Tony Posted November 7, 2008 Share Posted November 7, 2008 ********************************************* 2009-01-08: Tråden är nu låst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Har fått något konstigt i min dator. när jag öppnar webbläsaren -IE- så öppnas flera andra sidor samtidigt. Efter en kort stund försvinner de och min riktiga hemsida öppnas. Har McAffe site advisor och den flaggar rött på dessa sidor. Mitt bredbandsmodem verkar att gå hela tiden, lampan blinkar oupphörligt. Datorn är också väldigt långsam, och det är svårt att få något att fungera. Har "Telia säker surf" som jag har kört flera gånger men inte hittat något. Har även kört Malwarebytes, CCleaner och Spybot- search and destroy utan resultat. Tony. Link to comment Share on other sites More sharing options...
e-son Posted November 7, 2008 Share Posted November 7, 2008 Du har troligen en pågående infektion i datorn. Följ instruktionerna på nedanstående sida så får du hjälp! http://www.alltomxp.se/forum/index.php?top...g44667#msg44667 Link to comment Share on other sites More sharing options...
Tony Posted November 7, 2008 Author Share Posted November 7, 2008 Hej igen. Har nu följt Malous eminenta sida för HijackThis och tror att jag gjort rätt Skickar med logganså ev.Malou kan titta på den. Tack på förhandLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:42:59, on 2008-11-07 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:ProgramMicrosoft IntelliType Proitype.exe C:ProgramMicrosoft IntelliPointipoint.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE C:WINDOWSsystem32ctfmon.exe C:ProgramPersonalbinPersonal.exe C:WINDOWSSystem32alg.exe C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE C:ProgramJavajre6binjqs.exe C:ProgramMcAfeeSiteAdvisorMcSACore.exe C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe C:ProgramCDBurnerXPNMSAccessU.exe C:WINDOWSsystem32nvsvc32.exe C:ProgramRaxcoPerfectDisk2008PD91Agent.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSsystem32PnkBstrA.exe C:WINDOWSsystem32PnkBstrB.exe C:WINDOWSsystem32locator.exe C:WINDOWSsystem32tcpsvcs.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32msdtc.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe C:ProgramInternet Exploreriexplore.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe C:WINDOWSexplorer.exe C:ProgramTrend MicroHijackThisTonys.exe.exe C:WINDOWSsystem32wbemwmiprvse.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe" O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe -- End of file - 10335 bytes Link to comment Share on other sites More sharing options...
Guest Malou Posted November 7, 2008 Share Posted November 7, 2008 Hej Tony! Du har gjort alldeles rätt Vi börjar med nedanstående Gör en scanning med nedanstående scanner så får vi se vad den säger för något. Gå till nedanstående sida: http://www.virustotal.com/ 1: Klistra in ett av följande filnamn i rutan C:WINDOWSsystem32msdtc.exe C:WINDOWSSystem32dpcdll32.dll 2: Tryck på Send och vänta tills resultatet är klart (Status blir Finished). 3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information) Upprepa med nästa filnamn MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 7, 2008 Author Share Posted November 7, 2008 Hej Malou. Tack för att du hjälper mig. Här kommer resultatet Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.11.7.1 2008.11.07 - AntiVir 7.9.0.26 2008.11.07 TR/Spy.Gen Authentium 5.1.0.4 2008.11.07 W32/Heuristic-KPP!Eldorado Avast 4.8.1248.0 2008.11.06 - AVG 8.0.0.161 2008.11.07 Agent.AJDA BitDefender 7.2 2008.11.07 - CAT-QuickHeal 9.50 2008.11.07 - ClamAV 0.94.1 2008.11.07 - DrWeb 4.44.0.09170 2008.11.07 DLOADER.Trojan eSafe 7.0.17.0 2008.11.06 - eTrust-Vet 31.6.6198 2008.11.07 - Ewido 4.0 2008.11.07 - F-Prot 4.4.4.56 2008.11.06 W32/Heuristic-KPP!Eldorado F-Secure 8.0.14332.0 2008.11.07 Trojan-Downloader.Win32.Agent.aoal Fortinet 3.117.0.0 2008.11.07 - GData 19 2008.11.07 - Ikarus T3.1.1.45.0 2008.11.07 - K7AntiVirus 7.10.519 2008.11.07 - Kaspersky 7.0.0.125 2008.11.07 Trojan-Downloader.Win32.Agent.aoal McAfee 5426 2008.11.06 - Microsoft 1.4104 2008.11.07 - NOD32 3595 2008.11.07 a variant of Win32/Agent.OAF Norman 5.80.02 2008.11.07 - Panda 9.0.0.4 2008.11.07 Suspicious file PCTools 4.4.2.0 2008.11.07 - Prevx1 V2 2008.11.07 Malware Downloader Rising 21.02.42.00 2008.11.07 - SecureWeb-Gateway 6.7.6 2008.11.07 Trojan.Spy.Gen Sophos 4.35.0 2008.11.07 Mal/Behav-027 Sunbelt 3.1.1783.2 2008.11.05 - Symantec 10 2008.11.07 - TheHacker 6.3.1.1.143 2008.11.07 - TrendMicro 8.700.0.1004 2008.11.07 - VBA32 3.12.8.9 2008.11.06 - ViRobot 2008.11.7.1457 2008.11.07 - VirusBuster 4.5.11.0 2008.11.06 - Övrig information File size: 135168 bytes MD5...: 5f4fb6b0baa1543ee73f134a2339703d SHA1..: 27f92d7b8fd511af00f1b284b39a06fedb48d823 SHA256: 83f56612479b8f4a339b6f35e45d1b58a229da1dc7a77e9d2904f0a1d93102b2 SHA512: fb10974493d45f66125a31d9726b442e31bad3891e5bdc8aa52a80e267194c0d 39d8bd7977f41267f5e0fa16806f34044c2e5eb9e3f3de26b1096f47b84f304d PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10001fc1 timedatestamp.....: 0x49113276 (Wed Nov 05 05:43:18 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x150d4 0x16000 6.44 b566629051391d7469f5b66ba1d58b9f .rdata 0x17000 0x62f9 0x7000 6.29 a4653a5c80268c9a4c38e341392316ca .data 0x1e000 0x1498 0x1000 2.08 46eb391337a4ff9ec00d45f11c73b00a .reloc 0x20000 0x1a94 0x2000 5.84 29b3f505ac36c7db13d25f8d7b2e0813 ( 11 imports ) > ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv > msvcrt.dll: strtok > WS2_32.dll: -, -, WSAIoctl, -, WSAGetOverlappedResult, -, WSACreateEvent, -, WSAWaitForMultipleEvents, WSASend, WSASocketW, -, -, -, -, -, -, WSARecv > WININET.dll: InternetConnectA, HttpAddRequestHeadersA, HttpOpenRequestA, HttpSendRequestA, InternetOpenA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetSetOptionA > OLEAUT32.dll: -, - > SHLWAPI.dll: PathFileExistsA > KERNEL32.dll: EnterCriticalSection, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, FreeLibrary, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, MapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsGetValue, TlsAlloc, CreateEventA, TlsSetValue, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, lstrcpyA, CreateFileA, WaitForMultipleObjects, GetFileSize, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, CreateMutexA, lstrlenA, SetEvent, TerminateThread, OutputDebugStringA, Sleep, DuplicateHandle, GetExitCodeThread, ReleaseMutex, FlushFileBuffers, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetFileInformationByHandle, GetLastError, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, VirtualProtect, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess > USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA > ADVAPI32.dll: ControlService, RegDeleteKeyA, OpenSCManagerA, RegCreateKeyExA, CloseServiceHandle, OpenServiceA, RegQueryValueExA, ChangeServiceConfigA, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA > SHELL32.dll: ShellExecuteA, SHGetFolderPathA > ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance ( 2 exports ) DllGetClassObject, EventStartup Prevx info: http://info.prevx.com/aboutprogramtext.asp...A56E900A6DDBF82 Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.11.7.1 2008.11.07 - AntiVir 7.9.0.26 2008.11.07 - Authentium 5.1.0.4 2008.11.07 - Avast 4.8.1248.0 2008.11.06 - AVG 8.0.0.161 2008.11.07 - BitDefender 7.2 2008.11.07 - CAT-QuickHeal 9.50 2008.11.07 - ClamAV 0.94.1 2008.11.07 - DrWeb 4.44.0.09170 2008.11.07 - eSafe 7.0.17.0 2008.11.06 - eTrust-Vet 31.6.6198 2008.11.07 - Ewido 4.0 2008.11.07 - F-Prot 4.4.4.56 2008.11.06 - F-Secure 8.0.14332.0 2008.11.07 - Fortinet 3.117.0.0 2008.11.07 - GData 19 2008.11.07 - Ikarus T3.1.1.45.0 2008.11.07 - K7AntiVirus 7.10.519 2008.11.07 - Kaspersky 7.0.0.125 2008.11.07 - McAfee 5426 2008.11.06 - Microsoft 1.4104 2008.11.07 - NOD32 3595 2008.11.07 - Norman 5.80.02 2008.11.07 - Panda 9.0.0.4 2008.11.07 - PCTools 4.4.2.0 2008.11.07 - Prevx1 V2 2008.11.07 - Rising 21.02.42.00 2008.11.07 - SecureWeb-Gateway 6.7.6 2008.11.07 - Sophos 4.35.0 2008.11.07 - Sunbelt 3.1.1783.2 2008.11.05 - Symantec 10 2008.11.07 - TheHacker 6.3.1.1.143 2008.11.07 - TrendMicro 8.700.0.1004 2008.11.07 - VBA32 3.12.8.9 2008.11.06 - ViRobot 2008.11.7.1457 2008.11.07 - VirusBuster 4.5.11.0 2008.11.06 - Övrig information File size: 6144 bytes MD5...: 7a73fdeef6cf45d27edd73220eaf1c8f SHA1..: e3484c64bff319b0fa2618bb2f77c557dde85c55 SHA256: 83374c15875264e8e5595172b9690711928b1a27a4736506a9a8b21821fd8e53 SHA512: 02b3da927cc64a9bbc82b2888f511e2f16ccbac3b86de2e65d770d60e26f511a e0b8952cd26dabe76dd1868a8fb225de494f6049c6e12c138858316a1c869b58 PEiD..: - TrID..: File type identification Win32 Dynamic Link Library (generic) (65.4%) Generic Win/DOS Executable (17.2%) DOS Executable Generic (17.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40127c timedatestamp.....: 0x46647733 (Mon Jun 04 20:33:55 2007) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x754 0x800 5.60 a550b0bc8ee8e390532fdec4aa7abeb4 .data 0x2000 0x24 0x200 0.06 03cbffffede4434fbef2f26e0d64c6de .rsrc 0x3000 0x840 0xa00 3.31 6d932478ac97bfd7cf753ed0ccd7ca77 ( 3 imports ) > KERNEL32.dll: GetCommandLineW, GetModuleHandleA, GetStartupInfoW > msvcrt.dll: __2@YAPAXI@Z, _c_exit, _exit, _XcptFilter, _cexit, exit, _wcmdln, __wgetmainargs, wcstok, wcslen, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, __setusermatherr, wcscpy, __3@YAXPAX@Z, _initterm > MSDTCTM.dll: - Link to comment Share on other sites More sharing options...
Guest Malou Posted November 7, 2008 Share Posted November 7, 2008 Hej Tony! Varsegod! Hmmm nu blir det lite svårtytt här då du inte uppgett filsignaturen till scanningarna. Så vilken fil tillhör vilken scanning? En av dem är en elaking och som vi bör åtgärda. MVH/Malou Link to comment Share on other sites More sharing options...
