Solved winsaj32.dll TR/Nebuler.J.2

[Resolved] winsaj32.dll TR/Nebuler.J.2

well my antivirus program (avira antivir personal free)
detects winsaj32.dll
and well i dont really now what to do

this is the properties on this file

Type: File
Source: C:\WINDOWS\system32\winsaj32.dll
Status: Infected
Quarantine object: 5e3bf2f0.qua
Restored: NO
Uploaded to Avira: NO
Operating System: Windows 2000/XP/VISTA Workstation
Search engine: 8.02.01.194
Virus definition file: 7.10.05.134
Detection: Is the TR/Nebuler.J.2 Trojan
Date/Time: 2010-04-13, 15:30

sry if i done anything wrong when posting this

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2009-11-24 00:53:34
System Uptime: 2010-04-13 13:41:26 (5 hours ago)

Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 799/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 72 GiB total, 22,818 GiB free.
D: is FIXED (NTFS) - 72 GiB total, 43,339 GiB free.
E: is Removable
F: is CDROM (CDFS)
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0001
Manufacturer: Sun Microsystems, Inc.
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0001
Service: VBoxNetAdp

==== System Restore Points ===================

RP123: 2010-03-09 20:30:19 - Installed Managed DirectX (0901)
RP124: 2010-03-09 20:32:51 - Installed Zoo Tycoon 2 - Extinct Animals
RP125: 2010-03-09 21:40:40 - Installed Zoo Tycoon 2 - African Adventure
RP126: 2010-03-09 21:45:33 - Installed Zoo Tycoon 2 - Marine Mania
RP127: 2010-03-09 21:48:21 - Installed Zoo Tycoon 2 - Extinct Animals
RP128: 2010-03-10 14:50:37 - Software Distribution Service 3.0
RP129: 2010-03-11 16:35:58 - Systemkontrollpunkt
RP130: 2010-03-12 17:52:02 - Systemkontrollpunkt
RP131: 2010-03-14 14:16:28 - Installed Anno 1701
RP132: 2010-03-14 15:17:24 - Removed Anno 1701
RP133: 2010-03-15 17:33:28 - Systemkontrollpunkt
RP134: 2010-03-17 17:26:06 - Systemkontrollpunkt
RP135: 2010-03-19 14:04:16 - Systemkontrollpunkt
RP136: 2010-03-20 18:42:32 - Systemkontrollpunkt
RP137: 2010-03-20 20:59:33 - Compatibility Pack för Office 2007-systemet togs bort
RP138: 2010-03-22 15:45:18 - Systemkontrollpunkt
RP139: 2010-03-22 16:36:56 - Installed Java(TM) SE Development Kit 6 Update 18
RP140: 2010-03-23 15:21:28 - Installed Vegas Pro 9.0
RP141: 2010-03-23 15:39:34 - Removed Vegas Pro 9.0
RP142: 2010-03-23 22:50:16 - Installed SimCity 2000
RP143: 2010-03-25 21:10:37 - Systemkontrollpunkt
RP144: 2010-03-27 08:49:25 - Systemkontrollpunkt
RP145: 2010-03-27 09:21:11 - Installation av osignerad drivrutin
RP146: 2010-03-28 13:02:22 - Systemkontrollpunkt
RP147: 2010-03-28 20:54:59 - TuneUp Utilities installerades
RP148: 2010-03-28 22:54:16 - Removed Master of Orion II
RP149: 2010-03-31 12:20:36 - Systemkontrollpunkt
RP150: 2010-03-31 15:26:07 - Software Distribution Service 3.0
RP151: 2010-03-31 18:36:29 - Installed Microsoft Private Folder 1.0
RP152: 2010-04-01 09:44:06 - Removed Java(TM) 6 Update 18
RP153: 2010-04-01 16:23:01 - TuneUp Utilities togs bort
RP154: 2010-04-01 16:23:49 - Removed TuneUp Utilities Language Pack (en-US)
RP155: 2010-04-01 16:27:56 - Removed Creeper World DEMO
RP156: 2010-04-03 12:28:54 - Systemkontrollpunkt
RP157: 2010-04-04 13:12:53 - Systemkontrollpunkt
RP158: 2010-04-06 12:30:18 - Systemkontrollpunkt
RP159: 2010-04-07 12:40:26 - Systemkontrollpunkt
RP160: 2010-04-07 18:22:13 - Installed Microsoft Office Excel Viewer
RP161: 2010-04-08 13:54:07 - Installed Solstice
RP162: 2010-04-09 14:52:30 - Systemkontrollpunkt
RP163: 2010-04-10 17:32:00 - Systemkontrollpunkt
RP164: 2010-04-12 19:47:37 - Systemkontrollpunkt
RP165: 2010-04-13 15:18:52 - avast! Free Antivirus Setup
RP166: 2010-04-13 15:21:25 - Avira AntiVir Personal - 2010-04-13 15:19

