Jump to content

Virus eller annat skräp i datorn


Recommended Posts

*********************************************

2009-01-08:

Tråden är nu låst.

Tycker du att den är felaktigt låst, var god kontakta

Malou

*********************************************

Har fått något konstigt i min dator. när jag öppnar webbläsaren -IE- så öppnas flera andra sidor samtidigt. Efter en kort stund försvinner de och min riktiga hemsida öppnas.

Har McAffe site advisor och den flaggar rött på dessa sidor.

Mitt bredbandsmodem verkar att gå hela tiden, lampan blinkar oupphörligt.

Datorn är också väldigt långsam, och det är svårt att få något att fungera.

Har "Telia säker surf" som jag har kört flera gånger men inte hittat något.

Har även kört Malwarebytes, CCleaner och Spybot- search and destroy utan resultat.

Tony.

Link to comment
Share on other sites

Hej igen.

Har nu följt Malous eminenta sida för HijackThis och tror att jag gjort rätt

Skickar med logganså ev.Malou kan titta på den.

Tack på förhandLogfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:42:59, on 2008-11-07

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:ProgramMicrosoft IntelliType Proitype.exe

C:ProgramMicrosoft IntelliPointipoint.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE

C:WINDOWSsystem32ctfmon.exe

C:ProgramPersonalbinPersonal.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE

C:ProgramJavajre6binjqs.exe

C:ProgramMcAfeeSiteAdvisorMcSACore.exe

C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE

C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe

C:ProgramCDBurnerXPNMSAccessU.exe

C:WINDOWSsystem32nvsvc32.exe

C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32PnkBstrB.exe

C:WINDOWSsystem32locator.exe

C:WINDOWSsystem32tcpsvcs.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe

C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSsystem32msdtc.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe

C:ProgramInternet Exploreriexplore.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe

C:WINDOWSexplorer.exe

C:ProgramTrend MicroHijackThisTonys.exe.exe

C:WINDOWSsystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll

O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe"

O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash

O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll

O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll

O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 10335 bytes

Link to comment
Share on other sites

Hej Tony!

Du har gjort alldeles rätt  ;)

Vi börjar med nedanstående  ;)

Gör en scanning med nedanstående scanner så får vi se vad den säger för något.

Gå till nedanstående sida:

http://www.virustotal.com/

1: Klistra in ett av följande filnamn i rutan

C:WINDOWSsystem32msdtc.exe

C:WINDOWSSystem32dpcdll32.dll

2: Tryck på Send och vänta tills resultatet är klart (Status blir Finished).

3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information)

Upprepa med nästa filnamn

MVH/Malou

Link to comment
Share on other sites

Hej Malou.

Tack för att du hjälper mig.

Här kommer resultatet

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.7.1 2008.11.07 -

AntiVir 7.9.0.26 2008.11.07 TR/Spy.Gen

Authentium 5.1.0.4 2008.11.07 W32/Heuristic-KPP!Eldorado

Avast 4.8.1248.0 2008.11.06 -

AVG 8.0.0.161 2008.11.07 Agent.AJDA

BitDefender 7.2 2008.11.07 -

CAT-QuickHeal 9.50 2008.11.07 -

ClamAV 0.94.1 2008.11.07 -

DrWeb 4.44.0.09170 2008.11.07 DLOADER.Trojan

eSafe 7.0.17.0 2008.11.06 -

eTrust-Vet 31.6.6198 2008.11.07 -

Ewido 4.0 2008.11.07 -

F-Prot 4.4.4.56 2008.11.06 W32/Heuristic-KPP!Eldorado

F-Secure 8.0.14332.0 2008.11.07 Trojan-Downloader.Win32.Agent.aoal

Fortinet 3.117.0.0 2008.11.07 -

GData 19 2008.11.07 -

Ikarus T3.1.1.45.0 2008.11.07 -

K7AntiVirus 7.10.519 2008.11.07 -

Kaspersky 7.0.0.125 2008.11.07 Trojan-Downloader.Win32.Agent.aoal

McAfee 5426 2008.11.06 -

Microsoft 1.4104 2008.11.07 -

NOD32 3595 2008.11.07 a variant of Win32/Agent.OAF

Norman 5.80.02 2008.11.07 -

Panda 9.0.0.4 2008.11.07 Suspicious file

PCTools 4.4.2.0 2008.11.07 -

Prevx1 V2 2008.11.07 Malware Downloader

Rising 21.02.42.00 2008.11.07 -

SecureWeb-Gateway 6.7.6 2008.11.07 Trojan.Spy.Gen

Sophos 4.35.0 2008.11.07 Mal/Behav-027

Sunbelt 3.1.1783.2 2008.11.05 -

Symantec 10 2008.11.07 -

TheHacker 6.3.1.1.143 2008.11.07 -

TrendMicro 8.700.0.1004 2008.11.07 -

VBA32 3.12.8.9 2008.11.06 -

ViRobot 2008.11.7.1457 2008.11.07 -

VirusBuster 4.5.11.0 2008.11.06 -

Övrig information

File size: 135168 bytes

MD5...: 5f4fb6b0baa1543ee73f134a2339703d

SHA1..: 27f92d7b8fd511af00f1b284b39a06fedb48d823

SHA256: 83f56612479b8f4a339b6f35e45d1b58a229da1dc7a77e9d2904f0a1d93102b2

SHA512: fb10974493d45f66125a31d9726b442e31bad3891e5bdc8aa52a80e267194c0d

39d8bd7977f41267f5e0fa16806f34044c2e5eb9e3f3de26b1096f47b84f304d

PEiD..: -

TrID..: File type identification

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x10001fc1

timedatestamp.....: 0x49113276 (Wed Nov 05 05:43:18 2008)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x150d4 0x16000 6.44 b566629051391d7469f5b66ba1d58b9f

.rdata 0x17000 0x62f9 0x7000 6.29 a4653a5c80268c9a4c38e341392316ca

.data 0x1e000 0x1498 0x1000 2.08 46eb391337a4ff9ec00d45f11c73b00a

.reloc 0x20000 0x1a94 0x2000 5.84 29b3f505ac36c7db13d25f8d7b2e0813

( 11 imports )

> ntdll.dll: _snprintf, _strnicmp, strlen, strstr, _stricmp, memcmp, atoi, _itoa, memcpy, _ultoa, tolower, memset, _chkstk, _allmul, _alldiv

> msvcrt.dll: strtok

> WS2_32.dll: -, -, WSAIoctl, -, WSAGetOverlappedResult, -, WSACreateEvent, -, WSAWaitForMultipleEvents, WSASend, WSASocketW, -, -, -, -, -, -, WSARecv

> WININET.dll: InternetConnectA, HttpAddRequestHeadersA, HttpOpenRequestA, HttpSendRequestA, InternetOpenA, HttpQueryInfoA, InternetReadFile, InternetCloseHandle, InternetOpenUrlA, InternetSetOptionA

> OLEAUT32.dll: -, -

> SHLWAPI.dll: PathFileExistsA

> KERNEL32.dll: EnterCriticalSection, GetVolumeInformationA, GetWindowsDirectoryA, GetFileTime, HeapFree, WaitNamedPipeA, FindNextFileA, SetNamedPipeHandleState, HeapAlloc, GetSystemDirectoryA, GetVersionExA, FindClose, RemoveDirectoryA, TransactNamedPipe, HeapSetInformation, HeapCreate, FindFirstFileA, HeapDestroy, FreeLibrary, CreateFileMappingA, OpenFileMappingA, UnmapViewOfFile, MapViewOfFile, ExitProcess, GetFileAttributesExA, SetFileAttributesA, CreateDirectoryA, TlsGetValue, TlsAlloc, CreateEventA, TlsSetValue, ProcessIdToSessionId, Process32Next, Process32First, WriteProcessMemory, VirtualAllocEx, Thread32Next, GetModuleHandleA, Thread32First, CreateToolhelp32Snapshot, InterlockedIncrement, InterlockedDecrement, GetCurrentThreadId, GetProcAddress, CloseHandle, OpenThread, GetCurrentProcessId, lstrcpyA, CreateFileA, WaitForMultipleObjects, GetFileSize, ReadFile, GetModuleFileNameA, GetModuleFileNameW, InitializeCriticalSection, ResetEvent, lstrcatA, GetLocalTime, WaitForSingleObject, OpenMutexA, InterlockedCompareExchange, CreateMutexA, lstrlenA, SetEvent, TerminateThread, OutputDebugStringA, Sleep, DuplicateHandle, GetExitCodeThread, ReleaseMutex, FlushFileBuffers, OpenEventA, SetUnhandledExceptionFilter, LeaveCriticalSection, GetCurrentThread, VirtualFree, GetFileInformationByHandle, GetLastError, SystemTimeToFileTime, lstrcmpiA, GetSystemTime, GetCurrentProcess, WriteFile, CreateThread, VirtualFreeEx, DisconnectNamedPipe, CreateNamedPipeA, ConnectNamedPipe, PeekNamedPipe, lstrcmpA, SetFilePointer, SetEndOfFile, GetTempFileNameA, DeleteCriticalSection, GetTempPathA, VirtualProtect, FlushInstructionCache, VirtualQuery, VirtualAlloc, SuspendThread, ResumeThread, GetThreadContext, SetThreadContext, SetLastError, lstrcmpW, MultiByteToWideChar, DeleteFileA, CreateProcessA, GetTickCount, GetFileAttributesA, LoadLibraryA, CreateRemoteThread, OpenProcess

> USER32.dll: SetForegroundWindow, ShowWindow, PeekMessageA, WaitForInputIdle, MsgWaitForMultipleObjects, GetSystemMetrics, wsprintfA, DispatchMessageA

> ADVAPI32.dll: ControlService, RegDeleteKeyA, OpenSCManagerA, RegCreateKeyExA, CloseServiceHandle, OpenServiceA, RegQueryValueExA, ChangeServiceConfigA, RegQueryInfoKeyA, RegEnumKeyExA, RegSetValueExA, RegCloseKey, RegOpenKeyExA

> SHELL32.dll: ShellExecuteA, SHGetFolderPathA

> ole32.dll: CoUninitialize, CoInitializeEx, CoCreateInstance

( 2 exports )

DllGetClassObject, EventStartup

Prevx info: http://info.prevx.com/aboutprogramtext.asp...A56E900A6DDBF82

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.7.1 2008.11.07 -

AntiVir 7.9.0.26 2008.11.07 -

Authentium 5.1.0.4 2008.11.07 -

Avast 4.8.1248.0 2008.11.06 -

AVG 8.0.0.161 2008.11.07 -

BitDefender 7.2 2008.11.07 -

CAT-QuickHeal 9.50 2008.11.07 -

ClamAV 0.94.1 2008.11.07 -

DrWeb 4.44.0.09170 2008.11.07 -

eSafe 7.0.17.0 2008.11.06 -

eTrust-Vet 31.6.6198 2008.11.07 -

Ewido 4.0 2008.11.07 -

F-Prot 4.4.4.56 2008.11.06 -

F-Secure 8.0.14332.0 2008.11.07 -

Fortinet 3.117.0.0 2008.11.07 -

GData 19 2008.11.07 -

Ikarus T3.1.1.45.0 2008.11.07 -

K7AntiVirus 7.10.519 2008.11.07 -

Kaspersky 7.0.0.125 2008.11.07 -

McAfee 5426 2008.11.06 -

Microsoft 1.4104 2008.11.07 -

NOD32 3595 2008.11.07 -

Norman 5.80.02 2008.11.07 -

Panda 9.0.0.4 2008.11.07 -

PCTools 4.4.2.0 2008.11.07 -

Prevx1 V2 2008.11.07 -

Rising 21.02.42.00 2008.11.07 -

SecureWeb-Gateway 6.7.6 2008.11.07 -

Sophos 4.35.0 2008.11.07 -

Sunbelt 3.1.1783.2 2008.11.05 -

Symantec 10 2008.11.07 -

TheHacker 6.3.1.1.143 2008.11.07 -

TrendMicro 8.700.0.1004 2008.11.07 -

VBA32 3.12.8.9 2008.11.06 -

ViRobot 2008.11.7.1457 2008.11.07 -

VirusBuster 4.5.11.0 2008.11.06 -

Övrig information

File size: 6144 bytes

MD5...: 7a73fdeef6cf45d27edd73220eaf1c8f

SHA1..: e3484c64bff319b0fa2618bb2f77c557dde85c55

SHA256: 83374c15875264e8e5595172b9690711928b1a27a4736506a9a8b21821fd8e53

SHA512: 02b3da927cc64a9bbc82b2888f511e2f16ccbac3b86de2e65d770d60e26f511a

e0b8952cd26dabe76dd1868a8fb225de494f6049c6e12c138858316a1c869b58

PEiD..: -

TrID..: File type identification

Win32 Dynamic Link Library (generic) (65.4%)

Generic Win/DOS Executable (17.2%)

DOS Executable Generic (17.2%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x40127c

timedatestamp.....: 0x46647733 (Mon Jun 04 20:33:55 2007)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x754 0x800 5.60 a550b0bc8ee8e390532fdec4aa7abeb4

.data 0x2000 0x24 0x200 0.06 03cbffffede4434fbef2f26e0d64c6de

.rsrc 0x3000 0x840 0xa00 3.31 6d932478ac97bfd7cf753ed0ccd7ca77

( 3 imports )

> KERNEL32.dll: GetCommandLineW, GetModuleHandleA, GetStartupInfoW

> msvcrt.dll: __2@YAPAXI@Z, _c_exit, _exit, _XcptFilter, _cexit, exit, _wcmdln, __wgetmainargs, wcstok, wcslen, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, __setusermatherr, wcscpy, __3@YAXPAX@Z, _initterm

> MSDTCTM.dll: -

Link to comment
Share on other sites

Hej Tony!