Guest Malou Posted November 7, 2008 Share Posted November 7, 2008 Hej Tony! Ber om ursäkt för det hastiga avbrottet mitt upp i allt här :-[ Men nu är jag tillbaka igen Hämta hem ComboFix från nedanstående länk: http://download.bleepingcomputer.com/sUBs/ComboFix.exe 1: Spara ComboFix till skrivbordet: OBS: Dra ur Internetanslutningen => stäng av/avaktivera antivirusprogram/antispionprogram. Gå nu vidare med nedanstående:. 1: Dubbelklicka på ComboFix för att starta den 2: Följ anvisningarna som visas på skärmen. 3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den här Kan även hittas här => (C:ComboFix.txt) 4: Gör en ny TM HJT-logg, kopiera även in den. VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig. OBS: Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet. OBSERVERA: Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös). Om problem uppstår prova då nedanstående. Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera ELLER Starta om datorn. VARNING!: ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 8, 2008 Author Share Posted November 8, 2008 Hej igen Malou. Nu är jag igång igen. Här kommer loggan. Jag blev tvingad att starta om datorn för att få allt att fungera igen, därför vet jag inte var loggan för Combofix tog vägen. hoppas att det är denna som jag skickar med. 2007 Microsoft Office Suite Service Pack 1 (SP1) Adobe Flash Player 10 ActiveX Adobe Shockwave Player 11 Advanced WindowsCare Personal AI Booster AiO_Scan_CDA AiOSoftwareNPI AMD Processor Driver Apple Software Update ASUSUpdate µTorrent Brothers in Arms: Hell's Highway BufferChm C4100 c4100_Help Call of Duty® 2 Call of Duty® 2 Patch 1.2 Call of Duty® 2 Patch 1.3 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.1 Patch Call of Duty® 4 - Modern Warfare 1.2 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch CCleaner (remove only) CDBurnerXP Convert Cool & Quiet CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig Crysis WARHEAD® Crysis® CueTour CustomerResearchQFolder Destinations DeviceManagementQFolder DivX Codec DivX Converter DivX Player DivX Web Player DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder Dual-Core Optimizer EA Download Manager eSupportQFolder Far Cry Far Cry (Patch 1) Far Cry (Patch 1.4) Far Cry 2 Fax_CDA filehippo.com Update Checker Foxit Reader Frontlines: Fuel of War FullDPAppQFolder Gears of War Google Earth Harry Potter och Fenixorden HDD Health v3.3 Beta Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915800-v4) HP Update HPPhotoSmartExpress HPProductAssistant InstantShareDevices InstantShareDevicesMFC IZArc 3.81 Java 6 Update 10 Kartex LimeWire PRO 4.18.8 Malwarebytes' Anti-Malware MarketResearch McAfee SiteAdvisor Medal of Honor Airborne Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 1.1 Swedish Language Pack Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - SVE Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - SVE Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Language Pack - sve Microsoft Application Error Reporting Microsoft Baseline Security Analyzer 2.1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Games for Windows - LIVE Redistributable Microsoft IntelliPoint 6.3 Microsoft IntelliType Pro 6.3 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (Swedish) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Swedish) 2007 Microsoft Office Groove MUI (Swedish) 2007 Microsoft Office InfoPath MUI (Swedish) 2007 Microsoft Office OneNote MUI (Swedish) 2007 Microsoft Office Outlook MUI (Swedish) 2007 Microsoft Office PowerPoint MUI (Swedish) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (Finnish) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Swedish) 2007 Microsoft Office Proofing (Swedish) 2007 Microsoft Office Publisher MUI (Swedish) 2007 Microsoft Office Shared MUI (Swedish) 2007 Microsoft Office Word MUI (Swedish) 2007 Microsoft Silverlight Microsoft Software Update for Web Folders (Swedish) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable MSXML 4.0 SP2 (KB936181) NewCopy_CDA NätLex 1.1.11 NVIDIA Drivers NVIDIA PhysX v8.10.13 Pack Vista Inspirat 2 1.0 Panda ActiveScan 2.0 PanoStandAlone PerfectDisk 2008 Professional Personal 4.9.3 PhotoGallery ProductContextNPI PunkBuster Services QuickTime RandMap Readme Realtek AC'97 Audio Scan ScannerCopy Security Update for 2007 Microsoft Office System (KB951944) Security Update for 2007 Microsoft Office System (KB955936) Security Update for Microsoft Office Excel 2007 (KB955470) Security Update for Microsoft Office OneNote 2007 (KB950130) Security Update for Microsoft Office PowerPoint 2007 (KB951338) Security Update for Microsoft Office Publisher 2007 (KB950114) Security Update for Microsoft Office system 2007 (KB951808) Security Update for Microsoft Office system 2007 (KB954326) Security Update for Microsoft Office Word 2007 (KB950113) SkinsHP1 SlideShow Snabbkorrigering för Windows Media Player 11 (KB939683) Snabbkorrigering för Windows XP (KB952287) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127-v2) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390) Säkerhetsuppdatering för Windows Media Player 11 (KB936782) Säkerhetsuppdatering för Windows Media Player 11 (KB954154) Säkerhetsuppdatering för Windows XP (KB923789) Säkerhetsuppdatering för Windows XP (KB938464) Säkerhetsuppdatering för Windows XP (KB941569) Säkerhetsuppdatering för Windows XP (KB946648) Säkerhetsuppdatering för Windows XP (KB950762) Säkerhetsuppdatering för Windows XP (KB950974) Säkerhetsuppdatering för Windows XP (KB951066) Säkerhetsuppdatering för Windows XP (KB951376-v2) Säkerhetsuppdatering för Windows XP (KB951698) Säkerhetsuppdatering för Windows XP (KB951748) Säkerhetsuppdatering för Windows XP (KB952954) Säkerhetsuppdatering för Windows XP (KB953839) Säkerhetsuppdatering för Windows XP (KB954211) Säkerhetsuppdatering för Windows XP (KB956391) Säkerhetsuppdatering för Windows XP (KB956803) Säkerhetsuppdatering för Windows XP (KB956841) Säkerhetsuppdatering för Windows XP (KB957095) Säkerhetsuppdatering för Windows XP (KB958644) SolutionCenter Sonic_PrimoSDK Språkpaket för Microsoft .NET Framework 3.5 - Swedish Spybot - Search & Destroy Stadskartan Status System Requirements Lab Telia Säker Surf Tom Clancy's Rainbow Six Vegas 2 Toolbox TrayApp TuneUp Utilities 2008 Uniblue RegistryBooster 2009 Unload Unlocker 1.8.7 Update for Microsoft Office Outlook 2007 (KB952142) Update for Office 2007 (KB946691) Update for Outlook 2007 Junk Email Filter (kb957258) Uppdatering för Windows XP (KB898461) Uppdatering för Windows XP (KB943729) Uppdatering för Windows XP (KB951072-v2) Uppdatering för Windows XP (KB951978) Uppgradering till Kartex 5.02.42 WebFldrs XP WebReg Webshots Desktop Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:49, on 2008-11-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:ProgramMicrosoft IntelliType Proitype.exe C:ProgramMicrosoft IntelliPointipoint.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE C:WINDOWSsystem32ctfmon.exe C:ProgramPersonalbinPersonal.exe C:WINDOWSSystem32alg.exe C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE C:WINDOWSSystem32svchost.exe C:ProgramJavajre6binjqs.exe C:ProgramMcAfeeSiteAdvisorMcSACore.exe C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe C:ProgramCDBurnerXPNMSAccessU.exe C:WINDOWSsystem32nvsvc32.exe C:ProgramRaxcoPerfectDisk2008PD91Agent.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSsystem32PnkBstrA.exe C:WINDOWSsystem32PnkBstrB.exe C:WINDOWSsystem32locator.exe C:WINDOWSsystem32tcpsvcs.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe C:WINDOWSsystem32dllhost.exe C:WINDOWSsystem32msdtc.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe C:WINDOWSexplorer.exe C:ProgramTrend MicroHijackThisTonys.exe.exe C:WINDOWSsystem32wbemwmiprvse.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe" O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe -- End of file - 9925 bytes Link to comment Share on other sites More sharing options...
Guest Malou Posted November 8, 2008 Share Posted November 8, 2008 Hej Tony! Nej den loggan är det inte. Du skall/bör hitta ComboFixloggan här => (C:ComboFix.txt) <= som jag nämnde i proceduren. Om du hittar den så kopiera in den hit till din tråd. Vad var det som förorsakade att du blev tvingad att starta om datorn? MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 8, 2008 Author Share Posted November 8, 2008 Hej igen. Orsaken till omstarten var att jag inte kunde starta om "Telia säker surf", det var helt kört. Därför ville jag inte starta internet heller. Har letat i Combo Fix mapp men tyvärr inte hittat txt-filen. Det börjar att luta åt att formatera Hd Mvh. Tony Link to comment Share on other sites More sharing options...
Guest Malou Posted November 8, 2008 Share Posted November 8, 2008 Hej Tony! Orsaken till omstarten var att jag inte kunde starta om "Telia säker surf", det var helt kört. Därför ville jag inte starta internet heller. Ok. Är du uppkopplad via USB eller liknande exempelvis trådlös uppkoppling? Skrev en varning ang detta i instruktionen. ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. Har letat i Combo Fix mapp men tyvärr inte hittat txt-filen.Det börjar att luta åt att formatera Hd Den skall ligga som en egen textfil => (C:ComboFix.txt) <= Formatera skall man inte behöva göra Det är det sista man tar till då absolut ingenting annat hjälper. Gör ett nytt försök med ComboFix. Uppdatera den först. Gör sedan scanningen enligt tidigare instruktioner för ComboFix. Kopiera in loggan hit till din tråd. Om ovanstående mot förmodan ändå inte lyckas eller du känner att du inte vill ge dig på detta så gör nedanstående istället. Detta verktyg gör enbart en genomsökning och åtgärdar ingenting av det som visas det får man göra manuellt. Hämta hem RSIT från nedanstående länkhttp://images.malwareremoval.com/random/RSIT.exe 1: Spara den till skrivbordet 2: Dubbelklicka på verktyget för att starta RSIT 3: Då den scannat klart produceras en textfil i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:rsit 4: Kopiera in den loggan hit till din tråd MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 8, 2008 Author Share Posted November 8, 2008 Hej igen Malou. Har kört programmet igen och sparat loggan på en annan Hd. Så här kommer den Hoppas det går bättre nu. Skicka även loggan på Hijackis. Måste skicka det var för sig när det blev för stort Tony. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:19:43, on 2008-11-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSSOUNDMAN.EXE C:ProgramMicrosoft IntelliType Proitype.exe C:ProgramMicrosoft IntelliPointipoint.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE C:WINDOWSsystem32ctfmon.exe C:ProgramPersonalbinPersonal.exe C:WINDOWSSystem32alg.exe C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE C:ProgramJavajre6binjqs.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe C:ProgramMcAfeeSiteAdvisorMcSACore.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe C:WINDOWSsystem32msiexec.exe C:ProgramCDBurnerXPNMSAccessU.exe C:WINDOWSsystem32nvsvc32.exe C:ProgramRaxcoPerfectDisk2008PD91Agent.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSsystem32PnkBstrA.exe C:WINDOWSsystem32PnkBstrB.exe C:WINDOWSsystem32locator.exe C:WINDOWSsystem32tcpsvcs.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe C:WINDOWSsystem32msdtc.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe C:WINDOWSsystem32wuauclt.exe C:WINDOWSexplorer.exe C:ProgramTrend MicroHijackThisTonys.exe.exe C:WINDOWSsystem32wbemwmiprvse.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe" O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe -- End of file - 10072 bytes Link to comment Share on other sites More sharing options...