==== Installed Programs ======================


Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.1 - Svenska
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
Age of Mythology
Ashampoo Burning Studio 6 FREE
Ask Toolbar
Asus ACPI Driver
ASUS USB2.0 UVC VGA WebCam
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.2.6
AVIConverter 5.1.0
Avira AntiVir Personal - Free Antivirus
BaboViolent 2.11
Battle for Wesnoth 1.7.9-1.8beta2
Big Fish Games: Game Manager
Black and White
Black and White Creature CD
Bluesoleil 5.2.227.5
Bonjour
BZFlag 2.0.10 (remove only)
Capitalism II
Choice Guard
Conquer Online 2.0
Cosmic Supremacy
Counter-Strike 2D 0.1.1.7
DAEMON Tools Toolbar
Darkeden
DarkSpace 1.521
DarwinBots version 2.01
Data Sync
Eee Docking 1.3.6.0
EeeSplendid
EzMessenger
FontResizer
Free ISO Creator version 2.8
G-Police
Game Maker 8.0
GameSpy Arcade
GIMP 2.6.8
Google Chrome
Google Earth
Google SketchUp Pro 7
Google Toolbar for Internet Explorer
Google Update Helper
Grand Touring
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HyperCam 2
HyperCam Toolbar
Intel(R) Graphics Media Accelerator Driver
iWisoft Flash SWF to Video Converter 3.4
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 19
Java(TM) Platform, Micro Edition Software Development Kit 3.0
Java(TM) SE Development Kit 6 Update 18
Junk Mail filter update
K-Lite Codec Pack 5.5.1 (Standard)
LaCie Ethernet Agent 1.1.0.6
LiveUpdate
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Excel Viewer
Microsoft Private Folder 1.0
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Swedish) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mouse Driver
Mouse Recorder Pro 2
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Notepad++
OpenAL
Pando Media Booster
Perfect Uninstaller v6.3.3.8
Project64 1.6
PunkBuster Services
Quake Live Internet Explorer Plugin
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Roblox for magnus gunnarsson
RollerCoaster Tycoon 2
Segoe UI
SimCity 2000
SimCity 3000
SimCity 4 Deluxe
SimCopter
Skype web features
Skypeâ„¢ 4.1
Snabbkorrigering för Windows Media Player 11 (KB939683)
Snabbkorrigering för Windows XP (KB942288-v3)
Snabbkorrigering för Windows XP (KB952287)
Snabbkorrigering för Windows XP (KB961118)
Snabbkorrigering för Windows XP (KB976098-v2)
Snabbkorrigering för Windows XP (KB979306)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player (KB954155)
Säkerhetsuppdatering för Windows Media Player (KB968816)
Säkerhetsuppdatering för Windows Media Player (KB973540)
Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Säkerhetsuppdatering för Windows Media Player 11 (KB954154)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB938464-v2)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950759)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953155)
Säkerhetsuppdatering för Windows XP (KB953838)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956390)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956744)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB956844)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958215)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958690)
Säkerhetsuppdatering för Windows XP (KB958869)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960714)