Varsegod!

Hmmm nu blir det lite svårtytt här då du inte uppgett filsignaturen till scanningarna. Så vilken fil tillhör vilken scanning?

En av dem är en elaking och som vi bör åtgärda.

MVH/Malou

Link to comment
Share on other sites

Hej Tony!

Ber om ursäkt för det hastiga avbrottet mitt upp i allt här  :-[ Men nu är jag tillbaka igen  ;)

Hämta hem ComboFix från nedanstående länk:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

1: Spara ComboFix till skrivbordet:

OBS:

Dra ur Internetanslutningen => stäng av/avaktivera antivirusprogram/antispionprogram.

Gå nu vidare med nedanstående:.

1: Dubbelklicka på ComboFix för att starta den

2: Följ anvisningarna som visas på skärmen.

3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den här

Kan även hittas här => (C:ComboFix.txt)

4: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

OBS:

Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet.

OBSERVERA:

Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös).

Om problem uppstår prova då nedanstående.

Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera

ELLER

Starta om datorn.

VARNING!:

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

MVH/Malou

Link to comment
Share on other sites

Hej igen Malou.

Nu är jag igång igen.

Här kommer loggan.

Jag blev tvingad att starta om datorn för att få allt att fungera igen, därför vet jag inte var loggan för Combofix tog vägen. hoppas att det är denna som jag skickar med.

2007 Microsoft Office Suite Service Pack 1 (SP1)

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player 11

Advanced WindowsCare Personal

AI Booster

AiO_Scan_CDA

AiOSoftwareNPI

AMD Processor Driver

Apple Software Update

ASUSUpdate

µTorrent

Brothers in Arms: Hell's Highway

BufferChm

C4100

c4100_Help

Call of Duty® 2

Call of Duty® 2 Patch 1.2

Call of Duty® 2 Patch 1.3

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.1 Patch

Call of Duty® 4 - Modern Warfare 1.2 Patch

Call of Duty® 4 - Modern Warfare 1.4 Patch

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

CCleaner (remove only)

CDBurnerXP

Convert

Cool & Quiet

CP_CalendarTemplates1

cp_OnlineProjectsConfig

CP_Package_Basic1

CP_Panorama1Config

cp_PosterPrintConfig

Crysis WARHEAD®

Crysis®

CueTour

CustomerResearchQFolder

Destinations

DeviceManagementQFolder

DivX Codec

DivX Converter

DivX Player

DivX Web Player

DocProc

DocProcQFolder

DocumentViewer

DocumentViewerQFolder

Dual-Core Optimizer

EA Download Manager

eSupportQFolder

Far Cry

Far Cry (Patch 1)

Far Cry (Patch 1.4)

Far Cry 2

Fax_CDA

filehippo.com Update Checker

Foxit Reader

Frontlines: Fuel of War

FullDPAppQFolder

Gears of War

Google Earth

Harry Potter och Fenixorden

HDD Health v3.3 Beta

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB915800-v4)

HP Update

HPPhotoSmartExpress

HPProductAssistant

InstantShareDevices

InstantShareDevicesMFC

IZArc 3.81

Java 6 Update 10

Kartex

LimeWire PRO 4.18.8

Malwarebytes' Anti-Malware

MarketResearch

McAfee SiteAdvisor

Medal of Honor Airborne

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 1.1 Swedish Language Pack

Microsoft .NET Framework 2.0 Service Pack 1

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - SVE

Microsoft .NET Framework 3.0 Service Pack 1

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - SVE

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 Language Pack - sve

Microsoft Application Error Reporting

Microsoft Baseline Security Analyzer 2.1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE Redistributable

Microsoft IntelliPoint 6.3

Microsoft IntelliType Pro 6.3

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office Access MUI (Swedish) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Groove MUI (Swedish) 2007

Microsoft Office InfoPath MUI (Swedish) 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Outlook MUI (Swedish) 2007

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Publisher MUI (Swedish) 2007

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Word MUI (Swedish) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders  (Swedish) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

MSXML 4.0 SP2 (KB936181)

NewCopy_CDA

NätLex 1.1.11

NVIDIA Drivers

NVIDIA PhysX v8.10.13

Pack Vista Inspirat 2 1.0

Panda ActiveScan 2.0

PanoStandAlone

PerfectDisk 2008 Professional

Personal 4.9.3

PhotoGallery

ProductContextNPI

PunkBuster Services

QuickTime

RandMap

Readme

Realtek AC'97 Audio

Scan

ScannerCopy

Security Update for 2007 Microsoft Office System (KB951944)

Security Update for 2007 Microsoft Office System (KB955936)

Security Update for Microsoft Office Excel 2007 (KB955470)

Security Update for Microsoft Office OneNote 2007 (KB950130)

Security Update for Microsoft Office PowerPoint 2007 (KB951338)

Security Update for Microsoft Office Publisher 2007 (KB950114)

Security Update for Microsoft Office system 2007 (KB951808)

Security Update for Microsoft Office system 2007 (KB954326)

Security Update for Microsoft Office Word 2007 (KB950113)

SkinsHP1

SlideShow

Snabbkorrigering för Windows Media Player 11 (KB939683)

Snabbkorrigering för Windows XP (KB952287)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127-v2)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)

Säkerhetsuppdatering för Windows Media Player 11 (KB936782)

Säkerhetsuppdatering för Windows Media Player 11 (KB954154)

Säkerhetsuppdatering för Windows XP (KB923789)

Säkerhetsuppdatering för Windows XP (KB938464)

Säkerhetsuppdatering för Windows XP (KB941569)

Säkerhetsuppdatering för Windows XP (KB946648)

Säkerhetsuppdatering för Windows XP (KB950762)

Säkerhetsuppdatering för Windows XP (KB950974)

Säkerhetsuppdatering för Windows XP (KB951066)

Säkerhetsuppdatering för Windows XP (KB951376-v2)

Säkerhetsuppdatering för Windows XP (KB951698)

Säkerhetsuppdatering för Windows XP (KB951748)

Säkerhetsuppdatering för Windows XP (KB952954)

Säkerhetsuppdatering för Windows XP (KB953839)

Säkerhetsuppdatering för Windows XP (KB954211)

Säkerhetsuppdatering för Windows XP (KB956391)

Säkerhetsuppdatering för Windows XP (KB956803)

Säkerhetsuppdatering för Windows XP (KB956841)

Säkerhetsuppdatering för Windows XP (KB957095)

Säkerhetsuppdatering för Windows XP (KB958644)

SolutionCenter

Sonic_PrimoSDK

Språkpaket för Microsoft .NET Framework 3.5 - Swedish

Spybot - Search & Destroy

Stadskartan

Status

System Requirements Lab

Telia Säker Surf

Tom Clancy's Rainbow Six Vegas 2

Toolbox

TrayApp

TuneUp Utilities 2008

Uniblue RegistryBooster 2009

Unload

Unlocker 1.8.7

Update for Microsoft Office Outlook 2007 (KB952142)

Update for Office 2007 (KB946691)

Update for Outlook 2007 Junk Email Filter (kb957258)

Uppdatering för Windows XP (KB898461)

Uppdatering för Windows XP (KB943729)

Uppdatering för Windows XP (KB951072-v2)

Uppdatering för Windows XP (KB951978)

Uppgradering till Kartex 5.02.42

WebFldrs XP

WebReg

Webshots Desktop

Windows Internet Explorer 7

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:07:49, on 2008-11-08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:ProgramMicrosoft IntelliType Proitype.exe

C:ProgramMicrosoft IntelliPointipoint.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE

C:WINDOWSsystem32ctfmon.exe

C:ProgramPersonalbinPersonal.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE

C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE

C:WINDOWSSystem32svchost.exe

C:ProgramJavajre6binjqs.exe

C:ProgramMcAfeeSiteAdvisorMcSACore.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE

C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe

C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe

C:ProgramCDBurnerXPNMSAccessU.exe

C:WINDOWSsystem32nvsvc32.exe

C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32PnkBstrB.exe

C:WINDOWSsystem32locator.exe

C:WINDOWSsystem32tcpsvcs.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe

C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe

C:WINDOWSsystem32dllhost.exe

C:WINDOWSsystem32msdtc.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe

C:WINDOWSexplorer.exe

C:ProgramTrend MicroHijackThisTonys.exe.exe

C:WINDOWSsystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll

O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe"

O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash

O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll

O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll

O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 9925 bytes

Link to comment
Share on other sites

Hej Tony!

Nej den loggan är det inte. Du skall/bör hitta ComboFixloggan här => (C:ComboFix.txt) <= som jag nämnde i proceduren.

Om du hittar den så kopiera in den hit till din tråd.

Vad var det som förorsakade att du blev tvingad att starta om datorn?

MVH/Malou

Link to comment
Share on other sites

Hej igen.

Orsaken till omstarten var att jag inte kunde starta om "Telia säker surf", det var helt kört. Därför ville jag inte starta internet heller.

Har letat i Combo Fix mapp men tyvärr inte hittat txt-filen.

Det börjar att luta åt att formatera Hd

Mvh.

Tony

Link to comment
Share on other sites

Hej Tony!

Orsaken till omstarten var att jag inte kunde starta om "Telia säker surf", det var helt kört. Därför ville jag inte starta internet heller.

Ok.

Är du uppkopplad via USB eller liknande exempelvis trådlös uppkoppling?

Skrev en varning ang detta i instruktionen.

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Har letat i Combo Fix mapp men tyvärr inte hittat txt-filen.

Det börjar att luta åt att formatera Hd

Den skall ligga som en egen textfil => (C:ComboFix.txt) <=

Formatera skall man inte behöva göra  ;) Det är det sista man tar till då absolut ingenting annat hjälper.

Gör ett nytt försök med ComboFix. Uppdatera den först. Gör sedan scanningen enligt tidigare instruktioner för ComboFix.

Kopiera in loggan hit till din tråd.

Om ovanstående mot förmodan ändå inte lyckas eller du känner att du inte vill ge dig på detta så gör nedanstående istället. Detta verktyg gör enbart en genomsökning och åtgärdar ingenting av det som visas det får man göra manuellt.

Hämta hem RSIT från nedanstående länkhttp://images.malwareremoval.com/random/RSIT.exe

1: Spara den till skrivbordet

2: Dubbelklicka på verktyget för att starta RSIT

3: Då den scannat klart produceras en textfil i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:rsit

4: Kopiera in den loggan hit till din tråd

MVH/Malou

Link to comment
Share on other sites

Hej igen Malou.

Har kört programmet igen och sparat loggan på en annan Hd.

Så här kommer den

Hoppas det går bättre nu. Skicka även loggan på Hijackis.

Måste skicka det var för sig när det blev för stort

Tony.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:19:43, on 2008-11-08

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSOUNDMAN.EXE

C:ProgramMicrosoft IntelliType Proitype.exe

C:ProgramMicrosoft IntelliPointipoint.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE

C:WINDOWSsystem32ctfmon.exe

C:ProgramPersonalbinPersonal.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE

C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE

C:ProgramJavajre6binjqs.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE

C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe

C:ProgramMcAfeeSiteAdvisorMcSACore.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe

C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe

C:WINDOWSsystem32msiexec.exe

C:ProgramCDBurnerXPNMSAccessU.exe

C:WINDOWSsystem32nvsvc32.exe

C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32PnkBstrB.exe

C:WINDOWSsystem32locator.exe

C:WINDOWSsystem32tcpsvcs.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe

C:WINDOWSsystem32msdtc.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe

C:WINDOWSsystem32wuauclt.exe

C:WINDOWSexplorer.exe

C:ProgramTrend MicroHijackThisTonys.exe.exe

C:WINDOWSsystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll

O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe"

O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash

O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll

O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll

O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 10072 bytes

Link to comment
Share on other sites

Hej.

Här kommer ComboFix. måste dela det på två.

Tony.

ComboFix 08-11-07.01 - Administratör 2008-11-08 14:08:49.2 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1053.18.2474 [GMT 1:00]

Running from: c:documents and settingsAdministratörSkrivbordComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((  Files Created from 2008-10-08 to 2008-11-08  )))))))))))))))))))))))))))))))

.