Tony Posted November 8, 2008 Author Share Posted November 8, 2008 Hej. Här kommer ComboFix. måste dela det på två. Tony. ComboFix 08-11-07.01 - Administratör 2008-11-08 14:08:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.2474 [GMT 1:00] Running from: c:documents and settingsAdministratörSkrivbordComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 ))))))))))))))))))))))))))))))) . 2008-11-08 11:56 . 2008-11-08 11:56 <KAT> d-------- c:windowsMcAfee.com 2008-11-08 11:56 . 2008-11-08 11:56 <KAT> d-------- c:windowsLastGood 2008-11-08 11:29 . 2008-11-08 11:33 <KAT> d-a------ c:documents and settingsAll UsersApplication DataTEMP 2008-11-07 11:37 . 2008-11-07 11:37 <KAT> d-------- c:programTrend Micro 2008-11-07 07:09 . 2008-11-07 07:09 <KAT> d--hs---- c:windowssystem32GroupPolicyManifest 2008-11-06 21:30 . 2008-11-07 11:11 <KAT> d-------- c:programPanda Security 2008-11-06 21:30 . 2008-06-19 17:24 28,544 --a------ c:windowssystem32driverspavboot.sys 2008-11-06 20:34 . 2008-11-06 20:36 <KAT> d-------- c:programSpybot - Search & Destroy 2008-11-06 09:35 . 2008-11-07 07:26 8,230 --a------ c:windowsGnuHashes.ini 2008-11-06 09:23 . 2008-11-06 09:23 318,976 --ahs---- c:windowssystem321543.tmp 2008-11-06 09:23 . 2008-11-06 09:23 135,168 --a------ c:windowssystem32dpcdll32.dll 2008-11-06 09:23 . 2008-11-07 07:09 1,397 --ahs---- c:windowssystem32GroupPolicy000.dat 2008-11-06 07:55 . 2008-11-04 18:24 39,157 --a------ c:windows_DETMP.1 2008-11-05 07:05 . 2008-11-05 13:06 <KAT> d-------- c:programMcAfee 2008-11-05 07:05 . 2008-11-05 07:05 <KAT> d-------- c:programDelade filerMcAfee 2008-11-04 14:09 . 2008-11-04 14:11 <KAT> d-------- c:documents and settingsAdministratörApplication DataU3 2008-11-02 12:47 . 2008-11-02 12:47 30,856 --a------ c:windowssystem32driversfsbts.sys 2008-11-02 12:42 . 2008-11-02 12:42 <KAT> d-------- c:programTelia 2008-11-02 12:42 . 2008-09-23 14:35 79,904 --a------ c:windowssystem32driversfsdfw.sys 2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans 2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans 2008-11-02 12:04 . 2008-11-02 12:04 <KAT> d-------- c:programMicrosoft Baseline Security Analyzer 2 2008-11-02 10:55 . 2008-11-02 10:55 <KAT> d-------- c:programMicrosoft IntelliPoint 2008-11-02 10:55 . 2008-06-10 13:04 31,048 --a------ c:windowssystem32driverspoint32.sys 2008-11-02 10:41 . 2008-11-02 10:41 <KAT> d-------- c:programIObit 2008-11-01 16:52 . 2008-11-01 16:52 <KAT> d-------- c:programCCleaner 2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:programUniblue 2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d--h-c--- c:documents and settingsAll UsersApplication Data{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:documents and settingsAdministratörApplication DataUniblue 2008-10-31 10:23 . 2008-10-31 10:23 <KAT> d-------- c:programMicrosoft IntelliType Pro 2008-10-30 21:17 . 2008-10-30 21:17 410,976 --a------ c:windowssystem32deploytk.dll 2008-10-30 20:56 . 2008-10-30 20:56 <KAT> d-------- c:documents and settingsAdministratörApplication DataInstallShield 2008-10-30 20:56 . 2006-07-01 23:21 43,520 --a------ c:windowssystem32driversAmdK8.sys 2008-10-30 11:14 . 2008-10-30 11:20 20 --a------ c:windowssystem32PDBootState 2008-10-30 10:12 . 2008-10-30 10:12 <KAT> d-------- c:programRealtek AC97 2008-10-29 13:23 . 2005-07-26 07:02 923,520 --a------ c:windowssystem32driversnvmcp.sys 2008-10-29 13:23 . 2005-07-26 07:01 415,360 --a------ c:windowssystem32driversnvapu.sys 2008-10-29 13:23 . 2005-07-26 07:02 66,688 --a------ c:windowssystem32driversnvarm.sys 2008-10-29 13:23 . 2005-07-26 07:02 54,272 --a------ c:windowssystem32nvopenal.dll 2008-10-29 13:23 . 2005-07-26 06:58 53,376 --a------ c:windowssystem32driversnvax.sys 2008-10-29 13:23 . 2005-07-20 17:08 33,280 --a------ c:windowssystem32NVCOAD.DLL 2008-10-29 13:23 . 2005-07-26 07:02 30,208 --a------ c:windowssystem32nvasio.dll 2008-10-29 13:23 . 2005-07-26 07:02 21,504 --a------ c:windowssystem32OpenAL32.dll 2008-10-29 13:23 . 2005-07-26 07:02 7,680 --a------ c:windowssystem32nvack.dll 2008-10-29 13:23 . 2005-07-26 07:02 5,120 --a------ c:windowssystem32ALut.dll 2008-10-29 09:37 . 2008-10-29 09:37 <KAT> d-------- c:windows74224F8D4A1748169EDB7BB854DE532C.TMP 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx0c.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx07.dll 2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:windowssystem32divx_xx0a.dll 2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:windowssystem32divx_xx11.dll 2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:windowssystem32divxdec.ax 2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:windowssystem32DivX.dll 2008-10-28 11:06 . 2008-10-28 11:06 107,888 --a------ c:windowssystem32CmdLineExt.dll 2008-10-28 10:41 . 2008-10-30 10:34 <KAT> d-------- c:programUbisoft 2008-10-28 08:12 . 2008-10-28 08:12 <KAT> dr-h----- c:documents and settingsAdministratörApplication DataSecuROM 2008-10-27 20:35 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys 2008-10-27 20:35 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys 2008-10-27 19:59 . 2007-06-29 14:47 34,304 --a------ c:windowssystem32driversAmdLLD.sys 2008-10-27 19:29 . 2008-10-27 19:29 <KAT> d-------- c:programHDD Health 2008-10-25 11:35 . 2008-10-27 19:29 <KAT> d-------- c:programMicrosoft CAPICOM 2.1.0.2 2008-10-24 16:06 . 2008-10-27 20:36 <KAT> d-------- c:programMalwarebytes' Anti-Malware 2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes 2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAdministratörApplication DataMalwarebytes 2008-10-16 19:42 . 2008-10-16 19:42 <KAT> d--h----- c:windowsPIF 2008-10-14 10:17 . 2008-10-14 10:17 <KAT> d-------- c:documents and settingsAdministratörApplication DataApple Computer 2008-10-14 08:45 . 2008-04-14 20:34 221,184 --a------ c:windowssystem32wmpns.dll 2008-10-14 06:40 . 2008-10-14 06:40 <KAT> d-------- c:programJoshMadison 2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:windowssystem32PhysXLoader.dll 2008-10-13 06:16 . 2008-10-13 06:16 250 --a------ c:windowsgmer.ini 2008-10-12 10:10 . 2008-10-27 19:59 <KAT> d-------- c:programAMD 2008-10-12 08:28 . 2008-10-23 07:42 203,146 --a------ c:windowssystem32nvapps.nvb 2008-10-11 17:30 . 2008-10-11 17:30 <KAT> d-------- c:programWebshots 2008-10-11 17:23 . 2008-10-11 17:23 <KAT> d-------- c:programAGI 2008-10-10 06:42 . 2008-04-14 20:34 116,224 --a--c--- c:windowssystem32dllcachexrxwiadr.dll 2008-10-10 06:42 . 2001-08-18 05:37 99,865 --a--c--- c:windowssystem32dllcachexlog.exe 2008-10-10 06:42 . 2001-09-06 19:33 27,648 --a--c--- c:windowssystem32dllcachexrxftplt.exe 2008-10-10 06:42 . 2001-09-06 19:33 23,040 --a--c--- c:windowssystem32dllcachexrxwbtmp.dll 2008-10-10 06:42 . 2008-04-13 21:04 19,455 --a--c--- c:windowssystem32dllcachewvchntxx.sys 2008-10-10 06:42 . 2008-04-13 23:16 19,200 --a--c--- c:windowssystem32dllcachewstcodec.sys 2008-10-10 06:42 . 2008-04-14 20:34 18,944 --a--c--- c:windowssystem32dllcachexrxscnui.dll 2008-10-10 06:42 . 2001-08-17 19:11 16,970 --a--c--- c:windowssystem32dllcachexem336n5.sys 2008-10-10 06:42 . 2008-04-13 21:04 12,063 --a--c--- c:windowssystem32dllcachewsiintxx.sys 2008-10-10 06:42 . 2008-04-14 20:34 8,192 --a--c--- c:windowssystem32dllcachewshirda.dll 2008-10-10 06:42 . 2001-09-06 19:33 4,608 --a--c--- c:windowssystem32dllcachexrxflnch.exe 2008-10-10 06:40 . 2001-08-17 20:28 794,399 --a--c--- c:windowssystem32dllcacheusr1806v.sys 2008-10-10 06:39 . 2001-08-17 20:28 794,654 --a--c--- c:windowssystem32dllcacheusr1801.sys 2008-10-10 06:38 . 2001-09-06 19:33 525,568 --a--c--- c:windowssystem32dllcachetridxp.dll 2008-10-10 06:37 . 2001-09-06 19:33 172,768 --a--c--- c:windowssystem32dllcachet2r4disp.dll 2008-10-10 06:36 . 2001-09-06 18:47 285,760 --a--c--- c:windowssystem32dllcachestlnata.sys 2008-10-10 06:35 . 2001-09-06 19:33 147,200 --a--c--- c:windowssystem32dllcachesmidispb.dll 2008-10-10 06:34 . 2001-09-06 19:33 386,560 --a--c--- c:windowssystem32dllcachesgiul50.dll 2008-10-10 06:33 . 2001-09-06 19:32 495,616 --a--c--- c:windowssystem32dllcachesblfx.dll 2008-10-10 06:32 . 2001-09-06 19:09 714,858 --a--c--- c:windowssystem32dllcacher2mdmkxx.sys 2008-10-10 06:31 . 2001-09-06 19:09 899,274 --a--c--- c:windowssystem32dllcacher2mdkxga.sys 2008-10-10 06:31 . 2008-04-14 20:34 159,232 --a--c--- c:windowssystem32dllcacheptpusd.dll 2008-10-10 06:31 . 2001-08-17 20:28 130,942 --a--c--- c:windowssystem32dllcacheptserlv.sys 2008-10-10 06:31 . 2001-08-17 20:28 128,286 --a--c--- c:windowssystem32dllcacheptserli.sys 2008-10-10 06:31 . 2001-08-17 20:28 112,574 --a--c--- c:windowssystem32dllcacheptserlp.sys 2008-10-10 06:31 . 2001-08-17 20:52 49,024 --a--c--- c:windowssystem32dllcacheql1280.sys 2008-10-10 06:31 . 2001-08-17 20:52 45,312 --a--c--- c:windowssystem32dllcacheql12160.sys 2008-10-10 06:31 . 2001-09-06 19:33 41,472 --a--c--- c:windowssystem32dllcacheqvusd.dll 2008-10-10 06:31 . 2001-08-17 20:52 40,448 --a--c--- c:windowssystem32dllcacheql1240.sys 2008-10-10 06:31 . 2001-08-17 20:52 40,320 --a--c--- c:windowssystem32dllcacheql1080.sys 2008-10-10 06:31 . 2001-08-17 20:52 33,152 --a--c--- c:windowssystem32dllcacheql10wnt.sys 2008-10-10 06:31 . 2008-04-13 23:10 6,016 --a--c--- c:windowssystem32dllcacheqic157.sys 2008-10-10 06:31 . 2001-08-17 20:53 3,328 --a--c--- c:windowssystem32dllcacheqv2kux.sys 2008-10-10 06:29 . 2001-08-17 21:05 351,616 --a--c--- c:windowssystem32dllcacheovcodek2.sys 2008-10-10 06:28 . 2008-08-14 14:27 2,066,816 --a--c--- c:windowssystem32dllcachentkrnlpa.exe 2008-10-10 06:28 . 2001-08-17 19:50 198,144 --a--c--- c:windowssystem32dllcachenv3.sys 2008-10-10 06:28 . 2008-04-14 20:13 132,695 --a--c--- c:windowssystem32dllcachenetwlan5.sys 2008-10-10 06:28 . 2001-08-17 19:20 126,080 --a--c--- c:windowssystem32dllcachenm5a2wdm.sys 2008-10-10 06:28 . 2001-09-06 19:32 123,776 --a--c--- c:windowssystem32dllcachenv3.dll 2008-10-10 06:28 . 2001-08-17 19:20 87,040 --a--c--- c:windowssystem32dllcachenm6wdm.sys 2008-10-10 06:28 . 2001-09-06 19:01 65,278 --a--c--- c:windowssystem32dllcachenetflx3.sys 2008-10-10 06:28 . 2001-08-17 19:20 54,528 --a--c--- c:windowssystem32dllcacheopl3sax.sys 2008-10-10 06:28 . 2001-08-17 19:49 51,552 --a--c--- c:windowssystem32dllcachentgrip.sys 2008-10-10 06:28 . 2001-08-17 19:12 32,840 --a--c--- c:windowssystem32dllcachengrpci.sys 2008-10-10 06:28 . 2008-04-13 23:24 28,672 --a--c--- c:windowssystem32dllcachenscirda.sys 2008-10-10 06:28 . 2001-09-06 19:02 9,472 --a--c--- c:windowssystem32dllcachentapm.sys 2008-10-10 06:28 . 2001-08-17 20:53 7,552 --a--c--- c:windowssystem32dllcachensmmc.sys 2008-10-10 06:26 . 2008-04-14 20:35 56,832 --a--c--- c:windowssystem32dllcachemsdvbnp.ax 2008-10-10 06:26 . 2008-04-13 23:16 51,200 --a--c--- c:windowssystem32dllcachemsdv.sys 2008-10-10 06:26 . 2008-04-13 23:16 49,024 --a--c--- c:windowssystem32dllcachemstape.sys 2008-10-10 06:26 . 2001-08-17 21:02 35,200 --a--c--- c:windowssystem32dllcachemsgame.sys 2008-10-10 06:26 . 2008-04-13 23:24 22,016 --a--c--- c:windowssystem32dllcachemsircomm.sys . Link to comment Share on other sites More sharing options...