Säkerhetsuppdatering för Windows XP (KB960715)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB960859)
Säkerhetsuppdatering för Windows XP (KB961371-v2)
Säkerhetsuppdatering för Windows XP (KB961371)
Säkerhetsuppdatering för Windows XP (KB961373)
Säkerhetsuppdatering för Windows XP (KB961501)
Säkerhetsuppdatering för Windows XP (KB963027)
Säkerhetsuppdatering för Windows XP (KB968537)
Säkerhetsuppdatering för Windows XP (KB969059)
Säkerhetsuppdatering för Windows XP (KB969947)
Säkerhetsuppdatering för Windows XP (KB970238)
Säkerhetsuppdatering för Windows XP (KB970430)
Säkerhetsuppdatering för Windows XP (KB971468)
Säkerhetsuppdatering för Windows XP (KB971486)
Säkerhetsuppdatering för Windows XP (KB971557)
Säkerhetsuppdatering för Windows XP (KB971633)
Säkerhetsuppdatering för Windows XP (KB971657)
Säkerhetsuppdatering för Windows XP (KB972270)
Säkerhetsuppdatering för Windows XP (KB973346)
Säkerhetsuppdatering för Windows XP (KB973354)
Säkerhetsuppdatering för Windows XP (KB973507)
Säkerhetsuppdatering för Windows XP (KB973525)
Säkerhetsuppdatering för Windows XP (KB973869)
Säkerhetsuppdatering för Windows XP (KB973904)
Säkerhetsuppdatering för Windows XP (KB974112)
Säkerhetsuppdatering för Windows XP (KB974318)
Säkerhetsuppdatering för Windows XP (KB974392)
Säkerhetsuppdatering för Windows XP (KB974571)
Säkerhetsuppdatering för Windows XP (KB975025)
Säkerhetsuppdatering för Windows XP (KB975467)
Säkerhetsuppdatering för Windows XP (KB975560)
Säkerhetsuppdatering för Windows XP (KB975561)
Säkerhetsuppdatering för Windows XP (KB975713)
Säkerhetsuppdatering för Windows XP (KB977165)
Säkerhetsuppdatering för Windows XP (KB977914)
Säkerhetsuppdatering för Windows XP (KB978037)
Säkerhetsuppdatering för Windows XP (KB978251)
Säkerhetsuppdatering för Windows XP (KB978262)
Säkerhetsuppdatering för Windows XP (KB978706)
Soldat 1.5.0
Solstice
Soul Reaver 2
Space Empires III
Space General - World War IV
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
StarSonata (remove only)
Sun VirtualBox
Super Hybrid Engine
Sweex LW053 Driver
Synaptics Pointing Device Driver
The Settlers IV
The Sims Deluxe Edition
Total Video Converter 3.50
Tweak UI
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Uppdatering för Windows Internet Explorer 8 (KB971930)
Uppdatering för Windows Internet Explorer 8 (KB976662)
Uppdatering för Windows Internet Explorer 8 (KB976749)
Uppdatering för Windows Internet Explorer 8 (KB980182)
Uppdatering för Windows XP (KB898461)
Uppdatering för Windows XP (KB942763)
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951618-v2)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955759)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB961503)
Uppdatering för Windows XP (KB967715)
Uppdatering för Windows XP (KB968389)
Uppdatering för Windows XP (KB971737)
Uppdatering för Windows XP (KB973687)
Uppdatering för Windows XP (KB973815)
USB FLYING STICK
USB2.0 UVC Camera Device
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live inloggningsassistenten
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Visual C++ 8.0 Runtime Setup Package
YouTube Downloader 2.5.4
YS FLIGHT SIMULATOR
Zoo Tycoon 2 - Dino Danger Pack Installer
Zoo Tycoon 2 - Extinct Animals