2008-11-08 11:56 . 2008-11-08 11:56 <KAT> d-------- c:windowsMcAfee.com

2008-11-08 11:56 . 2008-11-08 11:56 <KAT> d-------- c:windowsLastGood

2008-11-08 11:29 . 2008-11-08 11:33 <KAT> d-a------ c:documents and settingsAll UsersApplication DataTEMP

2008-11-07 11:37 . 2008-11-07 11:37 <KAT> d-------- c:programTrend Micro

2008-11-07 07:09 . 2008-11-07 07:09 <KAT> d--hs---- c:windowssystem32GroupPolicyManifest

2008-11-06 21:30 . 2008-11-07 11:11 <KAT> d-------- c:programPanda Security

2008-11-06 21:30 . 2008-06-19 17:24 28,544 --a------ c:windowssystem32driverspavboot.sys

2008-11-06 20:34 . 2008-11-06 20:36 <KAT> d-------- c:programSpybot - Search & Destroy

2008-11-06 09:35 . 2008-11-07 07:26 8,230 --a------ c:windowsGnuHashes.ini

2008-11-06 09:23 . 2008-11-06 09:23 318,976 --ahs---- c:windowssystem321543.tmp

2008-11-06 09:23 . 2008-11-06 09:23 135,168 --a------ c:windowssystem32dpcdll32.dll

2008-11-06 09:23 . 2008-11-07 07:09 1,397 --ahs---- c:windowssystem32GroupPolicy000.dat

2008-11-06 07:55 . 2008-11-04 18:24 39,157 --a------ c:windows_DETMP.1

2008-11-05 07:05 . 2008-11-05 13:06 <KAT> d-------- c:programMcAfee

2008-11-05 07:05 . 2008-11-05 07:05 <KAT> d-------- c:programDelade filerMcAfee

2008-11-04 14:09 . 2008-11-04 14:11 <KAT> d-------- c:documents and settingsAdministratörApplication DataU3

2008-11-02 12:47 . 2008-11-02 12:47 30,856 --a------ c:windowssystem32driversfsbts.sys

2008-11-02 12:42 . 2008-11-02 12:42 <KAT> d-------- c:programTelia

2008-11-02 12:42 . 2008-09-23 14:35 79,904 --a------ c:windowssystem32driversfsdfw.sys

2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans

2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans

2008-11-02 12:04 . 2008-11-02 12:04 <KAT> d-------- c:programMicrosoft Baseline Security Analyzer 2

2008-11-02 10:55 . 2008-11-02 10:55 <KAT> d-------- c:programMicrosoft IntelliPoint

2008-11-02 10:55 . 2008-06-10 13:04 31,048 --a------ c:windowssystem32driverspoint32.sys

2008-11-02 10:41 . 2008-11-02 10:41 <KAT> d-------- c:programIObit

2008-11-01 16:52 . 2008-11-01 16:52 <KAT> d-------- c:programCCleaner

2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:programUniblue

2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d--h-c--- c:documents and settingsAll UsersApplication Data{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:documents and settingsAdministratörApplication DataUniblue

2008-10-31 10:23 . 2008-10-31 10:23 <KAT> d-------- c:programMicrosoft IntelliType Pro

2008-10-30 21:17 . 2008-10-30 21:17 410,976 --a------ c:windowssystem32deploytk.dll

2008-10-30 20:56 . 2008-10-30 20:56 <KAT> d-------- c:documents and settingsAdministratörApplication DataInstallShield

2008-10-30 20:56 . 2006-07-01 23:21 43,520 --a------ c:windowssystem32driversAmdK8.sys

2008-10-30 11:14 . 2008-10-30 11:20 20 --a------ c:windowssystem32PDBootState

2008-10-30 10:12 . 2008-10-30 10:12 <KAT> d-------- c:programRealtek AC97

2008-10-29 13:23 . 2005-07-26 07:02 923,520 --a------ c:windowssystem32driversnvmcp.sys

2008-10-29 13:23 . 2005-07-26 07:01 415,360 --a------ c:windowssystem32driversnvapu.sys

2008-10-29 13:23 . 2005-07-26 07:02 66,688 --a------ c:windowssystem32driversnvarm.sys

2008-10-29 13:23 . 2005-07-26 07:02 54,272 --a------ c:windowssystem32nvopenal.dll

2008-10-29 13:23 . 2005-07-26 06:58 53,376 --a------ c:windowssystem32driversnvax.sys

2008-10-29 13:23 . 2005-07-20 17:08 33,280 --a------ c:windowssystem32NVCOAD.DLL

2008-10-29 13:23 . 2005-07-26 07:02 30,208 --a------ c:windowssystem32nvasio.dll

2008-10-29 13:23 . 2005-07-26 07:02 21,504 --a------ c:windowssystem32OpenAL32.dll

2008-10-29 13:23 . 2005-07-26 07:02 7,680 --a------ c:windowssystem32nvack.dll

2008-10-29 13:23 . 2005-07-26 07:02 5,120 --a------ c:windowssystem32ALut.dll

2008-10-29 09:37 . 2008-10-29 09:37 <KAT> d-------- c:windows74224F8D4A1748169EDB7BB854DE532C.TMP

2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx0c.dll

2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx07.dll

2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:windowssystem32divx_xx0a.dll

2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:windowssystem32divx_xx11.dll

2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:windowssystem32divxdec.ax

2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:windowssystem32DivX.dll

2008-10-28 11:06 . 2008-10-28 11:06 107,888 --a------ c:windowssystem32CmdLineExt.dll

2008-10-28 10:41 . 2008-10-30 10:34 <KAT> d-------- c:programUbisoft

2008-10-28 08:12 . 2008-10-28 08:12 <KAT> dr-h----- c:documents and settingsAdministratörApplication DataSecuROM

2008-10-27 20:35 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys

2008-10-27 20:35 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys

2008-10-27 19:59 . 2007-06-29 14:47 34,304 --a------ c:windowssystem32driversAmdLLD.sys

2008-10-27 19:29 . 2008-10-27 19:29 <KAT> d-------- c:programHDD Health

2008-10-25 11:35 . 2008-10-27 19:29 <KAT> d-------- c:programMicrosoft CAPICOM 2.1.0.2

2008-10-24 16:06 . 2008-10-27 20:36 <KAT> d-------- c:programMalwarebytes' Anti-Malware

2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes

2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAdministratörApplication DataMalwarebytes

2008-10-16 19:42 . 2008-10-16 19:42 <KAT> d--h----- c:windowsPIF

2008-10-14 10:17 . 2008-10-14 10:17 <KAT> d-------- c:documents and settingsAdministratörApplication DataApple Computer

2008-10-14 08:45 . 2008-04-14 20:34 221,184 --a------ c:windowssystem32wmpns.dll

2008-10-14 06:40 . 2008-10-14 06:40 <KAT> d-------- c:programJoshMadison

2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:windowssystem32PhysXLoader.dll

2008-10-13 06:16 . 2008-10-13 06:16 250 --a------ c:windowsgmer.ini

2008-10-12 10:10 . 2008-10-27 19:59 <KAT> d-------- c:programAMD

2008-10-12 08:28 . 2008-10-23 07:42 203,146 --a------ c:windowssystem32nvapps.nvb

2008-10-11 17:30 . 2008-10-11 17:30 <KAT> d-------- c:programWebshots

2008-10-11 17:23 . 2008-10-11 17:23 <KAT> d-------- c:programAGI

2008-10-10 06:42 . 2008-04-14 20:34 116,224 --a--c--- c:windowssystem32dllcachexrxwiadr.dll

2008-10-10 06:42 . 2001-08-18 05:37 99,865 --a--c--- c:windowssystem32dllcachexlog.exe

2008-10-10 06:42 . 2001-09-06 19:33 27,648 --a--c--- c:windowssystem32dllcachexrxftplt.exe

2008-10-10 06:42 . 2001-09-06 19:33 23,040 --a--c--- c:windowssystem32dllcachexrxwbtmp.dll

2008-10-10 06:42 . 2008-04-13 21:04 19,455 --a--c--- c:windowssystem32dllcachewvchntxx.sys

2008-10-10 06:42 . 2008-04-13 23:16 19,200 --a--c--- c:windowssystem32dllcachewstcodec.sys

2008-10-10 06:42 . 2008-04-14 20:34 18,944 --a--c--- c:windowssystem32dllcachexrxscnui.dll

2008-10-10 06:42 . 2001-08-17 19:11 16,970 --a--c--- c:windowssystem32dllcachexem336n5.sys

2008-10-10 06:42 . 2008-04-13 21:04 12,063 --a--c--- c:windowssystem32dllcachewsiintxx.sys

2008-10-10 06:42 . 2008-04-14 20:34 8,192 --a--c--- c:windowssystem32dllcachewshirda.dll

2008-10-10 06:42 . 2001-09-06 19:33 4,608 --a--c--- c:windowssystem32dllcachexrxflnch.exe

2008-10-10 06:40 . 2001-08-17 20:28 794,399 --a--c--- c:windowssystem32dllcacheusr1806v.sys

2008-10-10 06:39 . 2001-08-17 20:28 794,654 --a--c--- c:windowssystem32dllcacheusr1801.sys

2008-10-10 06:38 . 2001-09-06 19:33 525,568 --a--c--- c:windowssystem32dllcachetridxp.dll

2008-10-10 06:37 . 2001-09-06 19:33 172,768 --a--c--- c:windowssystem32dllcachet2r4disp.dll

2008-10-10 06:36 . 2001-09-06 18:47 285,760 --a--c--- c:windowssystem32dllcachestlnata.sys

2008-10-10 06:35 . 2001-09-06 19:33 147,200 --a--c--- c:windowssystem32dllcachesmidispb.dll

2008-10-10 06:34 . 2001-09-06 19:33 386,560 --a--c--- c:windowssystem32dllcachesgiul50.dll

2008-10-10 06:33 . 2001-09-06 19:32 495,616 --a--c--- c:windowssystem32dllcachesblfx.dll

2008-10-10 06:32 . 2001-09-06 19:09 714,858 --a--c--- c:windowssystem32dllcacher2mdmkxx.sys

2008-10-10 06:31 . 2001-09-06 19:09 899,274 --a--c--- c:windowssystem32dllcacher2mdkxga.sys

2008-10-10 06:31 . 2008-04-14 20:34 159,232 --a--c--- c:windowssystem32dllcacheptpusd.dll

2008-10-10 06:31 . 2001-08-17 20:28 130,942 --a--c--- c:windowssystem32dllcacheptserlv.sys

2008-10-10 06:31 . 2001-08-17 20:28 128,286 --a--c--- c:windowssystem32dllcacheptserli.sys

2008-10-10 06:31 . 2001-08-17 20:28 112,574 --a--c--- c:windowssystem32dllcacheptserlp.sys

2008-10-10 06:31 . 2001-08-17 20:52 49,024 --a--c--- c:windowssystem32dllcacheql1280.sys

2008-10-10 06:31 . 2001-08-17 20:52 45,312 --a--c--- c:windowssystem32dllcacheql12160.sys

2008-10-10 06:31 . 2001-09-06 19:33 41,472 --a--c--- c:windowssystem32dllcacheqvusd.dll

2008-10-10 06:31 . 2001-08-17 20:52 40,448 --a--c--- c:windowssystem32dllcacheql1240.sys

2008-10-10 06:31 . 2001-08-17 20:52 40,320 --a--c--- c:windowssystem32dllcacheql1080.sys

2008-10-10 06:31 . 2001-08-17 20:52 33,152 --a--c--- c:windowssystem32dllcacheql10wnt.sys

2008-10-10 06:31 . 2008-04-13 23:10 6,016 --a--c--- c:windowssystem32dllcacheqic157.sys

2008-10-10 06:31 . 2001-08-17 20:53 3,328 --a--c--- c:windowssystem32dllcacheqv2kux.sys

2008-10-10 06:29 . 2001-08-17 21:05 351,616 --a--c--- c:windowssystem32dllcacheovcodek2.sys

2008-10-10 06:28 . 2008-08-14 14:27 2,066,816 --a--c--- c:windowssystem32dllcachentkrnlpa.exe

2008-10-10 06:28 . 2001-08-17 19:50 198,144 --a--c--- c:windowssystem32dllcachenv3.sys

2008-10-10 06:28 . 2008-04-14 20:13 132,695 --a--c--- c:windowssystem32dllcachenetwlan5.sys

2008-10-10 06:28 . 2001-08-17 19:20 126,080 --a--c--- c:windowssystem32dllcachenm5a2wdm.sys

2008-10-10 06:28 . 2001-09-06 19:32 123,776 --a--c--- c:windowssystem32dllcachenv3.dll

2008-10-10 06:28 . 2001-08-17 19:20 87,040 --a--c--- c:windowssystem32dllcachenm6wdm.sys

2008-10-10 06:28 . 2001-09-06 19:01 65,278 --a--c--- c:windowssystem32dllcachenetflx3.sys

2008-10-10 06:28 . 2001-08-17 19:20 54,528 --a--c--- c:windowssystem32dllcacheopl3sax.sys

2008-10-10 06:28 . 2001-08-17 19:49 51,552 --a--c--- c:windowssystem32dllcachentgrip.sys

2008-10-10 06:28 . 2001-08-17 19:12 32,840 --a--c--- c:windowssystem32dllcachengrpci.sys

2008-10-10 06:28 . 2008-04-13 23:24 28,672 --a--c--- c:windowssystem32dllcachenscirda.sys

2008-10-10 06:28 . 2001-09-06 19:02 9,472 --a--c--- c:windowssystem32dllcachentapm.sys

2008-10-10 06:28 . 2001-08-17 20:53 7,552 --a--c--- c:windowssystem32dllcachensmmc.sys

2008-10-10 06:26 . 2008-04-14 20:35 56,832 --a--c--- c:windowssystem32dllcachemsdvbnp.ax

2008-10-10 06:26 . 2008-04-13 23:16 51,200 --a--c--- c:windowssystem32dllcachemsdv.sys

2008-10-10 06:26 . 2008-04-13 23:16 49,024 --a--c--- c:windowssystem32dllcachemstape.sys

2008-10-10 06:26 . 2001-08-17 21:02 35,200 --a--c--- c:windowssystem32dllcachemsgame.sys

2008-10-10 06:26 . 2008-04-13 23:24 22,016 --a--c--- c:windowssystem32dllcachemsircomm.sys

.