Tony Posted November 8, 2008 Author Share Posted November 8, 2008 Här kommer nästa. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-08 12:51 --------- d-----w c:documents and settingsNetworkServiceApplication DataSACore 2008-11-07 16:55 --------- d-----w c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy 2008-11-07 10:33 --------- d-----w c:programVista Inspirat 2 2008-11-06 08:20 --------- d-----w c:documents and settingsAdministratörApplication DataLimeWire 2008-11-06 06:55 --------- d-----w c:programTYPEFACE 2008-11-06 06:55 --------- d-----w c:programSYMBOLS 2008-11-06 06:55 --------- d-----w c:programPALETTES 2008-11-06 06:55 --------- d-----w c:programFONTS 2008-11-06 06:55 --------- d-----w c:programFILTERS 2008-11-06 06:55 --------- d-----w c:programCUSTOM 2008-11-06 06:55 --------- d-----w c:programBANNERS 2008-11-06 06:55 --------- d-----w c:programACTIVITY 2008-11-05 12:09 --------- d-----r c:programPrivat 2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataSiteAdvisor 2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataMcAfee 2008-11-04 20:02 --------- d-----w c:documents and settingsAdministratörApplication DatauTorrent 2008-11-04 19:56 --------- d-----w c:programSystemRequirementsLab 2008-11-04 13:37 --------- d-----w c:programDivX 2008-11-02 18:01 --------- d-----w c:programLimeWire 2008-11-02 11:42 --------- d-----w c:documents and settingsAll UsersApplication DataF-Secure 2008-11-02 11:41 --------- d-----w c:documents and settingsAll UsersApplication Datafssg 2008-11-01 15:41 --------- d--h--w c:programInstallShield Installation Information 2008-10-31 12:39 --------- d-----w c:programApple Software Update 2008-10-31 11:46 --------- d-----w c:programHP 2008-10-31 09:49 --------- d-----w c:programCDBurnerXP 2008-10-31 09:20 --------- d-----w c:programJava 2008-10-30 15:24 --------- d-----w c:programStadkart 2008-10-30 15:22 --------- d-----w c:programUnlocker 2008-10-30 09:41 66,872 ----a-w c:windowssystem32PnkBstrA.exe 2008-10-30 09:41 22,328 ----a-w c:windowssystem32driversPnkBstrK.sys 2008-10-30 09:41 22,328 ----a-w c:documents and settingsAdministratörApplication DataPnkBstrK.sys 2008-10-30 09:41 2,337,865 ----a-w c:windowssystem32pbsvc.exe 2008-10-30 09:41 107,832 ----a-w c:windowssystem32PnkBstrB.exe 2008-10-29 08:37 --------- d-----w c:programDelade filerWise Installation Wizard 2008-10-29 08:03 --------- d-----w c:programAGEIA Technologies 2008-10-28 16:21 --------- d-----w c:programTuneUp Utilities 2008 2008-10-27 18:33 --------- d-----w c:programMicrosoft Silverlight 2008-10-27 18:29 --------- d-----w c:documents and settingsAll UsersApplication DataMicrosoft Help 2008-10-25 10:30 --------- d-----w c:programMicrosoft Visual Studio 8 2008-10-22 15:55 453,152 ----a-w c:windowssystem32NVUNINST.EXE 2008-10-18 10:50 --------- d-----w c:documents and settingsAll UsersApplication DatanView_Profiles 2008-10-18 10:05 --------- d-----w c:programASUS 2008-10-11 16:30 --------- d-----w c:documents and settingsAdministratörApplication DataWebshots 2008-10-10 05:55 --------- d-----w c:programIZArc 2008-10-07 11:33 286,720 ----a-w c:windowssystem32nvnt4cpl.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelTraditionalChinese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSwedish.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSpanish.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSimplifiedChinese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelPortugese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelKorean.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelJapanese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelGerman.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelFrench.dll 2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCplUI.exe 2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCompatCplUI.exe 2008-10-07 08:13 23,320 ----a-w c:windowssystem32PhysXDevice.dll 2008-10-05 18:52 --------- d-----w c:programQuickTime 2008-10-05 18:52 --------- d-----w c:programDelade filerApple 2008-10-05 18:52 --------- d-----w c:documents and settingsAll UsersApplication DataApple Computer 2008-10-05 18:51 --------- d-----w c:documents and settingsAll UsersApplication DataApple 2008-10-05 12:23 --------- d-----w c:programTHQ 2008-10-04 13:16 --------- d-----w c:documents and settingsAdministratörApplication DataMicrosoft Games 2008-10-03 16:09 --------- d-----w c:programuTorrent 2008-10-01 13:13 --------- d-----w c:documents and settingsLocalServiceApplication DataSACore 2008-10-01 12:23 355,584 ----a-w c:windowssystem32TuneUpDefragService.exe 2008-10-01 07:17 --------- d-----w c:documents and settingsAdministratörApplication DataDivX 2008-09-30 18:44 --------- d-----w c:programElectronic Arts 2008-09-30 15:45 --------- d-----w c:programReference Assemblies 2008-09-30 15:45 --------- d-----w c:programMSBuild 2008-09-30 07:05 --------- d-----w c:documents and settingsAdministratörApplication DataF-Secure 2008-09-29 17:26 --------- d-----w c:programMSXML 4.0 2008-09-29 13:56 215,144 ----a-w c:windowspatchw32.dll 2008-09-29 11:59 --------- d-----w c:programActivision 2008-09-29 11:05 --------- d-----w c:documents and settingsAll UsersApplication DataUbisoft 2008-09-29 10:29 --------- d-----w c:programMicrosoft Games 2008-09-29 10:23 --------- dc-h--w c:documents and settingsAll UsersApplication Data{0691F710-1ECA-4B5A-9727-25554F1BFDC6} 2008-09-29 10:20 --------- d-----w c:programEADM 2008-09-29 10:19 --------- d-----w c:programDelade filerInstallShield 2008-09-29 10:09 --------- d-----w c:programFoxit Software 2008-09-29 10:07 --------- d-----w c:documents and settingsAdministratörApplication DataHP 2008-09-29 10:05 --------- d-----w c:documents and settingsAll UsersApplication DataHP 2008-09-29 10:03 --------- d-----w c:programDelade filerSonic Shared 2008-09-29 10:03 --------- d-----w c:programDelade filerHP 2008-09-29 10:03 --------- d-----w c:documents and settingsAll UsersApplication DataSonic 2008-09-29 10:01 --------- d-----w c:programHewlett-Packard 2008-09-29 10:01 --------- d-----w c:programDelade filerHewlett-Packard 2008-09-29 09:36 --------- d-----w c:programDIFX 2008-09-29 09:27 --------- d-----w c:programGoogle 2008-09-29 09:26 39,397 ----a-w c:programDEISL1.ISU 2008-09-29 09:22 --------- d-----w c:programfilehippo.com 2008-09-29 07:54 60,080 ----a-w c:windowsBricoPackUninst.cmd 2008-09-29 07:54 5,308 ----a-w c:windowsBricoPackFoldersDelete.cmd 2008-09-29 07:54 219,136 ----a-w c:windowssystem32uxtheme.dll 2008-09-29 07:43 --------- d-----w c:documents and settingsAll UsersApplication DataTuneUp Software 2008-09-29 07:43 --------- d-----w c:documents and settingsAdministratörApplication DataTuneUp Software 2008-09-29 07:34 --------- d-----w c:programNätLex 2008-09-29 07:29 --------- d-----w c:programRaxco 2008-09-29 07:29 --------- d-----w c:documents and settingsAll UsersApplication DataRaxco 2008-09-29 07:19 --------- d-----w c:programDAEMON Tools Lite 2008-04-14 19:35 60,416 --sha-w c:windowsBricoPacksSysFiles80_msimn.exe . ------- Sigcheck ------- 2008-06-23 16:42 827904 763148c042469c197933ac956e566226 c:windows$hf_mig$KB953838-IE7SP2QFEwininet.dll 2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:windows$hf_mig$KB956390-IE7SP2QFEwininet.dll 2004-08-04 13:00 656896 9f721bd834534e75661d8f9bd1efdcd7 c:windows$NtServicePackUninstall$wininet.dll 2008-04-14 20:34 666624 b8d98f0cdf9b1429cd95497ad9995078 c:windowsie7wininet.dll 2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:windowsie7updatesKB953838-IE7wininet.dll 2008-06-23 17:42 826368 ce365a16790ec5c5dddc78820949c02e c:windowsie7updatesKB956390-IE7wininet.dll 2008-08-26 09:27 817152 7bd592ed5ff783bf9984dc5fce7288d4 c:windowsServicePackFilesi386wininet.dll 2008-08-26 09:27 817152 7bd592ed5ff783bf9984dc5fce7288d4 c:windowssystem32wininet.dll 2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:windowssystem32dllcachewininet.dll 2008-04-14 20:35 976384 bcda7a0bd489b6cf8427bd37026d7f0d c:windowsexplorer.exe 2004-08-04 13:00 1032704 87a3c8ead27cf3591713d629d8bcb990 c:windows$NtServicePackUninstall$explorer.exe 2008-04-14 20:35 976384 bcda7a0bd489b6cf8427bd37026d7f0d c:windowsServicePackFilesi386explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-08_10.50.26,03 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-13 09:54:40 24,576 ----a-w c:windowsMcAfee.comFreeScanavdat.exe + 2008-07-09 03:30:00 5,444 ----a-w c:windowsMcAfee.comFreeScanconfig.dat + 2008-11-07 14:47:52 156,936 ----a-w c:windowsMcAfee.comFreeScanmcfscan.dll + 2008-07-09 03:30:00 3,092,646 ----a-w c:windowsMcAfee.comFreeScanmcscan32.dll + 2008-11-07 04:30:00 942,396 ----a-w c:windowsMcAfee.comFreeScannames.DAT + 2006-12-18 09:03:00 7,449 ----a-w c:windowsMcAfee.comFreeScanrwabs16.dll + 2006-12-18 09:03:10 16,921 ----a-w c:windowsMcAfee.comFreeScanrwabs32.dll + 2008-11-07 04:30:00 56,335,896 ----a-w c:windowsMcAfee.comFreeScanscan.DAT - 2008-11-02 11:42:42 76,862 ----a-w c:windowssystem32perfc009.dat + 2008-11-08 10:30:41 76,862 ----a-w c:windowssystem32perfc009.dat - 2008-11-02 11:42:42 88,992 ----a-w c:windowssystem32perfc01D.dat + 2008-11-08 10:30:41 88,992 ----a-w c:windowssystem32perfc01D.dat - 2008-11-02 11:42:42 454,716 ----a-w c:windowssystem32perfh009.dat + 2008-11-08 10:30:41 454,716 ----a-w c:windowssystem32perfh009.dat - 2008-11-02 11:42:42 456,648 ----a-w c:windowssystem32perfh01D.dat + 2008-11-08 10:30:41 456,648 ----a-w c:windowssystem32perfh01D.dat + 2008-11-08 10:36:06 16,384 ----atw c:windowsTempPerflib_Perfdata_170.