==== End Of File ===========================

 

lol sry for posting it 2 times
here it is


DDS (Ver_10-03-17.01) - NTFSx86
Run by magnus gunnarsson at 18:11:46,42 on 2010-04-13
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.149 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Mouse Driver\KMWDSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\EeePC\ACPI\AsAcpiSvr.exe
C:\Program\EeePC\ACPI\AsEPCMon.exe
C:\Program\EeePC\ACPI\AsTray.exe
C:\Program\Asus\LiveUpdate\LiveUpdate.exe
C:\Program\Mouse Driver\StartAutorun.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program\Mouse Driver\KMConfig.exe
C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe
C:\Program\Mouse Driver\KMProcess.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Delade filer\Java\Java Update\jusched.exe
C:\Program\Java\jdk1.6.0_18\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
C:\Program\Pando Networks\Media Booster\PMB.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
D:\DAEMON Tools Lite\DTLite.exe
C:\Program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
D:\Avira\AntiVir Desktop\avguard.exe
D:\Avira\AntiVir Desktop\avshadow.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program\Skype\Plugin Manager\skypePM.exe
d:\avira\antivir desktop\avcenter.exe
d:\avira\antivir desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Mina dokument\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mWinlogon: UIHost=c:\windows\system32\logonui.exe
BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program\hypercam toolbar\tbcore3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program\daemon tools toolbar\DTToolbar.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program\hypercam toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LaCie Ethernet Agent Startup] "c:\program\lacie\ethernet agent\LaCie Ethernet Agent.exe "
uRun: [Google Update] "c:\documents and settings\magnus gunnarsson\lokala inställningar\application data\google\update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] c:\program\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Skype] "c:\program\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe
mRun: [SynAsusAcpi] c:\program\synaptics\syntp\SynAsusAcpi.exe
mRun: [AsusACPIServer] c:\program\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program\eeepc\acpi\AsTray.exe
mRun: [LiveUpdate] c:\program\asus\liveupdate\LiveUpdate.exe auto
mRun: [KMCONFIG] c:\program\mouse driver\StartAutorun.exe KMConfig.exe
mRun: [Adobe Photo Downloader] "c:\program\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe "
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [BtTray] "c:\program\ivt corporation\bluesoleil\BtTray.exe "
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program\delade filer\adobe\arm\1.0\AdobeARM.exe "
mRun: [Java(TM) ME Platform SDK 3.0] "c:\java_me_platform_sdk_3.0\bin\device-manager.exe "
mRun: [ISUSPM Startup] c:\program\delade~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program\delade filer\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe "
mRun: [avgnt] "d:\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\superh~1.lnk - c:\program\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\networ~1.lnk - \\networkspace\myshare
IE: E&xportera till Microsoft Excel - c:\program\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Skicka till &Bluetooth-enhet... - c:\program\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Skicka till Bluetooth - c:\program\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\magnus~1\applic~1\mozilla\firefox\profiles\jw1t28dz.default\
FF - plugin: c:\documents and settings\magnus gunnarsson\application data\mozilla\firefox\profiles\jw1t28dz.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\lokala instã¤llningar\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\lokala instã¤llningar\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.visited_color ", "#551A8B ");
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program\mozilla firefox\defaults\pref\firefox-l10n.js - pref( "browser.fixup.alternate.suffix ", ".se ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.videoFeeds.handler ", "ask ");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 21512]
R1 avgio;avgio;d:\avira\antivir desktop\avgio.sys [2010-4-13 11608]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-1-31 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-1-31 41616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira\antivir desktop\sched.exe [2010-4-13 135336]
R2 AntiVirService;Avira AntiVir Guard;d:\avira\antivir desktop\avguard.exe [2010-4-13 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-13 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-1 55152]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program\mouse driver\KMWDSrv.exe [2008-6-23 208896]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-4-21 70912]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-8-27 38912]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-12-17 110096]
RUnknown aswFsBlk;aswFsBlk; [x]
RUnknown aswSP;aswSP; [x]
RUnknown avast! Antivirus;avast! Antivirus; [x]
S2 gupdate;Google Update Service (gupdate);c:\program\google\update\GoogleUpdate.exe [2009-11-25 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-9-1 1684736]
S3 fsssvc;Windows Live Family Safety;c:\program\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GWHid;VL807 Hidmini driver;c:\windows\system32\drivers\GWHid.sys [2009-11-25 18992]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-9-1 1015424]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-8-27 39040]
S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [2009-11-25 27184]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]