Link to comment
Share on other sites

Här kommer nästa.

((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-08 12:51 --------- d-----w c:documents and settingsNetworkServiceApplication DataSACore

2008-11-07 16:55 --------- d-----w c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy

2008-11-07 10:33 --------- d-----w c:programVista Inspirat 2

2008-11-06 08:20 --------- d-----w c:documents and settingsAdministratörApplication DataLimeWire

2008-11-06 06:55 --------- d-----w c:programTYPEFACE

2008-11-06 06:55 --------- d-----w c:programSYMBOLS

2008-11-06 06:55 --------- d-----w c:programPALETTES

2008-11-06 06:55 --------- d-----w c:programFONTS

2008-11-06 06:55 --------- d-----w c:programFILTERS

2008-11-06 06:55 --------- d-----w c:programCUSTOM

2008-11-06 06:55 --------- d-----w c:programBANNERS

2008-11-06 06:55 --------- d-----w c:programACTIVITY

2008-11-05 12:09 --------- d-----r c:programPrivat

2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataSiteAdvisor

2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataMcAfee

2008-11-04 20:02 --------- d-----w c:documents and settingsAdministratörApplication DatauTorrent

2008-11-04 19:56 --------- d-----w c:programSystemRequirementsLab

2008-11-04 13:37 --------- d-----w c:programDivX

2008-11-02 18:01 --------- d-----w c:programLimeWire

2008-11-02 11:42 --------- d-----w c:documents and settingsAll UsersApplication DataF-Secure

2008-11-02 11:41 --------- d-----w c:documents and settingsAll UsersApplication Datafssg

2008-11-01 15:41 --------- d--h--w c:programInstallShield Installation Information

2008-10-31 12:39 --------- d-----w c:programApple Software Update

2008-10-31 11:46 --------- d-----w c:programHP

2008-10-31 09:49 --------- d-----w c:programCDBurnerXP

2008-10-31 09:20 --------- d-----w c:programJava

2008-10-30 15:24 --------- d-----w c:programStadkart

2008-10-30 15:22 --------- d-----w c:programUnlocker

2008-10-30 09:41 66,872 ----a-w c:windowssystem32PnkBstrA.exe

2008-10-30 09:41 22,328 ----a-w c:windowssystem32driversPnkBstrK.sys

2008-10-30 09:41 22,328 ----a-w c:documents and settingsAdministratörApplication DataPnkBstrK.sys

2008-10-30 09:41 2,337,865 ----a-w c:windowssystem32pbsvc.exe

2008-10-30 09:41 107,832 ----a-w c:windowssystem32PnkBstrB.exe

2008-10-29 08:37 --------- d-----w c:programDelade filerWise Installation Wizard

2008-10-29 08:03 --------- d-----w c:programAGEIA Technologies

2008-10-28 16:21 --------- d-----w c:programTuneUp Utilities 2008

2008-10-27 18:33 --------- d-----w c:programMicrosoft Silverlight

2008-10-27 18:29 --------- d-----w c:documents and settingsAll UsersApplication DataMicrosoft Help

2008-10-25 10:30 --------- d-----w c:programMicrosoft Visual Studio 8

2008-10-22 15:55 453,152 ----a-w c:windowssystem32NVUNINST.EXE

2008-10-18 10:50 --------- d-----w c:documents and settingsAll UsersApplication DatanView_Profiles

2008-10-18 10:05 --------- d-----w c:programASUS

2008-10-11 16:30 --------- d-----w c:documents and settingsAdministratörApplication DataWebshots

2008-10-10 05:55 --------- d-----w c:programIZArc

2008-10-07 11:33 286,720 ----a-w c:windowssystem32nvnt4cpl.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelTraditionalChinese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSwedish.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSpanish.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSimplifiedChinese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelPortugese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelKorean.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelJapanese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelGerman.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelFrench.dll

2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCplUI.exe

2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCompatCplUI.exe

2008-10-07 08:13 23,320 ----a-w c:windowssystem32PhysXDevice.dll

2008-10-05 18:52 --------- d-----w c:programQuickTime

2008-10-05 18:52 --------- d-----w c:programDelade filerApple

2008-10-05 18:52 --------- d-----w c:documents and settingsAll UsersApplication DataApple Computer

2008-10-05 18:51 --------- d-----w c:documents and settingsAll UsersApplication DataApple

2008-10-05 12:23 --------- d-----w c:programTHQ

2008-10-04 13:16 --------- d-----w c:documents and settingsAdministratörApplication DataMicrosoft Games

2008-10-03 16:09 --------- d-----w c:programuTorrent

2008-10-01 13:13 --------- d-----w c:documents and settingsLocalServiceApplication DataSACore

2008-10-01 12:23 355,584 ----a-w c:windowssystem32TuneUpDefragService.exe

2008-10-01 07:17 --------- d-----w c:documents and settingsAdministratörApplication DataDivX

2008-09-30 18:44 --------- d-----w c:programElectronic Arts

2008-09-30 15:45 --------- d-----w c:programReference Assemblies

2008-09-30 15:45 --------- d-----w c:programMSBuild

2008-09-30 07:05 --------- d-----w c:documents and settingsAdministratörApplication DataF-Secure

2008-09-29 17:26 --------- d-----w c:programMSXML 4.0

2008-09-29 13:56 215,144 ----a-w c:windowspatchw32.dll

2008-09-29 11:59 --------- d-----w c:programActivision

2008-09-29 11:05 --------- d-----w c:documents and settingsAll UsersApplication DataUbisoft

2008-09-29 10:29 --------- d-----w c:programMicrosoft Games

2008-09-29 10:23 --------- dc-h--w c:documents and settingsAll UsersApplication Data{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2008-09-29 10:20 --------- d-----w c:programEADM

2008-09-29 10:19 --------- d-----w c:programDelade filerInstallShield

2008-09-29 10:09 --------- d-----w c:programFoxit Software

2008-09-29 10:07 --------- d-----w c:documents and settingsAdministratörApplication DataHP

2008-09-29 10:05 --------- d-----w c:documents and settingsAll UsersApplication DataHP

2008-09-29 10:03 --------- d-----w c:programDelade filerSonic Shared

2008-09-29 10:03 --------- d-----w c:programDelade filerHP

2008-09-29 10:03 --------- d-----w c:documents and settingsAll UsersApplication DataSonic

2008-09-29 10:01 --------- d-----w c:programHewlett-Packard

2008-09-29 10:01 --------- d-----w c:programDelade filerHewlett-Packard

2008-09-29 09:36 --------- d-----w c:programDIFX

2008-09-29 09:27 --------- d-----w c:programGoogle

2008-09-29 09:26 39,397 ----a-w c:programDEISL1.ISU

2008-09-29 09:22 --------- d-----w c:programfilehippo.com

2008-09-29 07:54 60,080 ----a-w c:windowsBricoPackUninst.cmd

2008-09-29 07:54 5,308 ----a-w c:windowsBricoPackFoldersDelete.cmd

2008-09-29 07:54 219,136 ----a-w c:windowssystem32uxtheme.dll

2008-09-29 07:43 --------- d-----w c:documents and settingsAll UsersApplication DataTuneUp Software

2008-09-29 07:43 --------- d-----w c:documents and settingsAdministratörApplication DataTuneUp Software

2008-09-29 07:34 --------- d-----w c:programNätLex

2008-09-29 07:29 --------- d-----w c:programRaxco

2008-09-29 07:29 --------- d-----w c:documents and settingsAll UsersApplication DataRaxco

2008-09-29 07:19 --------- d-----w c:programDAEMON Tools Lite

2008-04-14 19:35 60,416 --sha-w c:windowsBricoPacksSysFiles80_msimn.exe

.

------- Sigcheck -------

2008-06-23 16:42  827904  763148c042469c197933ac956e566226 c:windows$hf_mig$KB953838-IE7SP2QFEwininet.dll

2008-08-26 10:12  827904  27431705f27b772f4f7903e4bf96efb2 c:windows$hf_mig$KB956390-IE7SP2QFEwininet.dll

2004-08-04 13:00  656896  9f721bd834534e75661d8f9bd1efdcd7 c:windows$NtServicePackUninstall$wininet.dll

2008-04-14 20:34  666624  b8d98f0cdf9b1429cd95497ad9995078 c:windowsie7wininet.dll

2007-08-13 17:54  818688  a4a0fc92358f39538a6494c42ef99fe9 c:windowsie7updatesKB953838-IE7wininet.dll

2008-06-23 17:42  826368  ce365a16790ec5c5dddc78820949c02e c:windowsie7updatesKB956390-IE7wininet.dll

2008-08-26 09:27  817152  7bd592ed5ff783bf9984dc5fce7288d4 c:windowsServicePackFilesi386wininet.dll

2008-08-26 09:27  817152  7bd592ed5ff783bf9984dc5fce7288d4 c:windowssystem32wininet.dll

2008-08-26 09:27  826368  91a76d98b206723d21612aecbc1d65ce c:windowssystem32dllcachewininet.dll

2008-04-14 20:35  976384  bcda7a0bd489b6cf8427bd37026d7f0d c:windowsexplorer.exe

2004-08-04 13:00  1032704  87a3c8ead27cf3591713d629d8bcb990 c:windows$NtServicePackUninstall$explorer.exe

2008-04-14 20:35  976384  bcda7a0bd489b6cf8427bd37026d7f0d c:windowsServicePackFilesi386explorer.exe

.

(((((((((((((((((((((((((((((  snapshot@2008-11-08_10.50.26,03  )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-13 09:54:40 24,576 ----a-w c:windowsMcAfee.comFreeScanavdat.exe

+ 2008-07-09 03:30:00 5,444 ----a-w c:windowsMcAfee.comFreeScanconfig.dat

+ 2008-11-07 14:47:52 156,936 ----a-w c:windowsMcAfee.comFreeScanmcfscan.dll

+ 2008-07-09 03:30:00 3,092,646 ----a-w c:windowsMcAfee.comFreeScanmcscan32.dll

+ 2008-11-07 04:30:00 942,396 ----a-w c:windowsMcAfee.comFreeScannames.DAT

+ 2006-12-18 09:03:00 7,449 ----a-w c:windowsMcAfee.comFreeScanrwabs16.dll

+ 2006-12-18 09:03:10 16,921 ----a-w c:windowsMcAfee.comFreeScanrwabs32.dll

+ 2008-11-07 04:30:00 56,335,896 ----a-w c:windowsMcAfee.comFreeScanscan.DAT

- 2008-11-02 11:42:42 76,862 ----a-w c:windowssystem32perfc009.dat

+ 2008-11-08 10:30:41 76,862 ----a-w c:windowssystem32perfc009.dat

- 2008-11-02 11:42:42 88,992 ----a-w c:windowssystem32perfc01D.dat

+ 2008-11-08 10:30:41 88,992 ----a-w c:windowssystem32perfc01D.dat

- 2008-11-02 11:42:42 454,716 ----a-w c:windowssystem32perfh009.dat

+ 2008-11-08 10:30:41 454,716 ----a-w c:windowssystem32perfh009.dat

- 2008-11-02 11:42:42 456,648 ----a-w c:windowssystem32perfh01D.dat

+ 2008-11-08 10:30:41 456,648 ----a-w c:windowssystem32perfh01D.dat

+ 2008-11-08 10:36:06 16,384 ----atw c:windowsTempPerflib_Perfdata_170.dat

.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"amd_dc_opt"="c:programAMDDual-Core Optimizeramd_dc_opt.exe" [2007-07-23 77824]

"itype"="c:programMicrosoft IntelliType Proitype.exe" [2008-06-10 1442888]