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "amd_dc_opt"="c:programAMDDual-Core Optimizeramd_dc_opt.exe" [2007-07-23 77824] "itype"="c:programMicrosoft IntelliType Proitype.exe" [2008-06-10 1442888] "NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-10-23 13672448] "IntelliPoint"="c:programMicrosoft IntelliPointipoint.exe" [2008-06-10 1406024] "F-Secure Manager"="c:programTeliaTelias sakerhetstjansterCommonFSM32.EXE" [2008-09-23 182936] "F-Secure TNB"="c:programTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" [2008-09-23 957024] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:windowssoundman.exe] c:documents and settingsAll UsersStart-menyProgramAutostart Personal.lnk - c:programPersonalbinPersonal.exe [2008-09-29 910864] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "MaxRecentDocs"= 2 (0x2) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifya441e429502] 2008-11-06 09:23 135168 c:windowssystem32dpcdll32.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:windowsSystem32dpcdll32.dll [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "ctfmon.exe"=c:windowssystem32ctfmon.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] "UpdatesDisableNotify"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "c:ProgramMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:ProgramMicrosoft OfficeOffice12GROOVE.EXE"= "c:ProgramuTorrentuTorrent.exe"= "c:ProgramHPDigital Imagingbinhpqtra08.exe"= "c:ProgramHPDigital Imagingbinhpqste08.exe"= "c:ProgramHPDigital Imagingbinhpofxm08.exe"= "c:ProgramHPDigital Imagingbinhposfx08.exe"= "c:ProgramHPDigital Imagingbinhposid01.exe"= "c:ProgramHPDigital Imagingbinhpqscnvw.exe"= "c:ProgramHPDigital Imagingbinhpqkygrp.exe"= "c:ProgramHPDigital ImagingbinhpqCopy.exe"= "c:ProgramHPDigital Imagingbinhpfccopy.exe"= "c:ProgramHPDigital Imagingbinhpzwiz01.exe"= "c:ProgramHPDigital ImagingUnloadHpqPhUnl.exe"= "c:ProgramHPDigital ImagingUnloadHpqDIA.exe"= "c:ProgramHPDigital Imagingbinhpoews01.exe"= "c:ProgramHPDigital Imagingbinhpqnrs08.exe"= "c:ProgramMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe"= "c:WINDOWSsystem32PnkBstrA.exe"= "c:WINDOWSsystem32PnkBstrB.exe"= "c:ProgramElectronic ArtsCrytekCrysisBin32Crysis.exe"= "c:ProgramElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe"= "c:ProgramElectronic ArtsMedal of Honor AirborneUnrealEngine3BinariesMOHA.exe"= "c:ProgramTHQFrontlines-Fuel of WarBinariesFFOW.exe"= "c:ProgramUbisoftFar Cry 2binFarCry2.exe"= "c:ProgramUbisoftFar Cry 2binFC2Launcher.exe"= "c:ProgramUbisoftFar Cry 2binFC2Editor.exe"= "c:WINDOWSsystem32sessmgr.exe"= "c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Game.exe"= "c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Launcher.exe"= "c:ProgramActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"= [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 fsbts;fsbts;c:windowssystem32Driversfsbts.sys [2008-11-02 30856] R0 FSFW;F-Secure Firewall Driver;c:windowssystem32driversfsdfw.sys [2008-09-23 79904] R0 nvgts;nvgts;c:windowssystem32DRIVERSnvgts.sys [2008-08-18 145952] R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2008-06-19 28544] R2 JavaQuickStarterService;Java Quick Starter;c:programJavajre6binjqs.exe [2008-10-30 152984] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:programMcAfeeSiteAdvisorMcSACore.exe [2008-10-08 203280] R2 NMSAccessU;NMSAccessU;c:programCDBurnerXPNMSAccessU.exe [2008-06-15 71096] R2 PD91Agent;PD91Agent;c:programRaxcoPerfectDisk2008PD91Agent.exe [2008-09-09 693512] R2 UxTuneUp;TuneUp Theme Extension;c:windowsSystem32svchost.exe [2008-04-14 14336] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:programTeliaTelias sakerhetstjansterAnti-Virusminifilterfsgk.sys [2008-09-23 72288] S3 FSORSPClient;F-Secure ORSP Client;c:programTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe [2008-09-23 55904] S3 PD91Engine;PD91Engine;c:programRaxcoPerfectDisk2008PD91Engine.exe [2008-09-09 906504] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:windowsSystem32TuneUpDefragService.exe [2008-10-01 355584] S4 F-Secure Filter;F-Secure File System Filter;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSfilter.sys [2008-09-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSrec.sys [2008-09-23 25184] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs UxTuneUp [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G] ShellAutoRuncommand - G:LaunchU3.exe -a [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ace7479c-aa5e-11dd-a583-001a921dc4b4}] ShellAutoRuncommand - G:LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-10-31 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job - c:programMicrosoft IntelliType Proitype.exe [2008-06-10 12:56] . . ------- Supplementary Scan ------- . O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab c:windowsDownloaded Program Filessysreqlab.osd c:windowsDownloaded Program Filessysreqlab3.dll c:windowsDownloaded Program Filessysreqlab_srl.dll O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.framkalla.com/iu/ImageUploader5.cab c:windowsDownloaded Program FilesImageUploader5.inf c:windowssystem32unicows.dll c:windowsDownloaded Program FilesImageUploader5.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-08 14:10:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:windowssystem32winlogon.exe -> c:windowsSystem32dpcdll32.dll PROCESS: c:windowssystem32lsass.exe -> c:windowsSystem32dpcdll32.dll . Completion time: 2008-11-08 14:10:43 ComboFix-quarantined-files.txt 2008-11-08 13:10:40 ComboFix2.txt 2008-11-08 09:50:44 Pre-Run: 294,487,400,448 byte ledigt Post-Run: 294,476,308,480 byte ledigt 397 ommer loggan på det andra Link to comment Share on other sites More sharing options...
Guest Malou Posted November 8, 2008 Share Posted November 8, 2008 Hej Tony! Härligt att du fick till det med ComboFix Återkommer så snart jag gått igenom din Combologga. Tar dock en stund innan jag är klar så håll ut så länge ;) MVH/Malou Link to comment Share on other sites More sharing options...
Guest Malou Posted November 8, 2008 Share Posted November 8, 2008 Hej Tony! Vad jag förstår så använder du Telia säker surf (F-Secure) men ser i combologgan att du har/har haft => Panda Security <=Är den avinstallerad? MVH/Malou Link to comment Share on other sites More sharing options...
Guest Malou Posted November 8, 2008 Share Posted November 8, 2008 Hej igen Tony! Vi börjar lite försiktigt med nedanstående. Skriv ut nedanstående eller kopiera det til ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna mycket noga: 1: Gå till Start => Kör => kopiera/klistra in notepad i körfältet => klicka Ok-knappen 2: Kopiera/Klistra in nedanstående rader inkluderat File:: / Registry:: i notepad File:: c:windowssystem321543.tmp c:windows_DETMP.1 3: Spara den som en textfil med namnet => CFScript.txt <= Spara den till Skrivbordet. 4: Ta tag i textfilen => CFScript.txt <= som du sparade till skrivbordet med musen och dra den till ComboFix. Se skärmdumpen: 5: ComboFix kommer att starta och börja scanna igen. Då ComboFix scannat klart kommer datorn att starta om (om inte) så starta om den manuellt. 6: Då datorn startat om så skall en text-logg komma upp, kopiera och klistra in den här Kan även hittas här => (C:ComboFix.txt) 7: Gör en ny TM HJT-logg, kopiera även in den. VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig. MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 9, 2008 Author Share Posted November 9, 2008 Hej igen Malou. Vet inte riktigt vad du menade med"File:: /Registry:: men jag gör så gott jak kan eftersom jag inte är någon "Dataguru". Skickar Hijackisloggan först för att skicka den andra loggan direkt efter. Tony. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:38:33, on 2008-11-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:ProgramMicrosoft IntelliType Proitype.exe C:ProgramMicrosoft IntelliPointipoint.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE C:WINDOWSsystem32ctfmon.exe C:ProgramPersonalbinPersonal.exe C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE C:WINDOWSSystem32svchost.exe C:ProgramJavajre6binjqs.exe C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe C:ProgramMcAfeeSiteAdvisorMcSACore.exe C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe C:ProgramCDBurnerXPNMSAccessU.exe C:WINDOWSsystem32nvsvc32.exe C:ProgramRaxcoPerfectDisk2008PD91Agent.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSsystem32PnkBstrA.exe C:WINDOWSsystem32PnkBstrB.exe C:WINDOWSsystem32tcpsvcs.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe C:WINDOWSexplorer.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe C:WINDOWSexplorer.exe C:ProgramTrend MicroHijackThisTonys.exe.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe" O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe -- End of file - 9653 bytes Link to comment Share on other sites More sharing options...