=============== Created Last 30 ================

2010-04-13 15:37:00 39424 ----a-w- c:\windows\system32\winsaj32.dll
2010-04-13 13:31:33 0 d-----w- c:\docume~1\magnus~1\applic~1\Avira
2010-04-13 13:27:04 0 d-----w- c:\windows\system32\NtmsData
2010-04-13 13:21:27 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-13 13:21:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-12 18:53:26 3536 ----a-w- c:\documents and settings\magnus gunnarsson\.recently-used.xbel
2010-04-11 18:45:47 0 d-----w- c:\documents and settings\magnus gunnarsson\.thumbnails
2010-04-11 18:42:50 0 d-----w- c:\documents and settings\magnus gunnarsson\.gimp-2.6
2010-04-08 15:34:20 0 d-----w- c:\docume~1\magnus~1\applic~1\Secret of the Solstice
2010-04-08 11:54:08 0 d-----w- c:\program\Outspark
2010-04-07 16:20:55 0 d-----w- c:\program\MSECache
2010-04-01 07:45:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-31 16:43:08 0 d-----r- c:\documents and settings\magnus gunnarsson\My Private Folder
2010-03-31 16:36:30 0 d-----w- c:\program\Microsoft Private Folder 1.0
2010-03-31 16:04:46 0 d-----w- c:\documents and settings\magnus gunnarsson\Personal
2010-03-31 15:26:28 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-03-31 15:26:28 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-03-29 21:25:42 0 d-----w- c:\docume~1\magnus~1\applic~1\TeamViewer
2010-03-28 21:04:29 2286080 ----a-w- c:\windows\system32\TUKernel.exe
2010-03-28 18:55:16 0 d-----w- c:\docume~1\magnus~1\applic~1\TuneUp Software
2010-03-28 18:54:40 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2010-03-28 18:47:20 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-27 15:53:12 0 ----a-w- c:\documents and settings\magnus gunnarsson\jagex__preferences3.dat
2010-03-25 21:04:59 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-25 21:04:59 0 d-----w- c:\program\delade filer\Common Share
2010-03-25 21:04:58 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-03-25 21:04:55 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-03-23 16:13:37 67 ----a-w- c:\windows\swf2avi.INI
2010-03-23 16:11:54 758018 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-23 16:11:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-23 16:11:54 139264 ----a-w- c:\windows\system32\xvid.ax
2010-03-22 15:48:31 0 d-----w- c:\documents and settings\magnus gunnarsson\.netbeans
2010-03-22 15:47:35 0 d-----w- c:\documents and settings\magnus gunnarsson\javame-sdk
2010-03-22 15:42:51 0 d-----w- C:\Java_ME_platform_SDK_3.0
2010-03-22 15:24:48 0 d-----w- c:\documents and settings\magnus gunnarsson\.javame-sdk
2010-03-21 20:17:01 0 d-----w- c:\program\directx
2010-03-21 20:17:01 0 ----a-w- c:\windows\DXT3E7.tmp
2010-03-21 20:17:01 0 ----a-w- c:\windows\DXT3E6.tmp
2010-03-21 20:17:01 0 ----a-w- c:\windows\DXT3E5.tmp
2010-03-21 20:17:01 0 ----a-w- c:\windows\DXT3E4.tmp
2010-03-21 20:17:01 0 ----a-w- c:\windows\DXT3E3.tmp
2010-03-21 20:17:01 0 ----a-w- c:\windows\DXT3E2.tmp
2010-03-21 11:28:54 1085360 ----a-w- c:\windows\system32\webster.ocx
2010-03-21 11:07:10 132096 ----a-w- c:\windows\system32\sst1init.dll
2010-03-21 11:07:09 263168 ----a-w- c:\windows\system32\glide.dll
2010-03-21 09:08:42 297472 ----a-w- c:\windows\uninst.exe
2010-03-21 08:53:13 0 d-----w- c:\docume~1\magnus~1\applic~1\Earthsim
2010-03-21 08:48:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Earthsim
2010-03-20 19:20:21 42 ----a-w- c:\windows\system32\Jiii_PNUCT.pnc
2010-03-20 19:04:33 42 ----a-w- c:\windows\system32\AK083E209605E394C.lie
2010-03-20 19:04:28 0 d-----w- c:\program\Perfect Uninstaller
2010-03-19 16:03:17 20976 ----a-w- c:\windows\system\CTL3D.DLL
2010-03-19 16:03:17 136448 ----a-w- c:\windows\RMTOOLS.DLL

==================== Find3M ====================

2010-04-12 15:25:07 75 ----a-w- c:\documents and settings\magnus gunnarsson\jagex_runescape_preferences2.dat
2010-04-12 15:23:07 41 ----a-w- c:\documents and settings\magnus gunnarsson\jagex_runescape_preferences.dat
2010-04-07 16:30:05 1080 ----a-w- c:\docume~1\magnus~1\applic~1\wklnhst.dat
2010-04-01 07:45:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 22:38:44 509226 ----a-w- c:\windows\system32\perfh01D.dat
2010-03-28 22:38:44 108010 ----a-w- c:\windows\system32\perfc01D.dat
2010-03-14 13:24:14 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-14 13:24:13 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-13 22:01:03 28400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-05 12:07:52 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-05 12:07:27 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-05 11:44:08 138056 ----a-w- c:\docume~1\magnus~1\applic~1\PnkBstrK.sys
2010-03-05 11:43:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-05 11:43:43 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-02-27 19:51:47 0 ----a-r- C:\logwmemory.bin
2010-02-25 06:19:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-18 17:51:09 32 ----a-w- c:\docume~1\alluse~1\applic~1\ezsid.dat
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-04 17:48:06 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-04 17:48:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-04 09:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-20 19:27:52 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-09-01 05:36:20 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-09-01 05:36:28 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\application data\microsoft\feeds cache\index.dat
2009-11-23 23:49:17 32768 --sha-w- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012009112420091125\index.dat

