:\documents and settings\Magnus Petterson\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Magnus Petterson\Local Settings\Application Data\wjnwiq
c:\documents and settings\Magnus Petterson\Local Settings\Application Data\wjnwiq\sivasftav.exe
.
(((((((((((((((((((((((( Filer Skapade från 2010-01-15 till 2010-02-15 ))))))))))))))))))))))))))))))
.
2010-02-14 14:08 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-14 14:08 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-14 14:08 . 2010-02-14 14:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-14 14:05 . 2010-02-14 14:05 -------- d-----w- c:\program files\CCleaner
2010-02-12 15:34 . 2010-02-12 15:34 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-11 22:39 . 2010-02-12 15:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware(2)
2010-02-10 23:50 . 2010-02-10 23:50 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\Malwarebytes
2010-02-10 23:50 . 2010-02-10 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-10 22:19 . 2010-02-10 22:19 -------- d-----w- c:\program files\Trend Micro
2010-02-07 19:45 . 2010-02-07 19:45 -------- d-----w- c:\documents and settings\Magnus Petterson\Local Settings\Application Data\ESET
2010-02-07 19:38 . 2010-02-07 19:38 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData
2010-02-07 19:30 . 2010-02-07 19:30 173056 --sha-r- c:\windows\system32\senscfgr.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 23:40 . 2009-11-05 23:22 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\HPAppData
2010-01-25 11:35 . 2009-11-14 15:22 -------- d-----w- c:\documents and settings\Magnus Petterson\Application Data\HpUpdate
2010-01-17 22:33 . 2009-11-14 15:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-31 16:50 . 2006-09-18 15:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-09-18 15:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-12-26 21:20 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:01 . 2009-12-16 17:54 19545 ----a-w- c:\windows\hpqins13.dat
2009-12-14 07:08 . 2006-09-18 15:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08 . 2006-09-18 15:07 33280 ----a-w- c:\windows\system32\csrsrv(2)(2).dll
2009-12-08 09:23 . 2006-09-18 15:07 474112 ----a-w- c:\windows\system32\shlwapi(2)(2).dll
2009-12-04 18:22 . 2006-09-18 15:07 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-09-18 15:07 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-03 23:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-09-18 15:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 21:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-09-18 15:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2006-09-18 15:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-03 23:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 04:26 . 2009-11-27 04:26 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-21 15:51 . 2006-09-18 15:07 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-03-13 19543592]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-16 7561216]
"nwiz"="nwiz.exe" [2006-03-16 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-16 86016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-03-21 544768]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-03 16206848]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 180224]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-02-15 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-14 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2006-02-21 17920]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 1410304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Magnus Petterson\Start Menu\Programs\Startup\
Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [2009-11-27 868352]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-11-14 30728]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-11-14 455936]
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;c:\windows\system32\drivers\SynMini.sys [2006-01-20 841110]
R3 SynScan;ASUS WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-01-02 8278]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Innehållet i mappen 'Schemalagda aktiviteter':
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.asus.com/
uInternet Connection Wizard,ShellNext = hxxp://www.asus.com/
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 00:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|ÿÿÿÿÀ|ùA~*]
"D140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Sluttid: 2010-02-16 00:58:30
ComboFix-quarantined-files.txt 2010-02-15 23:58
Före genomsökningen: 33 539 063 808 bytes free
Efter genomsökningen: 33 524 412 416 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 3066E8EC1363E9936DEC4F8394DB9B5B
-
Det ska inte vara några problem. Du tänker att jag ska göra enligt tidigare instruktion och när allt är klart installerar jag om modemet?
Du skrev att automatisk uppspelning förhindrades av ComboFix, det innebär att man istället får gå via Den här datorn och manuellt aktivera den önskade enheten?
-
Tyvärr är det det sistnämnda som gäller, för närvarande endast mobilt bredband via USB-modem.
Uppstädning efter polistrojan [LÖST]
i Borttagning av virus och andra skadliga program
Postad
Tack så hjärtligt för all hjälp och ha det så gott!