Tony Posted November 9, 2008 Author Share Posted November 9, 2008 Här kommer loggan. Den är så stor att jag måste dela den i två. ComboFix 08-11-07.01 - Administratör 2008-11-09 11:25:27.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.2482 [GMT 1:00] Running from: c:documents and settingsAdministratörSkrivbordComboFix.exe Command switches used :: c:documents and settingsAdministratörSkrivbordCFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 ))))))))))))))))))))))))))))))) . 2008-11-08 11:56 . 2008-11-08 11:56 <KAT> d-------- c:windowsMcAfee.com 2008-11-08 11:29 . 2008-11-08 11:33 <KAT> d-a------ c:documents and settingsAll UsersApplication DataTEMP 2008-11-07 11:37 . 2008-11-07 11:37 <KAT> d-------- c:programTrend Micro 2008-11-07 07:09 . 2008-11-07 07:09 <KAT> d--hs---- c:windowssystem32GroupPolicyManifest 2008-11-06 21:30 . 2008-11-07 11:11 <KAT> d-------- c:programPanda Security 2008-11-06 21:30 . 2008-06-19 17:24 28,544 --a------ c:windowssystem32driverspavboot.sys 2008-11-06 20:34 . 2008-11-06 20:36 <KAT> d-------- c:programSpybot - Search & Destroy 2008-11-06 09:35 . 2008-11-07 07:26 8,230 --a------ c:windowsGnuHashes.ini 2008-11-06 09:23 . 2008-11-06 09:23 318,976 --ahs---- c:windowssystem321543.tmp 2008-11-06 09:23 . 2008-11-06 09:23 135,168 --a------ c:windowssystem32dpcdll32.dll 2008-11-06 09:23 . 2008-11-07 07:09 1,397 --ahs---- c:windowssystem32GroupPolicy000.dat 2008-11-06 07:55 . 2008-11-09 11:23 39,175 --a------ c:windows_DETMP.1 2008-11-05 07:05 . 2008-11-05 13:06 <KAT> d-------- c:programMcAfee 2008-11-05 07:05 . 2008-11-05 07:05 <KAT> d-------- c:programDelade filerMcAfee 2008-11-04 14:09 . 2008-11-04 14:11 <KAT> d-------- c:documents and settingsAdministratörApplication DataU3 2008-11-02 12:47 . 2008-11-02 12:47 30,856 --a------ c:windowssystem32driversfsbts.sys 2008-11-02 12:42 . 2008-11-02 12:42 <KAT> d-------- c:programTelia 2008-11-02 12:42 . 2008-09-23 14:35 79,904 --a------ c:windowssystem32driversfsdfw.sys 2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans 2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans 2008-11-02 12:04 . 2008-11-02 12:04 <KAT> d-------- c:programMicrosoft Baseline Security Analyzer 2 2008-11-02 10:55 . 2008-11-02 10:55 <KAT> d-------- c:programMicrosoft IntelliPoint 2008-11-02 10:55 . 2008-06-10 13:04 31,048 --a------ c:windowssystem32driverspoint32.sys 2008-11-02 10:41 . 2008-11-02 10:41 <KAT> d-------- c:programIObit 2008-11-01 16:52 . 2008-11-01 16:52 <KAT> d-------- c:programCCleaner 2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:programUniblue 2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d--h-c--- c:documents and settingsAll UsersApplication Data{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185} 2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:documents and settingsAdministratörApplication DataUniblue 2008-10-31 10:23 . 2008-10-31 10:23 <KAT> d-------- c:programMicrosoft IntelliType Pro 2008-10-30 21:17 . 2008-10-30 21:17 410,976 --a------ c:windowssystem32deploytk.dll 2008-10-30 20:56 . 2008-10-30 20:56 <KAT> d-------- c:documents and settingsAdministratörApplication DataInstallShield 2008-10-30 20:56 . 2006-07-01 23:21 43,520 --a------ c:windowssystem32driversAmdK8.sys 2008-10-30 11:14 . 2008-10-30 11:20 20 --a------ c:windowssystem32PDBootState 2008-10-30 10:12 . 2008-10-30 10:12 <KAT> d-------- c:programRealtek AC97 2008-10-29 13:23 . 2005-07-26 07:02 923,520 --a------ c:windowssystem32driversnvmcp.sys 2008-10-29 13:23 . 2005-07-26 07:01 415,360 --a------ c:windowssystem32driversnvapu.sys 2008-10-29 13:23 . 2005-07-26 07:02 66,688 --a------ c:windowssystem32driversnvarm.sys 2008-10-29 13:23 . 2005-07-26 07:02 54,272 --a------ c:windowssystem32nvopenal.dll 2008-10-29 13:23 . 2005-07-26 06:58 53,376 --a------ c:windowssystem32driversnvax.sys 2008-10-29 13:23 . 2005-07-20 17:08 33,280 --a------ c:windowssystem32NVCOAD.DLL 2008-10-29 13:23 . 2005-07-26 07:02 30,208 --a------ c:windowssystem32nvasio.dll 2008-10-29 13:23 . 2005-07-26 07:02 21,504 --a------ c:windowssystem32OpenAL32.dll 2008-10-29 13:23 . 2005-07-26 07:02 7,680 --a------ c:windowssystem32nvack.dll 2008-10-29 13:23 . 2005-07-26 07:02 5,120 --a------ c:windowssystem32ALut.dll 2008-10-29 09:37 . 2008-10-29 09:37 <KAT> d-------- c:windows74224F8D4A1748169EDB7BB854DE532C.TMP 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx0c.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx07.dll 2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:windowssystem32divx_xx0a.dll 2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:windowssystem32divx_xx11.dll 2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:windowssystem32divxdec.ax 2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:windowssystem32DivX.dll 2008-10-28 11:06 . 2008-10-28 11:06 107,888 --a------ c:windowssystem32CmdLineExt.dll 2008-10-28 10:41 . 2008-10-30 10:34 <KAT> d-------- c:programUbisoft 2008-10-28 08:12 . 2008-10-28 08:12 <KAT> dr-h----- c:documents and settingsAdministratörApplication DataSecuROM 2008-10-27 20:35 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys 2008-10-27 20:35 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys 2008-10-27 19:59 . 2007-06-29 14:47 34,304 --a------ c:windowssystem32driversAmdLLD.sys 2008-10-27 19:29 . 2008-10-27 19:29 <KAT> d-------- c:programHDD Health 2008-10-25 11:35 . 2008-10-27 19:29 <KAT> d-------- c:programMicrosoft CAPICOM 2.1.0.2 2008-10-24 16:06 . 2008-10-27 20:36 <KAT> d-------- c:programMalwarebytes' Anti-Malware 2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes 2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAdministratörApplication DataMalwarebytes 2008-10-16 19:42 . 2008-10-16 19:42 <KAT> d--h----- c:windowsPIF 2008-10-14 10:17 . 2008-10-14 10:17 <KAT> d-------- c:documents and settingsAdministratörApplication DataApple Computer 2008-10-14 08:45 . 2008-04-14 20:34 221,184 --a------ c:windowssystem32wmpns.dll 2008-10-14 06:40 . 2008-10-14 06:40 <KAT> d-------- c:programJoshMadison 2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:windowssystem32PhysXLoader.dll 2008-10-13 06:16 . 2008-10-13 06:16 250 --a------ c:windowsgmer.ini 2008-10-12 10:10 . 2008-10-27 19:59 <KAT> d-------- c:programAMD 2008-10-12 08:28 . 2008-10-23 07:42 203,146 --a------ c:windowssystem32nvapps.nvb 2008-10-11 17:30 . 2008-10-11 17:30 <KAT> d-------- c:programWebshots 2008-10-11 17:23 . 2008-10-11 17:23 <KAT> d-------- c:programAGI 2008-10-10 06:42 . 2008-04-14 20:34 116,224 --a--c--- c:windowssystem32dllcachexrxwiadr.dll 2008-10-10 06:42 . 2001-08-18 05:37 99,865 --a--c--- c:windowssystem32dllcachexlog.exe 2008-10-10 06:42 . 2001-09-06 19:33 27,648 --a--c--- c:windowssystem32dllcachexrxftplt.exe 2008-10-10 06:42 . 2001-09-06 19:33 23,040 --a--c--- c:windowssystem32dllcachexrxwbtmp.dll 2008-10-10 06:42 . 2008-04-13 21:04 19,455 --a--c--- c:windowssystem32dllcachewvchntxx.sys 2008-10-10 06:42 . 2008-04-13 23:16 19,200 --a--c--- c:windowssystem32dllcachewstcodec.sys 2008-10-10 06:42 . 2008-04-14 20:34 18,944 --a--c--- c:windowssystem32dllcachexrxscnui.dll 2008-10-10 06:42 . 2001-08-17 19:11 16,970 --a--c--- c:windowssystem32dllcachexem336n5.sys 2008-10-10 06:42 . 2008-04-13 21:04 12,063 --a--c--- c:windowssystem32dllcachewsiintxx.sys 2008-10-10 06:42 . 2008-04-14 20:34 8,192 --a--c--- c:windowssystem32dllcachewshirda.dll 2008-10-10 06:42 . 2001-09-06 19:33 4,608 --a--c--- c:windowssystem32dllcachexrxflnch.exe 2008-10-10 06:40 . 2001-08-17 20:28 794,399 --a--c--- c:windowssystem32dllcacheusr1806v.sys 2008-10-10 06:39 . 2001-08-17 20:28 794,654 --a--c--- c:windowssystem32dllcacheusr1801.sys 2008-10-10 06:38 . 2001-09-06 19:33 525,568 --a--c--- c:windowssystem32dllcachetridxp.dll 2008-10-10 06:37 . 2001-09-06 19:33 172,768 --a--c--- c:windowssystem32dllcachet2r4disp.dll 2008-10-10 06:36 . 2001-09-06 18:47 285,760 --a--c--- c:windowssystem32dllcachestlnata.sys 2008-10-10 06:35 . 2001-09-06 19:33 147,200 --a--c--- c:windowssystem32dllcachesmidispb.dll 2008-10-10 06:34 . 2001-09-06 19:33 386,560 --a--c--- c:windowssystem32dllcachesgiul50.dll 2008-10-10 06:33 . 2001-09-06 19:32 495,616 --a--c--- c:windowssystem32dllcachesblfx.dll 2008-10-10 06:32 . 2001-09-06 19:09 714,858 --a--c--- c:windowssystem32dllcacher2mdmkxx.sys 2008-10-10 06:31 . 2001-09-06 19:09 899,274 --a--c--- c:windowssystem32dllcacher2mdkxga.sys 2008-10-10 06:31 . 2008-04-14 20:34 159,232 --a--c--- c:windowssystem32dllcacheptpusd.dll 2008-10-10 06:31 . 2001-08-17 20:28 130,942 --a--c--- c:windowssystem32dllcacheptserlv.sys 2008-10-10 06:31 . 2001-08-17 20:28 128,286 --a--c--- c:windowssystem32dllcacheptserli.sys 2008-10-10 06:31 . 2001-08-17 20:28 112,574 --a--c--- c:windowssystem32dllcacheptserlp.sys 2008-10-10 06:31 . 2001-08-17 20:52 49,024 --a--c--- c:windowssystem32dllcacheql1280.sys 2008-10-10 06:31 . 2001-08-17 20:52 45,312 --a--c--- c:windowssystem32dllcacheql12160.sys 2008-10-10 06:31 . 2001-09-06 19:33 41,472 --a--c--- c:windowssystem32dllcacheqvusd.dll 2008-10-10 06:31 . 2001-08-17 20:52 40,448 --a--c--- c:windowssystem32dllcacheql1240.sys 2008-10-10 06:31 . 2001-08-17 20:52 40,320 --a--c--- c:windowssystem32dllcacheql1080.sys 2008-10-10 06:31 . 2001-08-17 20:52 33,152 --a--c--- c:windowssystem32dllcacheql10wnt.sys 2008-10-10 06:31 . 2008-04-13 23:10 6,016 --a--c--- c:windowssystem32dllcacheqic157.sys 2008-10-10 06:31 . 2001-08-17 20:53 3,328 --a--c--- c:windowssystem32dllcacheqv2kux.sys 2008-10-10 06:29 . 2001-08-17 21:05 351,616 --a--c--- c:windowssystem32dllcacheovcodek2.sys 2008-10-10 06:28 . 2008-08-14 14:27 2,066,816 --a--c--- c:windowssystem32dllcachentkrnlpa.exe 2008-10-10 06:28 . 2001-08-17 19:50 198,144 --a--c--- c:windowssystem32dllcachenv3.sys 2008-10-10 06:28 . 2008-04-14 20:13 132,695 --a--c--- c:windowssystem32dllcachenetwlan5.sys 2008-10-10 06:28 . 2001-08-17 19:20 126,080 --a--c--- c:windowssystem32dllcachenm5a2wdm.sys 2008-10-10 06:28 . 2001-09-06 19:32 123,776 --a--c--- c:windowssystem32dllcachenv3.dll 2008-10-10 06:28 . 2001-08-17 19:20 87,040 --a--c--- c:windowssystem32dllcachenm6wdm.sys 2008-10-10 06:28 . 2001-09-06 19:01 65,278 --a--c--- c:windowssystem32dllcachenetflx3.sys 2008-10-10 06:28 . 2001-08-17 19:20 54,528 --a--c--- c:windowssystem32dllcacheopl3sax.sys 2008-10-10 06:28 . 2001-08-17 19:49 51,552 --a--c--- c:windowssystem32dllcachentgrip.sys 2008-10-10 06:28 . 2001-08-17 19:12 32,840 --a--c--- c:windowssystem32dllcachengrpci.sys 2008-10-10 06:28 . 2008-04-13 23:24 28,672 --a--c--- c:windowssystem32dllcachenscirda.sys 2008-10-10 06:28 . 2001-09-06 19:02 9,472 --a--c--- c:windowssystem32dllcachentapm.sys 2008-10-10 06:28 . 2001-08-17 20:53 7,552 --a--c--- c:windowssystem32dllcachensmmc.sys 2008-10-10 06:26 . 2008-04-14 20:35 56,832 --a--c--- c:windowssystem32dllcachemsdvbnp.ax 2008-10-10 06:26 . 2008-04-13 23:16 51,200 --a--c--- c:windowssystem32dllcachemsdv.sys 2008-10-10 06:26 . 2008-04-13 23:16 49,024 --a--c--- c:windowssystem32dllcachemstape.sys 2008-10-10 06:26 . 