============= FINISH: 18:14:17,59 ===============

 

ok problems

i entered http://www.gmer.net/files.php
then i pressed "download exe "
then i downloaded
then i started it
then i got bluescreen
then i restarted

and now im here again... what now?

 

well used used that program i downloaded by "download exe "
first try: bluescreen when started
second try: bluescreen after a half min
tihrd try: bluescreen after about 3 - 5 hours

ok either the program doesent work or the virus nows (problaby)

C:\WINDOWS\system32\winsaj32.dll

 

ComboFix 10-04-14.03 - magnus gunnarsson 2010-04-15 16:03:58.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.610 [GMT 2:00]
Körs från: c:\documents and settings\magnus gunnarsson\Skrivbord\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\MAGNUS~1\LOKALA~1\Temp\install_flash_player.exe
c:\documents and settings\magnus gunnarsson\Recent\Thumbs.db
C:\Documents
c:\program\HyperCam Toolbar\tbHElper.dll
c:\recycler\S-1-5-21-1409082233-706699826-527237240-1003
c:\windows\system32\Thumbs.db

Infekterad kopia av c:\windows\system32\kernel32.dll hittades och desinficerades.
Återställd kopia från - c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

.
(((((((((((((((((((((((( Filer Skapade från 2010-03-15 till 2010-04-15 ))))))))))))))))))))))))))))))
.