"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-10-23 13672448]

"IntelliPoint"="c:programMicrosoft IntelliPointipoint.exe" [2008-06-10 1406024]

"F-Secure Manager"="c:programTeliaTelias sakerhetstjansterCommonFSM32.EXE" [2008-09-23 182936]

"F-Secure TNB"="c:programTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" [2008-09-23 957024]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:windowssoundman.exe]

c:documents and settingsAll UsersStart-menyProgramAutostart

Personal.lnk - c:programPersonalbinPersonal.exe [2008-09-29 910864]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"MaxRecentDocs"= 2 (0x2)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifya441e429502]

2008-11-06 09:23 135168 c:windowssystem32dpcdll32.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=c:windowsSystem32dpcdll32.dll

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"ctfmon.exe"=c:windowssystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]

"UpdatesDisableNotify"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:ProgramMicrosoft OfficeOffice12OUTLOOK.EXE"=

"c:ProgramMicrosoft OfficeOffice12GROOVE.EXE"=

"c:ProgramuTorrentuTorrent.exe"=

"c:ProgramHPDigital Imagingbinhpqtra08.exe"=

"c:ProgramHPDigital Imagingbinhpqste08.exe"=

"c:ProgramHPDigital Imagingbinhpofxm08.exe"=

"c:ProgramHPDigital Imagingbinhposfx08.exe"=

"c:ProgramHPDigital Imagingbinhposid01.exe"=

"c:ProgramHPDigital Imagingbinhpqscnvw.exe"=

"c:ProgramHPDigital Imagingbinhpqkygrp.exe"=

"c:ProgramHPDigital ImagingbinhpqCopy.exe"=

"c:ProgramHPDigital Imagingbinhpfccopy.exe"=

"c:ProgramHPDigital Imagingbinhpzwiz01.exe"=

"c:ProgramHPDigital ImagingUnloadHpqPhUnl.exe"=

"c:ProgramHPDigital ImagingUnloadHpqDIA.exe"=

"c:ProgramHPDigital Imagingbinhpoews01.exe"=

"c:ProgramHPDigital Imagingbinhpqnrs08.exe"=

"c:ProgramMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe"=

"c:WINDOWSsystem32PnkBstrA.exe"=

"c:WINDOWSsystem32PnkBstrB.exe"=

"c:ProgramElectronic ArtsCrytekCrysisBin32Crysis.exe"=

"c:ProgramElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe"=

"c:ProgramElectronic ArtsMedal of Honor AirborneUnrealEngine3BinariesMOHA.exe"=

"c:ProgramTHQFrontlines-Fuel of WarBinariesFFOW.exe"=

"c:ProgramUbisoftFar Cry 2binFarCry2.exe"=

"c:ProgramUbisoftFar Cry 2binFC2Launcher.exe"=

"c:ProgramUbisoftFar Cry 2binFC2Editor.exe"=

"c:WINDOWSsystem32sessmgr.exe"=

"c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Game.exe"=

"c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Launcher.exe"=

"c:ProgramActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 fsbts;fsbts;c:windowssystem32Driversfsbts.sys [2008-11-02 30856]

R0 FSFW;F-Secure Firewall Driver;c:windowssystem32driversfsdfw.sys [2008-09-23 79904]

R0 nvgts;nvgts;c:windowssystem32DRIVERSnvgts.sys [2008-08-18 145952]

R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2008-06-19 28544]

R2 JavaQuickStarterService;Java Quick Starter;c:programJavajre6binjqs.exe [2008-10-30 152984]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:programMcAfeeSiteAdvisorMcSACore.exe [2008-10-08 203280]

R2 NMSAccessU;NMSAccessU;c:programCDBurnerXPNMSAccessU.exe [2008-06-15 71096]

R2 PD91Agent;PD91Agent;c:programRaxcoPerfectDisk2008PD91Agent.exe [2008-09-09 693512]

R2 UxTuneUp;TuneUp Theme Extension;c:windowsSystem32svchost.exe [2008-04-14 14336]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:programTeliaTelias sakerhetstjansterAnti-Virusminifilterfsgk.sys [2008-09-23 72288]

S3 FSORSPClient;F-Secure ORSP Client;c:programTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe [2008-09-23 55904]

S3 PD91Engine;PD91Engine;c:programRaxcoPerfectDisk2008PD91Engine.exe [2008-09-09 906504]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:windowsSystem32TuneUpDefragService.exe [2008-10-01 355584]

S4 F-Secure Filter;F-Secure File System Filter;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSfilter.sys [2008-09-23 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSrec.sys [2008-09-23 25184]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost  - NetSvcs

UxTuneUp

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]

ShellAutoRuncommand - G:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ace7479c-aa5e-11dd-a583-001a921dc4b4}]

ShellAutoRuncommand - G:LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

2008-10-31 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job

- c:programMicrosoft IntelliType Proitype.exe [2008-06-10 12:56]

.

.

------- Supplementary Scan -------

.

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab

c:windowsDownloaded Program Filessysreqlab.osd

c:windowsDownloaded Program Filessysreqlab3.dll

c:windowsDownloaded Program Filessysreqlab_srl.dll

O16 -: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.framkalla.com/iu/ImageUploader5.cab

c:windowsDownloaded Program FilesImageUploader5.inf

c:windowssystem32unicows.dll

c:windowsDownloaded Program FilesImageUploader5.ocx

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-08 14:10:02

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:windowssystem32winlogon.exe

-> c:windowsSystem32dpcdll32.dll

PROCESS: c:windowssystem32lsass.exe

-> c:windowsSystem32dpcdll32.dll

.

Completion time: 2008-11-08 14:10:43

ComboFix-quarantined-files.txt  2008-11-08 13:10:40

ComboFix2.txt  2008-11-08 09:50:44

Pre-Run: 294,487,400,448 byte ledigt

Post-Run: 294,476,308,480 byte ledigt

397

ommer loggan på det andra

Link to comment
Share on other sites

Hej Tony!

Härligt att du fick till det med ComboFix  ;)

Återkommer så snart jag gått igenom din Combologga. Tar dock en stund innan jag är klar så håll ut så länge  ;) ;)

MVH/Malou

Link to comment
Share on other sites

Hej Tony!

Vad jag förstår så använder du Telia säker surf (F-Secure) men ser i combologgan att du har/har haft => Panda Security <=Är den avinstallerad?

MVH/Malou

Link to comment
Share on other sites

Hej igen Tony!

Vi börjar lite försiktigt med nedanstående.

Skriv ut nedanstående eller kopiera det til ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna mycket noga:

1: Gå till Start => Kör => kopiera/klistra in notepad i körfältet => klicka Ok-knappen

2: Kopiera/Klistra in nedanstående rader inkluderat File:: / Registry::  i notepad

File::

c:windowssystem321543.tmp

c:windows_DETMP.1

3: Spara den som en textfil med namnet => CFScript.txt <=  Spara den till Skrivbordet.

4: Ta tag i textfilen => CFScript.txt <= som du sparade till skrivbordet med musen och dra den till ComboFix.

Se skärmdumpen:

cfscriptb4xs7.gif

5: ComboFix kommer att starta och börja scanna igen. Då ComboFix scannat klart kommer datorn att starta om (om inte) så starta om den manuellt.

6: Då datorn startat om så skall en text-logg komma upp, kopiera och klistra in den här

Kan även hittas här => (C:ComboFix.txt)

7: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

MVH/Malou

Link to comment
Share on other sites

Hej igen Malou.

Vet inte riktigt vad du menade med"File:: /Registry:: men jag gör så gott jak kan eftersom jag inte är någon "Dataguru".

Skickar Hijackisloggan först för att skicka den andra loggan direkt efter.

Tony.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:38:33, on 2008-11-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:ProgramMicrosoft IntelliType Proitype.exe

C:ProgramMicrosoft IntelliPointipoint.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE

C:WINDOWSsystem32ctfmon.exe

C:ProgramPersonalbinPersonal.exe

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE

C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE

C:WINDOWSSystem32svchost.exe

C:ProgramJavajre6binjqs.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE

C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe

C:ProgramMcAfeeSiteAdvisorMcSACore.exe

C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe

C:ProgramCDBurnerXPNMSAccessU.exe

C:WINDOWSsystem32nvsvc32.exe

C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32PnkBstrB.exe

C:WINDOWSsystem32tcpsvcs.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe

C:WINDOWSexplorer.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe

C:WINDOWSexplorer.exe

C:ProgramTrend MicroHijackThisTonys.exe.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll

O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe"

O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash

O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll

O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll

O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 9653 bytes

Link to comment
Share on other sites

Här kommer loggan.

Den är så stor att jag måste dela den i två.

ComboFix 08-11-07.01 - Administratör 2008-11-09 11:25:27.4 - NTFSx86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1053.18.2482 [GMT 1:00]

Running from: c:documents and settingsAdministratörSkrivbordComboFix.exe

Command switches used :: c:documents and settingsAdministratörSkrivbordCFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

(((((((((((((((((((((((((  Files Created from 2008-10-09 to 2008-11-09  )))))))))))))))))))))))))))))))

.

2008-11-08 11:56 . 2008-11-08 11:56 <KAT> d-------- c:windowsMcAfee.com

2008-11-08 11:29 . 2008-11-08 11:33 <KAT> d-a------ c:documents and settingsAll UsersApplication DataTEMP

2008-11-07 11:37 . 2008-11-07 11:37 <KAT> d-------- c:programTrend Micro

2008-11-07 07:09 . 2008-11-07 07:09 <KAT> d--hs---- c:windowssystem32GroupPolicyManifest

2008-11-06 21:30 . 2008-11-07 11:11 <KAT> d-------- c:programPanda Security

2008-11-06 21:30 . 2008-06-19 17:24 28,544 --a------ c:windowssystem32driverspavboot.sys

2008-11-06 20:34 . 2008-11-06 20:36 <KAT> d-------- c:programSpybot - Search & Destroy

2008-11-06 09:35 . 2008-11-07 07:26 8,230 --a------ c:windowsGnuHashes.ini

2008-11-06 09:23 . 2008-11-06 09:23 318,976 --ahs---- c:windowssystem321543.tmp

2008-11-06 09:23 . 2008-11-06 09:23 135,168 --a------ c:windowssystem32dpcdll32.dll

2008-11-06 09:23 . 2008-11-07 07:09 1,397 --ahs---- c:windowssystem32GroupPolicy000.dat

2008-11-06 07:55 . 2008-11-09 11:23 39,175 --a------ c:windows_DETMP.1

2008-11-05 07:05 . 2008-11-05 13:06 <KAT> d-------- c:programMcAfee

2008-11-05 07:05 . 2008-11-05 07:05 <KAT> d-------- c:programDelade filerMcAfee

2008-11-04 14:09 . 2008-11-04 14:11 <KAT> d-------- c:documents and settingsAdministratörApplication DataU3

2008-11-02 12:47 . 2008-11-02 12:47 30,856 --a------ c:windowssystem32driversfsbts.sys

2008-11-02 12:42 . 2008-11-02 12:42 <KAT> d-------- c:programTelia

2008-11-02 12:42 . 2008-09-23 14:35 79,904 --a------ c:windowssystem32driversfsdfw.sys

2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans

2008-11-02 12:05 . 2008-11-07 17:58 <KAT> d-------- c:documents and settingsAdministratörSecurityScans

2008-11-02 12:04 . 2008-11-02 12:04 <KAT> d-------- c:programMicrosoft Baseline Security Analyzer 2

2008-11-02 10:55 . 2008-11-02 10:55 <KAT> d-------- c:programMicrosoft IntelliPoint

2008-11-02 10:55 . 2008-06-10 13:04 31,048 --a------ c:windowssystem32driverspoint32.sys

2008-11-02 10:41 . 2008-11-02 10:41 <KAT> d-------- c:programIObit

2008-11-01 16:52 . 2008-11-01 16:52 <KAT> d-------- c:programCCleaner

2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:programUniblue

2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d--h-c--- c:documents and settingsAll UsersApplication Data{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-11-01 13:13 . 2008-11-01 13:13 <KAT> d-------- c:documents and settingsAdministratörApplication DataUniblue

2008-10-31 10:23 . 2008-10-31 10:23 <KAT> d-------- c:programMicrosoft IntelliType Pro

2008-10-30 21:17 . 2008-10-30 21:17 410,976 --a------ c:windowssystem32deploytk.dll

2008-10-30 20:56 . 2008-10-30 20:56 <KAT> d-------- c:documents and settingsAdministratörApplication DataInstallShield

2008-10-30 20:56 . 2006-07-01 23:21 43,520 --a------ c:windowssystem32driversAmdK8.sys

2008-10-30 11:14 . 2008-10-30 11:20 20 --a------ c:windowssystem32PDBootState

2008-10-30 10:12 . 2008-10-30 10:12 <KAT> d-------- c:programRealtek AC97

2008-10-29 13:23 . 2005-07-26 07:02 923,520 --a------ c:windowssystem32driversnvmcp.sys