2001-08-17 21:02 35,200 --a--c--- c:windowssystem32dllcachemsgame.sys 2008-10-10 06:26 . 2008-04-13 23:24 22,016 --a--c--- c:windowssystem32dllcachemsircomm.sys 2008-10-10 06:26 . 2001-08-17 20:52 17,280 --a--c--- c:windowssystem32dllcachemraid35x.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-08 12:51 --------- d-----w c:documents and settingsNetworkServiceApplication DataSACore 2008-11-07 16:55 --------- d-----w c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy 2008-11-07 10:33 --------- d-----w c:programVista Inspirat 2 2008-11-06 08:20 --------- d-----w c:documents and settingsAdministratörApplication DataLimeWire 2008-11-06 06:55 --------- d-----w c:programTYPEFACE 2008-11-06 06:55 --------- d-----w c:programSYMBOLS 2008-11-06 06:55 --------- d-----w c:programPALETTES 2008-11-06 06:55 --------- d-----w c:programFONTS 2008-11-06 06:55 --------- d-----w c:programFILTERS 2008-11-06 06:55 --------- d-----w c:programCUSTOM 2008-11-06 06:55 --------- d-----w c:programBANNERS 2008-11-06 06:55 --------- d-----w c:programACTIVITY 2008-11-05 12:09 --------- d-----r c:programPrivat 2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataSiteAdvisor 2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataMcAfee 2008-11-04 20:02 --------- d-----w c:documents and settingsAdministratörApplication DatauTorrent 2008-11-04 19:56 --------- d-----w c:programSystemRequirementsLab 2008-11-04 13:37 --------- d-----w c:programDivX 2008-11-02 18:01 --------- d-----w c:programLimeWire 2008-11-02 11:42 --------- d-----w c:documents and settingsAll UsersApplication DataF-Secure 2008-11-02 11:41 --------- d-----w c:documents and settingsAll UsersApplication Datafssg 2008-11-01 15:41 --------- d--h--w c:programInstallShield Installation Information 2008-10-31 12:39 --------- d-----w c:programApple Software Update 2008-10-31 11:46 --------- d-----w c:programHP 2008-10-31 09:49 --------- d-----w c:programCDBurnerXP 2008-10-31 09:20 --------- d-----w c:programJava 2008-10-30 15:24 --------- d-----w c:programStadkart 2008-10-30 15:22 --------- d-----w c:programUnlocker 2008-10-30 09:41 66,872 ----a-w c:windowssystem32PnkBstrA.exe 2008-10-30 09:41 22,328 ----a-w c:windowssystem32driversPnkBstrK.sys 2008-10-30 09:41 22,328 ----a-w c:documents and settingsAdministratörApplication DataPnkBstrK.sys 2008-10-30 09:41 2,337,865 ----a-w c:windowssystem32pbsvc.exe 2008-10-30 09:41 107,832 ----a-w c:windowssystem32PnkBstrB.exe 2008-10-29 08:37 --------- d-----w c:programDelade filerWise Installation Wizard 2008-10-29 08:03 --------- d-----w c:programAGEIA Technologies 2008-10-28 16:21 --------- d-----w c:programTuneUp Utilities 2008 2008-10-27 18:33 --------- d-----w c:programMicrosoft Silverlight 2008-10-27 18:29 --------- d-----w c:documents and settingsAll UsersApplication DataMicrosoft Help 2008-10-25 10:30 --------- d-----w c:programMicrosoft Visual Studio 8 2008-10-22 15:55 453,152 ----a-w c:windowssystem32NVUNINST.EXE 2008-10-18 10:50 --------- d-----w c:documents and settingsAll UsersApplication DatanView_Profiles 2008-10-18 10:05 --------- d-----w c:programASUS 2008-10-11 16:30 --------- d-----w c:documents and settingsAdministratörApplication DataWebshots 2008-10-10 05:55 --------- d-----w c:programIZArc 2008-10-07 11:33 286,720 ----a-w c:windowssystem32nvnt4cpl.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelTraditionalChinese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSwedish.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSpanish.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSimplifiedChinese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelPortugese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelKorean.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelJapanese.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelGerman.dll 2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelFrench.dll 2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCplUI.exe 2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCompatCplUI.exe 2008-10-07 08:13 23,320 ----a-w c:windowssystem32PhysXDevice.dll 2008-10-05 18:52 --------- d-----w c:programQuickTime 2008-10-05 18:52 --------- d-----w c:programDelade filerApple 2008-10-05 18:52 --------- d-----w c:documents and settingsAll UsersApplication DataApple Computer 2008-10-05 18:51 --------- d-----w c:documents and settingsAll UsersApplication DataApple 2008-10-05 12:23 --------- d-----w c:programTHQ 2008-10-04 13:16 --------- d-----w c:documents and settingsAdministratörApplication DataMicrosoft Games 2008-10-03 16:09 --------- d-----w c:programuTorrent 2008-10-01 13:13 --------- d-----w c:documents and settingsLocalServiceApplication DataSACore 2008-10-01 12:23 355,584 ----a-w c:windowssystem32TuneUpDefragService.exe 2008-10-01 07:17 --------- d-----w c:documents and settingsAdministratörApplication DataDivX 2008-09-30 18:44 --------- d-----w c:programElectronic Arts 2008-09-30 15:45 --------- d-----w c:programReference Assemblies 2008-09-30 15:45 --------- d-----w c:programMSBuild 2008-09-30 07:05 --------- d-----w c:documents and settingsAdministratörApplication DataF-Secure 2008-09-29 17:26 --------- d-----w c:programMSXML 4.0 2008-09-29 13:56 215,144 ----a-w c:windowspatchw32.dll 2008-09-29 11:59 --------- d-----w c:programActivision 2008-09-29 11:05 --------- d-----w c:documents and settingsAll UsersApplication DataUbisoft 2008-09-29 10:29 --------- d-----w c:programMicrosoft Games 2008-09-29 10:23 --------- dc-h--w c:documents and settingsAll UsersApplication Data{0691F710-1ECA-4B5A-9727-25554F1BFDC6} 2008-09-29 10:20 --------- d-----w c:programEADM 2008-09-29 10:19 --------- d-----w c:programDelade filerInstallShield 2008-09-29 10:09 --------- d-----w c:programFoxit Software 2008-09-29 10:07 --------- d-----w c:documents and settingsAdministratörApplication DataHP 2008-09-29 10:05 --------- d-----w c:documents and settingsAll UsersApplication DataHP 2008-09-29 10:03 --------- d-----w c:programDelade filerSonic Shared 2008-09-29 10:03 --------- d-----w c:programDelade filerHP 2008-09-29 10:03 --------- d-----w c:documents and settingsAll UsersApplication DataSonic 2008-09-29 10:01 --------- d-----w c:programHewlett-Packard 2008-09-29 10:01 --------- d-----w c:programDelade filerHewlett-Packard 2008-09-29 09:36 --------- d-----w c:programDIFX 2008-09-29 09:27 --------- d-----w c:programGoogle 2008-09-29 09:26 39,397 ----a-w c:programDEISL1.ISU 2008-09-29 09:22 --------- d-----w c:programfilehippo.com 2008-09-29 07:54 60,080 ----a-w c:windowsBricoPackUninst.cmd 2008-09-29 07:54 5,308 ----a-w c:windowsBricoPackFoldersDelete.cmd 2008-09-29 07:54 219,136 ----a-w c:windowssystem32uxtheme.dll 2008-09-29 07:43 --------- d-----w c:documents and settingsAll UsersApplication DataTuneUp Software 2008-09-29 07:43 --------- d-----w c:documents and settingsAdministratörApplication DataTuneUp Software 2008-09-29 07:34 --------- d-----w c:programNätLex 2008-09-29 07:29 --------- d-----w c:programRaxco 2008-09-29 07:29 --------- d-----w c:documents and settingsAll UsersApplication DataRaxco 2008-09-29 07:19 --------- d-----w c:programDAEMON Tools Lite 2008-04-14 19:35 60,416 --sha-w c:windowsBricoPacksSysFiles80_msimn.exe Link to comment Share on other sites More sharing options...
Tony Posted November 9, 2008 Author Share Posted November 9, 2008 Här kommer del två. ------- Sigcheck ------- 2008-06-23 16:42 827904 763148c042469c197933ac956e566226 c:windows$hf_mig$KB953838-IE7SP2QFEwininet.dll 2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:windows$hf_mig$KB956390-IE7SP2QFEwininet.dll 2004-08-04 13:00 656896 9f721bd834534e75661d8f9bd1efdcd7 c:windows$NtServicePackUninstall$wininet.dll 2008-04-14 20:34 666624 b8d98f0cdf9b1429cd95497ad9995078 c:windowsie7wininet.dll 2007-08-13 17:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:windowsie7updatesKB953838-IE7wininet.dll 2008-06-23 17:42 826368 ce365a16790ec5c5dddc78820949c02e c:windowsie7updatesKB956390-IE7wininet.dll 2008-08-26 09:27 817152 7bd592ed5ff783bf9984dc5fce7288d4 c:windowsServicePackFilesi386wininet.dll 2008-08-26 09:27 817152 7bd592ed5ff783bf9984dc5fce7288d4 c:windowssystem32wininet.dll 2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:windowssystem32dllcachewininet.dll 2008-04-14 20:35 976384 bcda7a0bd489b6cf8427bd37026d7f0d c:windowsexplorer.exe 2004-08-04 13:00 1032704 87a3c8ead27cf3591713d629d8bcb990 c:windows$NtServicePackUninstall$explorer.exe 2008-04-14 20:35 976384 bcda7a0bd489b6cf8427bd37026d7f0d c:windowsServicePackFilesi386explorer.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-08_10.50.26,03 ))))))))))))))))))))))))))))))))))))))))) . + 2007-07-13 09:54:40 24,576 ----a-w c:windowsMcAfee.comFreeScanavdat.exe + 2008-07-09 03:30:00 5,444 ----a-w c:windowsMcAfee.comFreeScanconfig.dat + 2008-11-07 14:47:52 156,936 ----a-w c:windowsMcAfee.comFreeScanmcfscan.dll + 2008-07-09 03:30:00 3,092,646 ----a-w c:windowsMcAfee.comFreeScanmcscan32.dll + 2008-11-07 04:30:00 942,396 ----a-w c:windowsMcAfee.comFreeScannames.DAT + 2006-12-18 09:03:00 7,449 ----a-w c:windowsMcAfee.comFreeScanrwabs16.dll + 2006-12-18 09:03:10 16,921 ----a-w c:windowsMcAfee.comFreeScanrwabs32.dll + 2008-11-07 04:30:00 56,335,896 ----a-w c:windowsMcAfee.comFreeScanscan.DAT - 2008-11-02 11:42:42 76,862 ----a-w c:windowssystem32perfc009.dat + 2008-11-08 10:30:41 76,862 ----a-w c:windowssystem32perfc009.dat - 2008-11-02 11:42:42 88,992 ----a-w c:windowssystem32perfc01D.dat + 2008-11-08 10:30:41 88,992 ----a-w c:windowssystem32perfc01D.dat - 2008-11-02 11:42:42 454,716 ----a-w c:windowssystem32perfh009.dat + 2008-11-08 10:30:41 454,716 ----a-w c:windowssystem32perfh009.dat - 2008-11-02 11:42:42 456,648 ----a-w c:windowssystem32perfh01D.dat + 2008-11-08 10:30:41 456,648 ----a-w c:windowssystem32perfh01D.dat + 2008-11-09 10:13:49 16,384 ----atw c:windowsTempPerflib_Perfdata_138.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "amd_dc_opt"="c:programAMDDual-Core Optimizeramd_dc_opt.exe" [2007-07-23 77824] "itype"="c:programMicrosoft IntelliType Proitype.exe" [2008-06-10 1442888] "NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-10-23 13672448] "IntelliPoint"="c:programMicrosoft IntelliPointipoint.exe" [2008-06-10 1406024] "F-Secure Manager"="c:programTeliaTelias sakerhetstjansterCommonFSM32.EXE" [2008-09-23 182936] "F-Secure TNB"="c:programTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" [2008-09-23 957024] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:windowssoundman.exe] c:documents and settingsAll UsersStart-menyProgramAutostart Personal.lnk - c:programPersonalbinPersonal.exe [2008-09-29 910864] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoResolveSearch"= 1 (0x1) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "MaxRecentDocs"= 2 (0x2) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifya441e429502] 2008-11-06 09:23 135168 c:windowssystem32dpcdll32.