2010-04-15 13:28 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 21:15 . 2010-04-14 21:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2010-04-14 21:15 . 2010-04-14 21:15 -------- d-----r- c:\documents and settings\LocalService\Favoriter
2010-04-13 15:37 . 2010-04-13 15:37 39424 ----a-w- c:\windows\system32\winsaj32.dll
2010-04-13 13:31 . 2010-04-13 13:31 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Avira
2010-04-13 13:27 . 2010-04-14 21:23 -------- d-----w- c:\windows\system32\NtmsData
2010-04-13 13:21 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-13 13:21 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-13 13:21 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-13 13:21 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-13 13:21 . 2010-04-13 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-11 18:45 . 2010-04-11 19:17 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\gtk-2.0
2010-04-11 18:45 . 2010-04-11 18:45 -------- d-----w- c:\documents and settings\magnus gunnarsson\.thumbnails
2010-04-11 18:42 . 2010-04-12 18:59 -------- d-----w- c:\documents and settings\magnus gunnarsson\.gimp-2.6
2010-04-08 15:34 . 2010-04-08 15:34 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Secret of the Solstice
2010-04-08 11:54 . 2010-04-08 12:00 -------- d-----w- c:\program\Outspark
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-----w- c:\program\MSECache
2010-03-31 16:43 . 2010-04-14 13:14 -------- d-----r- c:\documents and settings\magnus gunnarsson\My Private Folder
2010-03-31 16:36 . 2010-03-31 16:36 -------- d-----w- c:\program\Microsoft Private Folder 1.0
2010-03-31 16:04 . 2010-03-31 16:04 -------- d-----w- c:\documents and settings\magnus gunnarsson\Personal
2010-03-31 15:26 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-03-29 21:25 . 2010-03-29 21:25 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\TeamViewer
2010-03-29 17:42 . 2010-03-29 17:42 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Media Player Classic
2010-03-28 21:04 . 2010-03-28 21:04 2286080 ----a-w- c:\windows\system32\TUKernel.exe
2010-03-28 18:55 . 2010-03-28 18:55 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\TuneUp Software
2010-03-28 18:54 . 2010-04-01 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-03-28 18:47 . 2010-03-28 18:47 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-27 15:53 . 2010-03-27 15:53 0 ----a-w- c:\documents and settings\magnus gunnarsson\jagex__preferences3.dat
2010-03-25 21:04 . 2010-03-25 21:05 -------- d-----w- c:\program\Delade filer\Common Share
2010-03-25 21:04 . 2008-12-18 12:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-25 21:04 . 2008-12-18 12:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-03-25 21:04 . 2008-12-18 12:38 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-03-23 16:11 . 2009-09-14 09:36 758018 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-23 16:11 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Publish Providers
2010-03-23 14:25 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Sony
2010-03-23 14:22 . 2010-03-23 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-03-22 17:06 . 2010-03-22 17:08 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Template
2010-03-22 15:48 . 2010-03-22 15:48 -------- d-----w- c:\documents and settings\magnus gunnarsson\.netbeans
2010-03-22 15:47 . 2010-03-22 15:48 -------- d-----w- c:\documents and settings\magnus gunnarsson\javame-sdk
2010-03-22 15:42 . 2010-03-22 15:47 -------- d-----w- C:\Java_ME_platform_SDK_3.0
2010-03-22 15:24 . 2010-03-30 17:43 -------- d-----w- c:\documents and settings\magnus gunnarsson\.javame-sdk
2010-03-21 20:17 . 2010-03-21 20:17 -------- d-----w- c:\program\directx
2010-03-21 15:46 . 2010-03-21 15:52 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\IGN_DLM
2010-03-21 11:07 . 1997-01-23 12:41 132096 ----a-w- c:\windows\system32\sst1init.dll
2010-03-21 11:07 . 1997-01-23 12:45 263168 ----a-w- c:\windows\system32\glide.dll
2010-03-21 09:08 . 1996-07-18 12:06 297472 ----a-w- c:\windows\uninst.exe
2010-03-21 08:53 . 2010-03-21 08:53 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Earthsim
2010-03-21 08:48 . 2010-03-21 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Earthsim
2010-03-20 19:04 . 2010-03-29 21:03 -------- d-----w- c:\program\Perfect Uninstaller
2010-03-19 16:03 . 1996-03-18 23:00 136448 ----a-w- c:\windows\RMTOOLS.DLL
2010-03-19 16:03 . 1994-09-15 23:00 20976 ----a-w- c:\windows\system\CTL3D.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 14:38 . 2009-11-24 13:32 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Skype
2010-04-15 14:37 . 2009-11-28 09:48 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\skypePM
2010-04-15 14:29 . 2010-01-03 12:21 -------- d-----w- c:\program\HyperCam Toolbar
2010-04-15 13:28 . 2009-11-27 17:44 -------- d-----w- c:\program\Java
2010-04-12 15:25 . 2009-11-28 09:20 75 ----a-w- c:\documents and settings\magnus gunnarsson\jagex_runescape_preferences2.dat
2010-04-12 15:23 . 2009-11-28 09:19 41 ----a-w- c:\documents and settings\magnus gunnarsson\jagex_runescape_preferences.dat
2010-04-11 18:42 . 2010-01-29 18:00 -------- d-----w- c:\program\Easy Icon Maker