2008-10-29 13:23 . 2005-07-26 07:01 415,360 --a------ c:windowssystem32driversnvapu.sys

2008-10-29 13:23 . 2005-07-26 07:02 66,688 --a------ c:windowssystem32driversnvarm.sys

2008-10-29 13:23 . 2005-07-26 07:02 54,272 --a------ c:windowssystem32nvopenal.dll

2008-10-29 13:23 . 2005-07-26 06:58 53,376 --a------ c:windowssystem32driversnvax.sys

2008-10-29 13:23 . 2005-07-20 17:08 33,280 --a------ c:windowssystem32NVCOAD.DLL

2008-10-29 13:23 . 2005-07-26 07:02 30,208 --a------ c:windowssystem32nvasio.dll

2008-10-29 13:23 . 2005-07-26 07:02 21,504 --a------ c:windowssystem32OpenAL32.dll

2008-10-29 13:23 . 2005-07-26 07:02 7,680 --a------ c:windowssystem32nvack.dll

2008-10-29 13:23 . 2005-07-26 07:02 5,120 --a------ c:windowssystem32ALut.dll

2008-10-29 09:37 . 2008-10-29 09:37 <KAT> d-------- c:windows74224F8D4A1748169EDB7BB854DE532C.TMP

2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx0c.dll

2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:windowssystem32divx_xx07.dll

2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:windowssystem32divx_xx0a.dll

2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:windowssystem32divx_xx11.dll

2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:windowssystem32divxdec.ax

2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:windowssystem32DivX.dll

2008-10-28 11:06 . 2008-10-28 11:06 107,888 --a------ c:windowssystem32CmdLineExt.dll

2008-10-28 10:41 . 2008-10-30 10:34 <KAT> d-------- c:programUbisoft

2008-10-28 08:12 . 2008-10-28 08:12 <KAT> dr-h----- c:documents and settingsAdministratörApplication DataSecuROM

2008-10-27 20:35 . 2008-10-22 16:10 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys

2008-10-27 20:35 . 2008-10-22 16:10 15,504 --a------ c:windowssystem32driversmbam.sys

2008-10-27 19:59 . 2007-06-29 14:47 34,304 --a------ c:windowssystem32driversAmdLLD.sys

2008-10-27 19:29 . 2008-10-27 19:29 <KAT> d-------- c:programHDD Health

2008-10-25 11:35 . 2008-10-27 19:29 <KAT> d-------- c:programMicrosoft CAPICOM 2.1.0.2

2008-10-24 16:06 . 2008-10-27 20:36 <KAT> d-------- c:programMalwarebytes' Anti-Malware

2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAll UsersApplication DataMalwarebytes

2008-10-24 16:06 . 2008-10-24 16:06 <KAT> d-------- c:documents and settingsAdministratörApplication DataMalwarebytes

2008-10-16 19:42 . 2008-10-16 19:42 <KAT> d--h----- c:windowsPIF

2008-10-14 10:17 . 2008-10-14 10:17 <KAT> d-------- c:documents and settingsAdministratörApplication DataApple Computer

2008-10-14 08:45 . 2008-04-14 20:34 221,184 --a------ c:windowssystem32wmpns.dll

2008-10-14 06:40 . 2008-10-14 06:40 <KAT> d-------- c:programJoshMadison

2008-10-13 09:56 . 2008-10-13 09:56 70,936 --a------ c:windowssystem32PhysXLoader.dll

2008-10-13 06:16 . 2008-10-13 06:16 250 --a------ c:windowsgmer.ini

2008-10-12 10:10 . 2008-10-27 19:59 <KAT> d-------- c:programAMD

2008-10-12 08:28 . 2008-10-23 07:42 203,146 --a------ c:windowssystem32nvapps.nvb

2008-10-11 17:30 . 2008-10-11 17:30 <KAT> d-------- c:programWebshots

2008-10-11 17:23 . 2008-10-11 17:23 <KAT> d-------- c:programAGI

2008-10-10 06:42 . 2008-04-14 20:34 116,224 --a--c--- c:windowssystem32dllcachexrxwiadr.dll

2008-10-10 06:42 . 2001-08-18 05:37 99,865 --a--c--- c:windowssystem32dllcachexlog.exe

2008-10-10 06:42 . 2001-09-06 19:33 27,648 --a--c--- c:windowssystem32dllcachexrxftplt.exe

2008-10-10 06:42 . 2001-09-06 19:33 23,040 --a--c--- c:windowssystem32dllcachexrxwbtmp.dll

2008-10-10 06:42 . 2008-04-13 21:04 19,455 --a--c--- c:windowssystem32dllcachewvchntxx.sys

2008-10-10 06:42 . 2008-04-13 23:16 19,200 --a--c--- c:windowssystem32dllcachewstcodec.sys

2008-10-10 06:42 . 2008-04-14 20:34 18,944 --a--c--- c:windowssystem32dllcachexrxscnui.dll

2008-10-10 06:42 . 2001-08-17 19:11 16,970 --a--c--- c:windowssystem32dllcachexem336n5.sys

2008-10-10 06:42 . 2008-04-13 21:04 12,063 --a--c--- c:windowssystem32dllcachewsiintxx.sys

2008-10-10 06:42 . 2008-04-14 20:34 8,192 --a--c--- c:windowssystem32dllcachewshirda.dll

2008-10-10 06:42 . 2001-09-06 19:33 4,608 --a--c--- c:windowssystem32dllcachexrxflnch.exe

2008-10-10 06:40 . 2001-08-17 20:28 794,399 --a--c--- c:windowssystem32dllcacheusr1806v.sys

2008-10-10 06:39 . 2001-08-17 20:28 794,654 --a--c--- c:windowssystem32dllcacheusr1801.sys

2008-10-10 06:38 . 2001-09-06 19:33 525,568 --a--c--- c:windowssystem32dllcachetridxp.dll

2008-10-10 06:37 . 2001-09-06 19:33 172,768 --a--c--- c:windowssystem32dllcachet2r4disp.dll

2008-10-10 06:36 . 2001-09-06 18:47 285,760 --a--c--- c:windowssystem32dllcachestlnata.sys

2008-10-10 06:35 . 2001-09-06 19:33 147,200 --a--c--- c:windowssystem32dllcachesmidispb.dll

2008-10-10 06:34 . 2001-09-06 19:33 386,560 --a--c--- c:windowssystem32dllcachesgiul50.dll

2008-10-10 06:33 . 2001-09-06 19:32 495,616 --a--c--- c:windowssystem32dllcachesblfx.dll

2008-10-10 06:32 . 2001-09-06 19:09 714,858 --a--c--- c:windowssystem32dllcacher2mdmkxx.sys

2008-10-10 06:31 . 2001-09-06 19:09 899,274 --a--c--- c:windowssystem32dllcacher2mdkxga.sys

2008-10-10 06:31 . 2008-04-14 20:34 159,232 --a--c--- c:windowssystem32dllcacheptpusd.dll

2008-10-10 06:31 . 2001-08-17 20:28 130,942 --a--c--- c:windowssystem32dllcacheptserlv.sys

2008-10-10 06:31 . 2001-08-17 20:28 128,286 --a--c--- c:windowssystem32dllcacheptserli.sys

2008-10-10 06:31 . 2001-08-17 20:28 112,574 --a--c--- c:windowssystem32dllcacheptserlp.sys

2008-10-10 06:31 . 2001-08-17 20:52 49,024 --a--c--- c:windowssystem32dllcacheql1280.sys

2008-10-10 06:31 . 2001-08-17 20:52 45,312 --a--c--- c:windowssystem32dllcacheql12160.sys

2008-10-10 06:31 . 2001-09-06 19:33 41,472 --a--c--- c:windowssystem32dllcacheqvusd.dll

2008-10-10 06:31 . 2001-08-17 20:52 40,448 --a--c--- c:windowssystem32dllcacheql1240.sys

2008-10-10 06:31 . 2001-08-17 20:52 40,320 --a--c--- c:windowssystem32dllcacheql1080.sys

2008-10-10 06:31 . 2001-08-17 20:52 33,152 --a--c--- c:windowssystem32dllcacheql10wnt.sys

2008-10-10 06:31 . 2008-04-13 23:10 6,016 --a--c--- c:windowssystem32dllcacheqic157.sys

2008-10-10 06:31 . 2001-08-17 20:53 3,328 --a--c--- c:windowssystem32dllcacheqv2kux.sys

2008-10-10 06:29 . 2001-08-17 21:05 351,616 --a--c--- c:windowssystem32dllcacheovcodek2.sys

2008-10-10 06:28 . 2008-08-14 14:27 2,066,816 --a--c--- c:windowssystem32dllcachentkrnlpa.exe

2008-10-10 06:28 . 2001-08-17 19:50 198,144 --a--c--- c:windowssystem32dllcachenv3.sys

2008-10-10 06:28 . 2008-04-14 20:13 132,695 --a--c--- c:windowssystem32dllcachenetwlan5.sys

2008-10-10 06:28 . 2001-08-17 19:20 126,080 --a--c--- c:windowssystem32dllcachenm5a2wdm.sys

2008-10-10 06:28 . 2001-09-06 19:32 123,776 --a--c--- c:windowssystem32dllcachenv3.dll

2008-10-10 06:28 . 2001-08-17 19:20 87,040 --a--c--- c:windowssystem32dllcachenm6wdm.sys

2008-10-10 06:28 . 2001-09-06 19:01 65,278 --a--c--- c:windowssystem32dllcachenetflx3.sys

2008-10-10 06:28 . 2001-08-17 19:20 54,528 --a--c--- c:windowssystem32dllcacheopl3sax.sys

2008-10-10 06:28 . 2001-08-17 19:49 51,552 --a--c--- c:windowssystem32dllcachentgrip.sys

2008-10-10 06:28 . 2001-08-17 19:12 32,840 --a--c--- c:windowssystem32dllcachengrpci.sys

2008-10-10 06:28 . 2008-04-13 23:24 28,672 --a--c--- c:windowssystem32dllcachenscirda.sys

2008-10-10 06:28 . 2001-09-06 19:02 9,472 --a--c--- c:windowssystem32dllcachentapm.sys

2008-10-10 06:28 . 2001-08-17 20:53 7,552 --a--c--- c:windowssystem32dllcachensmmc.sys

2008-10-10 06:26 . 2008-04-14 20:35 56,832 --a--c--- c:windowssystem32dllcachemsdvbnp.ax

2008-10-10 06:26 . 2008-04-13 23:16 51,200 --a--c--- c:windowssystem32dllcachemsdv.sys

2008-10-10 06:26 . 2008-04-13 23:16 49,024 --a--c--- c:windowssystem32dllcachemstape.sys

2008-10-10 06:26 . 2001-08-17 21:02 35,200 --a--c--- c:windowssystem32dllcachemsgame.sys

2008-10-10 06:26 . 2008-04-13 23:24 22,016 --a--c--- c:windowssystem32dllcachemsircomm.sys

2008-10-10 06:26 . 2001-08-17 20:52 17,280 --a--c--- c:windowssystem32dllcachemraid35x.sys

.