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:windowsSystem32dpcdll32.dll [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "ctfmon.exe"=c:windowssystem32ctfmon.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] "UpdatesDisableNotify"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%Network Diagnosticxpnetdiag.exe"= "c:ProgramMicrosoft OfficeOffice12OUTLOOK.EXE"= "c:ProgramMicrosoft OfficeOffice12GROOVE.EXE"= "c:ProgramuTorrentuTorrent.exe"= "c:ProgramHPDigital Imagingbinhpqtra08.exe"= "c:ProgramHPDigital Imagingbinhpqste08.exe"= "c:ProgramHPDigital Imagingbinhpofxm08.exe"= "c:ProgramHPDigital Imagingbinhposfx08.exe"= "c:ProgramHPDigital Imagingbinhposid01.exe"= "c:ProgramHPDigital Imagingbinhpqscnvw.exe"= "c:ProgramHPDigital Imagingbinhpqkygrp.exe"= "c:ProgramHPDigital ImagingbinhpqCopy.exe"= "c:ProgramHPDigital Imagingbinhpfccopy.exe"= "c:ProgramHPDigital Imagingbinhpzwiz01.exe"= "c:ProgramHPDigital ImagingUnloadHpqPhUnl.exe"= "c:ProgramHPDigital ImagingUnloadHpqDIA.exe"= "c:ProgramHPDigital Imagingbinhpoews01.exe"= "c:ProgramHPDigital Imagingbinhpqnrs08.exe"= "c:ProgramMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe"= "c:WINDOWSsystem32PnkBstrA.exe"= "c:WINDOWSsystem32PnkBstrB.exe"= "c:ProgramElectronic ArtsCrytekCrysisBin32Crysis.exe"= "c:ProgramElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe"= "c:ProgramElectronic ArtsMedal of Honor AirborneUnrealEngine3BinariesMOHA.exe"= "c:ProgramTHQFrontlines-Fuel of WarBinariesFFOW.exe"= "c:ProgramUbisoftFar Cry 2binFarCry2.exe"= "c:ProgramUbisoftFar Cry 2binFC2Launcher.exe"= "c:ProgramUbisoftFar Cry 2binFC2Editor.exe"= "c:WINDOWSsystem32sessmgr.exe"= "c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Game.exe"= "c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Launcher.exe"= "c:ProgramActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"= [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 fsbts;fsbts;c:windowssystem32Driversfsbts.sys [2008-11-02 30856] R0 FSFW;F-Secure Firewall Driver;c:windowssystem32driversfsdfw.sys [2008-09-23 79904] R0 nvgts;nvgts;c:windowssystem32DRIVERSnvgts.sys [2008-08-18 145952] R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2008-06-19 28544] R2 JavaQuickStarterService;Java Quick Starter;c:programJavajre6binjqs.exe [2008-10-30 152984] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:programMcAfeeSiteAdvisorMcSACore.exe [2008-10-08 203280] R2 NMSAccessU;NMSAccessU;c:programCDBurnerXPNMSAccessU.exe [2008-06-15 71096] R2 PD91Agent;PD91Agent;c:programRaxcoPerfectDisk2008PD91Agent.exe [2008-09-09 693512] R2 UxTuneUp;TuneUp Theme Extension;c:windowsSystem32svchost.exe [2008-04-14 14336] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:programTeliaTelias sakerhetstjansterAnti-Virusminifilterfsgk.sys [2008-09-23 72288] R3 FSORSPClient;F-Secure ORSP Client;c:programTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe [2008-09-23 55904] S3 PD91Engine;PD91Engine;c:programRaxcoPerfectDisk2008PD91Engine.exe [2008-09-09 906504] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:windowsSystem32TuneUpDefragService.exe [2008-10-01 355584] S4 F-Secure Filter;F-Secure File System Filter;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSfilter.sys [2008-09-23 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSrec.sys [2008-09-23 25184] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs UxTuneUp [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G] ShellAutoRuncommand - G:LaunchU3.exe -a [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ace7479c-aa5e-11dd-a583-001a921dc4b4}] ShellAutoRuncommand - G:LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder 2008-10-31 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job - c:programMicrosoft IntelliType Proitype.exe [2008-06-10 12:56] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-09 11:28:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:windowssystem32winlogon.exe -> c:windowsSystem32dpcdll32.dll PROCESS: c:windowssystem32lsass.exe -> c:windowsSystem32dpcdll32.dll PROCESS: c:windowsexplorer.exe -> c:programMcAfeeSiteAdvisorsaHook.dll -> c:windowsSystem32dpcdll32.dll -> c:windowssystem321543.tmp . Completion time: 2008-11-09 11:29:28 ComboFix-quarantined-files.txt 2008-11-09 10:29:24 ComboFix2.txt 2008-11-09 10:10:34 ComboFix3.txt 2008-11-08 13:10:43 ComboFix4.txt 2008-11-08 09:50:44 Pre-Run: 294 424 633 344 byte ledigt Post-Run: 294,409,621,504 byte ledigt 394 Link to comment Share on other sites More sharing options...
Guest Malou Posted November 9, 2008 Share Posted November 9, 2008 Hej Tony! Vet inte riktigt vad du menade med"File:: /Registry:: men jag gör så gott jak kan eftersom jag inte är någon "Dataguru". Självklart så gör du så gott du kan Och jag ser att jag har fått med ett moment för mycket i min instruktion. Ber så mycket om ursäkt för detta :-[ så går det då man sitter och kopierar och klistrar och inte är uppmärksam :-[ Registry:: skall inte vara med i proceduren utan enbart File:: Det jag menar med detta är att File:: skall skrivas in i proceduren och skall stå ensam på första raden och direkt där under skall då filerna jag uppgav skrivas in. Men för att göra det något enklare så tar vi Avenger till hjälp istället då den är lättare att förstå sig på för de flesta användare Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna mycket noga: Hämta hem Avenger från nedanstående länk: http://swandog46.geekstogo.com/avenger.exe 1: Spara ner den till skrivbordet 2: Öppna Anteckningar (Använd INGEN ANNAN texteditor) 3: Kopiera in nedanstående "Fetmarkerade Text" i Anteckningar inklusive rubriken Files to delete: Files to delete: c:windowssystem321543.tmp c:windows_DETMP.1 4: Kontrollera noga att varje filnamn står på endast en rad och inte har delats upp på två rader. 5: Starta Avenger 6: I den stora textboxen klistrar du nu in texten som finns i Anteckningar. 7: Bocka i rutan Scan for rootkits om den inte redan är ibockad. 6: Tryck på Execute för att starta Avenger. 8: Datorn kommer nu att starta om (Kan eventuellt starta om två gånger). 9: Efter en liten stund så kommer loggan (C:avenger.txt) upp, klistra in den loggan hit till din tråd. 10: Gör en ny TM HJT-logga, kopiera in även den MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 9, 2008 Author Share Posted November 9, 2008 Hej Malou. Här kommer loggorna. Mvh. Tony. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:38, on 2008-11-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32csrss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32NOTEPAD.EXE C:WINDOWSSOUNDMAN.EXE C:ProgramMicrosoft IntelliType Proitype.exe C:ProgramMicrosoft IntelliPointipoint.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE C:WINDOWSsystem32ctfmon.exe C:ProgramPersonalbinPersonal.exe C:WINDOWSSystem32alg.exe C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe C:WINDOWSSystem32svchost.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE C:WINDOWSSystem32svchost.exe C:ProgramJavajre6binjqs.exe C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE C:ProgramMcAfeeSiteAdvisorMcSACore.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe C:WINDOWSsystem32msiexec.exe C:ProgramCDBurnerXPNMSAccessU.exe C:WINDOWSsystem32nvsvc32.exe C:ProgramRaxcoPerfectDisk2008PD91Agent.exe C:WINDOWSsystem32HPZipm12.exe C:WINDOWSsystem32PnkBstrA.exe C:WINDOWSsystem32PnkBstrB.exe C:WINDOWSsystem32locator.exe C:WINDOWSsystem32tcpsvcs.exe C:WINDOWSsystem32svchost.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe C:WINDOWSsystem32dllhost.exe C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe C:WINDOWSsystem32msdtc.exe C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe C:WINDOWSsystem32wuauclt.exe C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe C:WINDOWSexplorer.exe C:ProgramTrend MicroHijackThisTonys.exe.exe C:WINDOWSsystem32wbemwmiprvse.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/ R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe" O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe" O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796 O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe -- End of file - 10024 bytes Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "c:windowssystem321543.tmp" deleted successfully. File "c:windows_DETMP.1" deleted successfully. Completed script processing. ******************* Finished! Terminate. Link to comment Share on other sites More sharing options...
Guest Malou Posted November 9, 2008 Share Posted November 9, 2008 Hej Tony! Såja det här gick ju riktigt bra med att ta Avenger till hjälp Då går vi vidare med en fil som jag inte riktigt kommer överens med och inte gillar. Gör en ny scanning av nedanstående fil. Gör en scanning med nedanstående scanner så får vi se vad den säger för något. Gå till nedanstående sida: http://www.virustotal.com/ 1: Klistra in följande filnamn i rutan C:WINDOWSSystem32dpcdll32.dll 2: Tryck på Send och vänta tills resultatet är klart (Status blir Finished). 3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information) MVH/Malou Link to comment Share on other sites More sharing options...
Tony Posted November 9, 2008 Author Share Posted November 9, 2008 Hej. Här kommer det som jag tror du efterlyser. Tony. Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.11.7.1 2008.11.08 - AntiVir 7.9.0.26 2008.11.07 TR/Spy.Gen Authentium 5.1.0.4 2008.11.07 W32/Heuristic-KPP!Eldorado Avast 4.8.1248.0 2008.11.08 Win32:Spyware-gen AVG 8.0.0.161 2008.11.08 Agent.AJDA BitDefender 7.2 2008.11.08 - CAT-QuickHeal 9.50 2008.11.08 - ClamAV 0.94.1 2008.11.08 - DrWeb 4.44.0.09170 2008.11.08 DLOADER.Trojan eSafe 7.0.17.0 2008.11.06 - eTrust-Vet 31.6.6199 2008.11.08 - Ewido 4.0 2008.11.08 - F-Prot 4.4.4.56 2008.11.07 W32/Heuristic-KPP!Eldorado F-Secure 8.0.14332.0 2008.11.08 Trojan-Downloader.Win32.Agent.aoal Fortinet 3.117.0.0 2008.11.08 - GData 19 2008.11.08 Win32:Spyware-gen Ikarus T3.1.1.45.0 2008.11.08 - K7AntiVirus 7.10.520 2008.11.08 - Kaspersky 7.0.0.125 2008.11.08 Trojan-Downloader.Win32.Agent.aoal McAfee 5427 2008.11.07 - Microsoft 1.4104 2008.11.08 - NOD32 3596 2008.11.07 a variant of Win32/Agent.OAF Norman 5.80.02 2008.11.07 - Panda 9.0.0.4 2008.11.08 Suspicious file PCTools 4.4.2.0 2008.11.08 - Prevx1 V2 2008.11.08 Malware Downloader Rising 21.02.52.00 2008.11.08 - SecureWeb-Gateway 6.7.6 2008.11.08 Trojan.Spy.Gen Sophos 4.35.0 2008.11.08 Mal/Behav-027 Sunbelt 3.1.1785.2 2008.11.08 - Symantec 10 2008.11.08 - TheHacker 6.3.1.1.145 2008.11.08 - TrendMicro 8.700.0.1004 2008.11.07 - VBA32 3.12.8.9 2008.11.07 - ViRobot 2008.11.7.1457 2008.11.07 - VirusBuster 4.5.11.0 2008.11.08 - Link to comment Share on other sites More sharing options...
Guest Malou Posted November 9, 2008 Share Posted November 9, 2008 Hej Tony! Och det var den här filen => C:WINDOWSSystem32dpcdll32.dll <= du scannade? MVH/Malou Link to comment Share on other sites More sharing options...
Recommended Posts