((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-08 12:51 --------- d-----w c:documents and settingsNetworkServiceApplication DataSACore

2008-11-07 16:55 --------- d-----w c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy

2008-11-07 10:33 --------- d-----w c:programVista Inspirat 2

2008-11-06 08:20 --------- d-----w c:documents and settingsAdministratörApplication DataLimeWire

2008-11-06 06:55 --------- d-----w c:programTYPEFACE

2008-11-06 06:55 --------- d-----w c:programSYMBOLS

2008-11-06 06:55 --------- d-----w c:programPALETTES

2008-11-06 06:55 --------- d-----w c:programFONTS

2008-11-06 06:55 --------- d-----w c:programFILTERS

2008-11-06 06:55 --------- d-----w c:programCUSTOM

2008-11-06 06:55 --------- d-----w c:programBANNERS

2008-11-06 06:55 --------- d-----w c:programACTIVITY

2008-11-05 12:09 --------- d-----r c:programPrivat

2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataSiteAdvisor

2008-11-05 06:05 --------- d-----w c:documents and settingsAll UsersApplication DataMcAfee

2008-11-04 20:02 --------- d-----w c:documents and settingsAdministratörApplication DatauTorrent

2008-11-04 19:56 --------- d-----w c:programSystemRequirementsLab

2008-11-04 13:37 --------- d-----w c:programDivX

2008-11-02 18:01 --------- d-----w c:programLimeWire

2008-11-02 11:42 --------- d-----w c:documents and settingsAll UsersApplication DataF-Secure

2008-11-02 11:41 --------- d-----w c:documents and settingsAll UsersApplication Datafssg

2008-11-01 15:41 --------- d--h--w c:programInstallShield Installation Information

2008-10-31 12:39 --------- d-----w c:programApple Software Update

2008-10-31 11:46 --------- d-----w c:programHP

2008-10-31 09:49 --------- d-----w c:programCDBurnerXP

2008-10-31 09:20 --------- d-----w c:programJava

2008-10-30 15:24 --------- d-----w c:programStadkart

2008-10-30 15:22 --------- d-----w c:programUnlocker

2008-10-30 09:41 66,872 ----a-w c:windowssystem32PnkBstrA.exe

2008-10-30 09:41 22,328 ----a-w c:windowssystem32driversPnkBstrK.sys

2008-10-30 09:41 22,328 ----a-w c:documents and settingsAdministratörApplication DataPnkBstrK.sys

2008-10-30 09:41 2,337,865 ----a-w c:windowssystem32pbsvc.exe

2008-10-30 09:41 107,832 ----a-w c:windowssystem32PnkBstrB.exe

2008-10-29 08:37 --------- d-----w c:programDelade filerWise Installation Wizard

2008-10-29 08:03 --------- d-----w c:programAGEIA Technologies

2008-10-28 16:21 --------- d-----w c:programTuneUp Utilities 2008

2008-10-27 18:33 --------- d-----w c:programMicrosoft Silverlight

2008-10-27 18:29 --------- d-----w c:documents and settingsAll UsersApplication DataMicrosoft Help

2008-10-25 10:30 --------- d-----w c:programMicrosoft Visual Studio 8

2008-10-22 15:55 453,152 ----a-w c:windowssystem32NVUNINST.EXE

2008-10-18 10:50 --------- d-----w c:documents and settingsAll UsersApplication DatanView_Profiles

2008-10-18 10:05 --------- d-----w c:programASUS

2008-10-11 16:30 --------- d-----w c:documents and settingsAdministratörApplication DataWebshots

2008-10-10 05:55 --------- d-----w c:programIZArc

2008-10-07 11:33 286,720 ----a-w c:windowssystem32nvnt4cpl.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelTraditionalChinese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSwedish.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSpanish.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelSimplifiedChinese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelPortugese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelKorean.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelJapanese.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelGerman.dll

2008-10-07 08:13 58,648 ----a-w c:windowssystem32AgCPanelFrench.dll

2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCplUI.exe

2008-10-07 08:13 288,024 ----a-w c:windowssystem32PhysXCompatCplUI.exe

2008-10-07 08:13 23,320 ----a-w c:windowssystem32PhysXDevice.dll

2008-10-05 18:52 --------- d-----w c:programQuickTime

2008-10-05 18:52 --------- d-----w c:programDelade filerApple

2008-10-05 18:52 --------- d-----w c:documents and settingsAll UsersApplication DataApple Computer

2008-10-05 18:51 --------- d-----w c:documents and settingsAll UsersApplication DataApple

2008-10-05 12:23 --------- d-----w c:programTHQ

2008-10-04 13:16 --------- d-----w c:documents and settingsAdministratörApplication DataMicrosoft Games

2008-10-03 16:09 --------- d-----w c:programuTorrent

2008-10-01 13:13 --------- d-----w c:documents and settingsLocalServiceApplication DataSACore

2008-10-01 12:23 355,584 ----a-w c:windowssystem32TuneUpDefragService.exe

2008-10-01 07:17 --------- d-----w c:documents and settingsAdministratörApplication DataDivX

2008-09-30 18:44 --------- d-----w c:programElectronic Arts

2008-09-30 15:45 --------- d-----w c:programReference Assemblies

2008-09-30 15:45 --------- d-----w c:programMSBuild

2008-09-30 07:05 --------- d-----w c:documents and settingsAdministratörApplication DataF-Secure

2008-09-29 17:26 --------- d-----w c:programMSXML 4.0

2008-09-29 13:56 215,144 ----a-w c:windowspatchw32.dll

2008-09-29 11:59 --------- d-----w c:programActivision

2008-09-29 11:05 --------- d-----w c:documents and settingsAll UsersApplication DataUbisoft

2008-09-29 10:29 --------- d-----w c:programMicrosoft Games

2008-09-29 10:23 --------- dc-h--w c:documents and settingsAll UsersApplication Data{0691F710-1ECA-4B5A-9727-25554F1BFDC6}

2008-09-29 10:20 --------- d-----w c:programEADM

2008-09-29 10:19 --------- d-----w c:programDelade filerInstallShield

2008-09-29 10:09 --------- d-----w c:programFoxit Software

2008-09-29 10:07 --------- d-----w c:documents and settingsAdministratörApplication DataHP

2008-09-29 10:05 --------- d-----w c:documents and settingsAll UsersApplication DataHP

2008-09-29 10:03 --------- d-----w c:programDelade filerSonic Shared

2008-09-29 10:03 --------- d-----w c:programDelade filerHP

2008-09-29 10:03 --------- d-----w c:documents and settingsAll UsersApplication DataSonic

2008-09-29 10:01 --------- d-----w c:programHewlett-Packard

2008-09-29 10:01 --------- d-----w c:programDelade filerHewlett-Packard

2008-09-29 09:36 --------- d-----w c:programDIFX

2008-09-29 09:27 --------- d-----w c:programGoogle

2008-09-29 09:26 39,397 ----a-w c:programDEISL1.ISU

2008-09-29 09:22 --------- d-----w c:programfilehippo.com

2008-09-29 07:54 60,080 ----a-w c:windowsBricoPackUninst.cmd

2008-09-29 07:54 5,308 ----a-w c:windowsBricoPackFoldersDelete.cmd

2008-09-29 07:54 219,136 ----a-w c:windowssystem32uxtheme.dll

2008-09-29 07:43 --------- d-----w c:documents and settingsAll UsersApplication DataTuneUp Software

2008-09-29 07:43 --------- d-----w c:documents and settingsAdministratörApplication DataTuneUp Software

2008-09-29 07:34 --------- d-----w c:programNätLex

2008-09-29 07:29 --------- d-----w c:programRaxco

2008-09-29 07:29 --------- d-----w c:documents and settingsAll UsersApplication DataRaxco

2008-09-29 07:19 --------- d-----w c:programDAEMON Tools Lite

2008-04-14 19:35 60,416 --sha-w c:windowsBricoPacksSysFiles80_msimn.exe

Link to comment
Share on other sites

Här kommer del två.

------- Sigcheck -------

2008-06-23 16:42  827904  763148c042469c197933ac956e566226 c:windows$hf_mig$KB953838-IE7SP2QFEwininet.dll

2008-08-26 10:12  827904  27431705f27b772f4f7903e4bf96efb2 c:windows$hf_mig$KB956390-IE7SP2QFEwininet.dll

2004-08-04 13:00  656896  9f721bd834534e75661d8f9bd1efdcd7 c:windows$NtServicePackUninstall$wininet.dll

2008-04-14 20:34  666624  b8d98f0cdf9b1429cd95497ad9995078 c:windowsie7wininet.dll

2007-08-13 17:54  818688  a4a0fc92358f39538a6494c42ef99fe9 c:windowsie7updatesKB953838-IE7wininet.dll

2008-06-23 17:42  826368  ce365a16790ec5c5dddc78820949c02e c:windowsie7updatesKB956390-IE7wininet.dll

2008-08-26 09:27  817152  7bd592ed5ff783bf9984dc5fce7288d4 c:windowsServicePackFilesi386wininet.dll

2008-08-26 09:27  817152  7bd592ed5ff783bf9984dc5fce7288d4 c:windowssystem32wininet.dll

2008-08-26 09:27  826368  91a76d98b206723d21612aecbc1d65ce c:windowssystem32dllcachewininet.dll

2008-04-14 20:35  976384  bcda7a0bd489b6cf8427bd37026d7f0d c:windowsexplorer.exe

2004-08-04 13:00  1032704  87a3c8ead27cf3591713d629d8bcb990 c:windows$NtServicePackUninstall$explorer.exe

2008-04-14 20:35  976384  bcda7a0bd489b6cf8427bd37026d7f0d c:windowsServicePackFilesi386explorer.exe

.

(((((((((((((((((((((((((((((  snapshot@2008-11-08_10.50.26,03  )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-07-13 09:54:40 24,576 ----a-w c:windowsMcAfee.comFreeScanavdat.exe

+ 2008-07-09 03:30:00 5,444 ----a-w c:windowsMcAfee.comFreeScanconfig.dat

+ 2008-11-07 14:47:52 156,936 ----a-w c:windowsMcAfee.comFreeScanmcfscan.dll

+ 2008-07-09 03:30:00 3,092,646 ----a-w c:windowsMcAfee.comFreeScanmcscan32.dll

+ 2008-11-07 04:30:00 942,396 ----a-w c:windowsMcAfee.comFreeScannames.DAT

+ 2006-12-18 09:03:00 7,449 ----a-w c:windowsMcAfee.comFreeScanrwabs16.dll

+ 2006-12-18 09:03:10 16,921 ----a-w c:windowsMcAfee.comFreeScanrwabs32.dll

+ 2008-11-07 04:30:00 56,335,896 ----a-w c:windowsMcAfee.comFreeScanscan.DAT

- 2008-11-02 11:42:42 76,862 ----a-w c:windowssystem32perfc009.dat

+ 2008-11-08 10:30:41 76,862 ----a-w c:windowssystem32perfc009.dat

- 2008-11-02 11:42:42 88,992 ----a-w c:windowssystem32perfc01D.dat

+ 2008-11-08 10:30:41 88,992 ----a-w c:windowssystem32perfc01D.dat

- 2008-11-02 11:42:42 454,716 ----a-w c:windowssystem32perfh009.dat

+ 2008-11-08 10:30:41 454,716 ----a-w c:windowssystem32perfh009.dat

- 2008-11-02 11:42:42 456,648 ----a-w c:windowssystem32perfh01D.dat

+ 2008-11-08 10:30:41 456,648 ----a-w c:windowssystem32perfh01D.dat

+ 2008-11-09 10:13:49 16,384 ----atw c:windowsTempPerflib_Perfdata_138.dat

.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"amd_dc_opt"="c:programAMDDual-Core Optimizeramd_dc_opt.exe" [2007-07-23 77824]

"itype"="c:programMicrosoft IntelliType Proitype.exe" [2008-06-10 1442888]

"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-10-23 13672448]

"IntelliPoint"="c:programMicrosoft IntelliPointipoint.exe" [2008-06-10 1406024]

"F-Secure Manager"="c:programTeliaTelias sakerhetstjansterCommonFSM32.EXE" [2008-09-23 182936]

"F-Secure TNB"="c:programTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" [2008-09-23 957024]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:windowssoundman.exe]

c:documents and settingsAll UsersStart-menyProgramAutostart

Personal.lnk - c:programPersonalbinPersonal.exe [2008-09-29 910864]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"MaxRecentDocs"= 2 (0x2)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifya441e429502]

2008-11-06 09:23 135168 c:windowssystem32dpcdll32.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=c:windowsSystem32dpcdll32.dll

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]

"ctfmon.exe"=c:windowssystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]

"UpdatesDisableNotify"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:ProgramMicrosoft OfficeOffice12OUTLOOK.EXE"=

"c:ProgramMicrosoft OfficeOffice12GROOVE.EXE"=

"c:ProgramuTorrentuTorrent.exe"=

"c:ProgramHPDigital Imagingbinhpqtra08.exe"=

"c:ProgramHPDigital Imagingbinhpqste08.exe"=

"c:ProgramHPDigital Imagingbinhpofxm08.exe"=

"c:ProgramHPDigital Imagingbinhposfx08.exe"=

"c:ProgramHPDigital Imagingbinhposid01.exe"=

"c:ProgramHPDigital Imagingbinhpqscnvw.exe"=

"c:ProgramHPDigital Imagingbinhpqkygrp.exe"=

"c:ProgramHPDigital ImagingbinhpqCopy.exe"=

"c:ProgramHPDigital Imagingbinhpfccopy.exe"=

"c:ProgramHPDigital Imagingbinhpzwiz01.exe"=

"c:ProgramHPDigital ImagingUnloadHpqPhUnl.exe"=

"c:ProgramHPDigital ImagingUnloadHpqDIA.exe"=

"c:ProgramHPDigital Imagingbinhpoews01.exe"=

"c:ProgramHPDigital Imagingbinhpqnrs08.exe"=

"c:ProgramMicrosoft GamesGears of WarBinariesWarGame-G4WLive.exe"=

"c:WINDOWSsystem32PnkBstrA.exe"=

"c:WINDOWSsystem32PnkBstrB.exe"=

"c:ProgramElectronic ArtsCrytekCrysisBin32Crysis.exe"=

"c:ProgramElectronic ArtsCrytekCrysisBin32CrysisDedicatedServer.exe"=

"c:ProgramElectronic ArtsMedal of Honor AirborneUnrealEngine3BinariesMOHA.exe"=

"c:ProgramTHQFrontlines-Fuel of WarBinariesFFOW.exe"=

"c:ProgramUbisoftFar Cry 2binFarCry2.exe"=

"c:ProgramUbisoftFar Cry 2binFC2Launcher.exe"=

"c:ProgramUbisoftFar Cry 2binFC2Editor.exe"=

"c:WINDOWSsystem32sessmgr.exe"=

"c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Game.exe"=

"c:ProgramUbisoftTom Clancy's Rainbow Six Vegas 2BinariesR6Vegas2_Launcher.exe"=

"c:ProgramActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileIcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 fsbts;fsbts;c:windowssystem32Driversfsbts.sys [2008-11-02 30856]

R0 FSFW;F-Secure Firewall Driver;c:windowssystem32driversfsdfw.sys [2008-09-23 79904]

R0 nvgts;nvgts;c:windowssystem32DRIVERSnvgts.sys [2008-08-18 145952]

R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2008-06-19 28544]

R2 JavaQuickStarterService;Java Quick Starter;c:programJavajre6binjqs.exe [2008-10-30 152984]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:programMcAfeeSiteAdvisorMcSACore.exe [2008-10-08 203280]

R2 NMSAccessU;NMSAccessU;c:programCDBurnerXPNMSAccessU.exe [2008-06-15 71096]

R2 PD91Agent;PD91Agent;c:programRaxcoPerfectDisk2008PD91Agent.exe [2008-09-09 693512]

R2 UxTuneUp;TuneUp Theme Extension;c:windowsSystem32svchost.exe [2008-04-14 14336]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:programTeliaTelias sakerhetstjansterAnti-Virusminifilterfsgk.sys [2008-09-23 72288]

R3 FSORSPClient;F-Secure ORSP Client;c:programTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe [2008-09-23 55904]

S3 PD91Engine;PD91Engine;c:programRaxcoPerfectDisk2008PD91Engine.exe [2008-09-09 906504]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:windowsSystem32TuneUpDefragService.exe [2008-10-01 355584]

S4 F-Secure Filter;F-Secure File System Filter;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSfilter.sys [2008-09-23 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:programTeliaTelias sakerhetstjansterAnti-VirusWin2KFSrec.sys [2008-09-23 25184]

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost  - NetSvcs

UxTuneUp

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2G]

ShellAutoRuncommand - G:LaunchU3.exe -a

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ace7479c-aa5e-11dd-a583-001a921dc4b4}]

ShellAutoRuncommand - G:LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

2008-10-31 c:windowsTasksMicrosoft_Hardware_Launch_IType_exe.job

- c:programMicrosoft IntelliType Proitype.exe [2008-06-10 12:56]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-09 11:28:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:windowssystem32winlogon.exe

-> c:windowsSystem32dpcdll32.dll

PROCESS: c:windowssystem32lsass.exe

-> c:windowsSystem32dpcdll32.dll

PROCESS: c:windowsexplorer.exe

-> c:programMcAfeeSiteAdvisorsaHook.dll

-> c:windowsSystem32dpcdll32.dll

-> c:windowssystem321543.tmp

.

Completion time: 2008-11-09 11:29:28

ComboFix-quarantined-files.txt  2008-11-09 10:29:24

ComboFix2.txt  2008-11-09 10:10:34

ComboFix3.txt  2008-11-08 13:10:43

ComboFix4.txt  2008-11-08 09:50:44

Pre-Run: 294 424 633 344 byte ledigt

Post-Run: 294,409,621,504 byte ledigt

394

Link to comment
Share on other sites

Hej Tony!

Vet inte riktigt vad du menade med"File:: /Registry:: men jag gör så gott jak kan eftersom jag inte är någon "Dataguru".

Självklart så gör du så gott du kan  ;)

Och jag ser att jag har fått med ett moment för mycket i min instruktion. Ber så mycket om ursäkt för detta  :-[ så går det då man sitter och kopierar och klistrar och inte är uppmärksam  :-[

Registry:: skall inte vara med i proceduren utan enbart File::

Det jag menar med detta är att File:: skall skrivas in i proceduren och skall stå ensam på första raden och direkt där under skall då filerna jag uppgav skrivas in.

Men för att göra det något enklare så tar vi Avenger till hjälp istället då den är lättare att förstå sig på för de flesta användare  ;)

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna mycket noga:

Hämta hem Avenger från nedanstående länk:

http://swandog46.geekstogo.com/avenger.exe

1: Spara ner den till skrivbordet

2: Öppna Anteckningar (Använd INGEN ANNAN texteditor)

3: Kopiera in nedanstående "Fetmarkerade Text" i Anteckningar inklusive rubriken Files to delete:

Files to delete:

c:windowssystem321543.tmp

c:windows_DETMP.1

4: Kontrollera noga att varje filnamn står på endast en rad och inte har delats upp på två rader.

5: Starta Avenger

6: I den stora textboxen klistrar du nu in texten som finns i Anteckningar.

7: Bocka i rutan Scan for rootkits om den inte redan är ibockad.

6: Tryck på Execute för att starta Avenger.

8: Datorn kommer nu att starta om (Kan eventuellt starta om två gånger).

9: Efter en liten stund så kommer loggan (C:avenger.txt) upp, klistra in den loggan hit till din tråd.

10: Gör en ny TM HJT-logga, kopiera in även den

MVH/Malou

Link to comment
Share on other sites

Hej Malou.

Här kommer loggorna.

Mvh.

Tony.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:48:38, on 2008-11-09

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSExplorer.EXE

C:WINDOWSsystem32NOTEPAD.EXE

C:WINDOWSSOUNDMAN.EXE

C:ProgramMicrosoft IntelliType Proitype.exe

C:ProgramMicrosoft IntelliPointipoint.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE

C:WINDOWSsystem32ctfmon.exe

C:ProgramPersonalbinPersonal.exe

C:WINDOWSSystem32alg.exe

C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe

C:WINDOWSSystem32svchost.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

C:ProgramTeliaTelias sakerhetstjansterAnti-VirusFSGK32.EXE

C:ProgramTeliaTelias sakerhetstjansterCommonFSMB32.EXE

C:WINDOWSSystem32svchost.exe

C:ProgramJavajre6binjqs.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFCH32.EXE

C:ProgramMcAfeeSiteAdvisorMcSACore.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsqh.exe

C:ProgramTeliaTelias sakerhetstjansterCommonFAMEH32.EXE

C:ProgramDelade filerMicrosoft SharedVS7DEBUGmdm.exe

C:ProgramTeliaTelias sakerhetstjansterFSPCfspc.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIfsguidll.exe

C:WINDOWSsystem32msiexec.exe

C:ProgramCDBurnerXPNMSAccessU.exe

C:WINDOWSsystem32nvsvc32.exe

C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

C:WINDOWSsystem32HPZipm12.exe

C:WINDOWSsystem32PnkBstrA.exe

C:WINDOWSsystem32PnkBstrB.exe

C:WINDOWSsystem32locator.exe

C:WINDOWSsystem32tcpsvcs.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfssm32.exe

C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

C:WINDOWSsystem32dllhost.exe

C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsus.exe

C:WINDOWSsystem32msdtc.exe

C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsav32.exe

C:WINDOWSsystem32wuauclt.exe

C:ProgramTeliaTelias sakerhetstjansterFSGUIscanwizard.exe

C:WINDOWSexplorer.exe

C:ProgramTrend MicroHijackThisTonys.exe.exe

C:WINDOWSsystem32wbemwmiprvse.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://se.msn.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Länkar

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:ProgramSpybot - Search & DestroySDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:ProgramMicrosoft OfficeOffice12GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgramJavajre6binssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:programmcafeesiteadvisormcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:ProgramJavajre6binjp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:ProgramJavajre6libdeployjqsiejqs_plugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:programmcafeesiteadvisormcieplg.dll

O4 - HKLM..Run: [amd_dc_opt] C:ProgramAMDDual-Core Optimizeramd_dc_opt.exe

O4 - HKLM..Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..Run: [itype] "c:ProgramMicrosoft IntelliType Proitype.exe"

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [intelliPoint] "c:ProgramMicrosoft IntelliPointipoint.exe"

O4 - HKLM..Run: [F-Secure Manager] "C:ProgramTeliaTelias sakerhetstjansterCommonFSM32.EXE" /nosplash

O4 - HKLM..Run: [F-Secure TNB] "C:ProgramTeliaTelias sakerhetstjansterFSGUITNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe

O4 - Global Startup: Personal.lnk = C:ProgramPersonalbinPersonal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgramJavajre6binjp2iexp.dll

O9 - Extra button: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra 'Tools' menuitem: Föräldra-... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:ProgramTeliaTelias sakerhetstjansterFSPCfspcmsie.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:ProgramMI1933~1Office12REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:ProgramSpybot - Search & DestroySDHelper.dll

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.com/v...b?1223566486796

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.framkalla.com/iu/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1222626909125

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222626942546

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/home/onlin.../fshc/fscax.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...427/mcfscan.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:ProgramMicrosoft OfficeOffice12GrooveSystemServices.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:programmcafeesiteadvisormcieplg.dll

O20 - AppInit_DLLs: C:WINDOWSSystem32dpcdll32.dll

O20 - Winlogon Notify: a441e429502 - C:WINDOWSSystem32dpcdll32.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterAnti-Virusfsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFSAUAprogramfsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterFWESProgramfsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterCommonFSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:ProgramTeliaTelias sakerhetstjansterORSP Clientfsorsp.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:ProgramDelade filerInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:ProgramJavajre6binjqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:ProgramMcAfeeSiteAdvisorMcSACore.exe

O23 - Service: NMSAccessU - Unknown owner - C:ProgramCDBurnerXPNMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

O23 - Service: PD91Agent - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Agent.exe

O23 - Service: PD91Engine - Raxco Software, Inc. - C:ProgramRaxcoPerfectDisk2008PD91Engine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:WINDOWSsystem32PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:WINDOWSsystem32PnkBstrB.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:WINDOWSSystem32TuneUpDefragService.exe

--

End of file - 10024 bytes

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "c:windowssystem321543.tmp" deleted successfully.

File "c:windows_DETMP.1" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Link to comment
Share on other sites

Hej Tony!

Såja det här gick ju riktigt bra med att ta Avenger till hjälp  ;)

Då går vi vidare med en fil som jag inte riktigt kommer överens med och inte gillar. Gör en ny scanning av nedanstående fil.

Gör en scanning med nedanstående scanner så får vi se vad den säger för något.

Gå till nedanstående sida:

http://www.virustotal.com/

1: Klistra in följande filnamn i rutan

C:WINDOWSSystem32dpcdll32.dll

2: Tryck på Send och vänta tills resultatet är klart (Status blir Finished).

3: Klistra in resultatet från de olika antivirusprogrammen (inkl. filstorlek) här till din tråd (dock ej Övrig information)

MVH/Malou

Link to comment
Share on other sites

Hej.

Här kommer det som jag tror du efterlyser.

Tony.

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.11.7.1 2008.11.08 -

AntiVir 7.9.0.26 2008.11.07 TR/Spy.Gen

Authentium 5.1.0.4 2008.11.07 W32/Heuristic-KPP!Eldorado

Avast 4.8.1248.0 2008.11.08 Win32:Spyware-gen

AVG 8.0.0.161 2008.11.08 Agent.AJDA

BitDefender 7.2 2008.11.08 -

CAT-QuickHeal 9.50 2008.11.08 -

ClamAV 0.94.1 2008.11.08 -

DrWeb 4.44.0.09170 2008.11.08 DLOADER.Trojan

eSafe 7.0.17.0 2008.11.06 -

eTrust-Vet 31.6.6199 2008.11.08 -

Ewido 4.0 2008.11.08 -

F-Prot 4.4.4.56 2008.11.07 W32/Heuristic-KPP!Eldorado

F-Secure 8.0.14332.0 2008.11.08 Trojan-Downloader.Win32.Agent.aoal

Fortinet 3.117.0.0 2008.11.08 -

GData 19 2008.11.08 Win32:Spyware-gen 

Ikarus T3.1.1.45.0 2008.11.08 -

K7AntiVirus 7.10.520 2008.11.08 -

Kaspersky 7.0.0.125 2008.11.08 Trojan-Downloader.Win32.Agent.aoal

McAfee 5427 2008.11.07 -

Microsoft 1.4104 2008.11.08 -

NOD32 3596 2008.11.07 a variant of Win32/Agent.OAF

Norman 5.80.02 2008.11.07 -

Panda 9.0.0.4 2008.11.08 Suspicious file

PCTools 4.4.2.0 2008.11.08 -

Prevx1 V2 2008.11.08 Malware Downloader

Rising 21.02.52.00 2008.11.08 -

SecureWeb-Gateway 6.7.6 2008.11.08 Trojan.Spy.Gen

Sophos 4.35.0 2008.11.08 Mal/Behav-027

Sunbelt 3.1.1785.2 2008.11.08 -

Symantec 10 2008.11.08 -

TheHacker 6.3.1.1.145 2008.11.08 -

TrendMicro 8.700.0.1004 2008.11.07 -

VBA32 3.12.8.9 2008.11.07 -

ViRobot 2008.11.7.1457 2008.11.07 -

VirusBuster 4.5.11.0 2008.11.08 -

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...