2010-04-08 11:54 . 2009-09-01 04:36 -------- d--h--w- c:\program\InstallShield Installation Information
2010-04-08 09:13 . 2009-11-28 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-04-07 16:30 . 2009-11-24 00:01 1080 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\wklnhst.dat
2010-04-01 17:01 . 2009-12-31 21:32 -------- d-----w- c:\program\Delade filer\AVSMedia
2010-04-01 17:00 . 2009-12-31 21:32 -------- d-----w- c:\program\AVS4YOU
2010-04-01 15:46 . 2009-09-01 04:36 -------- d-----w- c:\program\Delade filer\InstallShield
2010-04-01 08:02 . 2009-11-27 17:44 -------- d-----w- c:\program\Delade filer\Java
2010-03-29 19:52 . 2010-03-29 19:07 2788864 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
2010-03-29 18:21 . 2009-09-01 05:20 -------- d-----w- c:\program\Windows Live
2010-03-28 22:38 . 2009-09-01 03:52 509226 ----a-w- c:\windows\system32\perfh01D.dat
2010-03-28 22:38 . 2009-09-01 03:52 108010 ----a-w- c:\windows\system32\perfc01D.dat
2010-03-25 09:27 . 2010-03-25 09:27 1107264 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-23 21:50 . 2010-03-23 21:50 9662 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{8D52E0F9-17A0-493B-8692-937381DDB62B}\SIMCITY.EXE_8D52E0F917A0493B8692937381DDB62B.EXE
2010-03-23 21:50 . 2010-03-23 21:50 8854 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{8D52E0F9-17A0-493B-8692-937381DDB62B}\Uninstall_SimCity_20_8D52E0F917A0493B8692937381DDB62B.exe
2010-03-23 21:50 . 2010-03-23 21:50 10134 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{8D52E0F9-17A0-493B-8692-937381DDB62B}\ARPPRODUCTICON.exe
2010-03-23 15:37 . 2009-09-01 05:16 -------- d-----w- c:\program\Delade filer\Adobe
2010-03-22 15:38 . 2010-01-31 14:25 -------- d-----w- c:\program\Sun
2010-03-21 20:17 . 2010-03-21 20:17 0 ----a-w- c:\windows\DXT3E7.tmp
2010-03-21 20:17 . 2010-03-21 20:17 0 ----a-w- c:\windows\DXT3E6.tmp
2010-03-21 20:17 . 2010-03-21 20:17 0 ----a-w- c:\windows\DXT3E5.tmp
2010-03-21 20:17 . 2010-03-21 20:17 0 ----a-w- c:\windows\DXT3E4.tmp
2010-03-21 20:17 . 2010-03-21 20:17 0 ----a-w- c:\windows\DXT3E3.tmp
2010-03-21 20:17 . 2010-03-21 20:17 0 ----a-w- c:\windows\DXT3E2.tmp
2010-03-20 18:46 . 2009-09-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 16:14 . 2010-03-03 18:27 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Notepad++
2010-03-17 17:01 . 2010-03-07 17:21 -------- d-----w- c:\program\Ask.com
2010-03-17 08:50 . 2010-04-03 17:02 681472 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
2010-03-14 13:24 . 2010-03-14 13:24 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-14 13:24 . 2010-03-14 13:24 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-13 22:01 . 2009-09-01 03:52 28400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-13 16:45 . 2010-03-13 16:45 -------- d-----w- c:\program\Microsoft Synchronization Services
2010-03-13 16:45 . 2009-09-01 05:22 -------- d-----w- c:\program\Microsoft SQL Server Compact Edition
2010-03-13 16:44 . 2010-03-13 16:44 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-03-13 16:43 . 2009-11-25 20:41 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-13 12:07 . 2010-03-05 12:34 8854 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-03-13 12:07 . 2010-03-05 12:34 40960 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-03-13 12:07 . 2010-03-05 12:34 40960 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-03-10 21:19 . 2010-03-10 21:01 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\FreeOrion
2010-03-10 06:17 . 2009-09-01 03:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 21:18 . 2010-03-09 21:18 -------- d-----w- c:\program\Oberon Media
2010-03-09 20:51 . 2009-11-25 16:24 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft Games
2010-03-07 18:08 . 2010-03-07 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-03-07 17:13 . 2010-02-01 18:07 -------- d-----w- c:\program\Free ISO Creator
2010-03-07 16:19 . 2010-03-07 16:19 -------- d-----w- c:\program\ElcomSoft
2010-03-06 11:41 . 2010-03-06 11:41 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Toribash
2010-03-06 09:41 . 2010-03-06 09:41 -------- d-----w- c:\program\Delade filer\DirectX
2010-03-05 12:07 . 2010-03-04 18:20 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-05 12:07 . 2010-01-20 19:26 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-05 11:44 . 2010-03-04 18:20 138056 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\PnkBstrK.sys
2010-03-05 11:44 . 2010-03-04 18:20 138056 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\PnkBstrK.sys
2010-03-05 11:43 . 2010-01-20 19:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-05 11:43 . 2010-03-04 18:20 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-03-05 08:06 . 2010-03-05 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-03-05 08:06 . 2010-01-06 19:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-05 08:05 . 2010-03-05 08:05 -------- d-----w- c:\program\bfgclient
2010-02-28 12:39 . 2009-11-25 05:33 -------- d-----w- c:\program\OpenAL
2010-02-27 20:07 . 2010-02-27 19:51 114688 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Soldat\Battleye\BEClient.dll
2010-02-27 19:51 . 2010-02-27 19:51 0 ----a-r- C:\logwmemory.bin
2010-02-27 19:49 . 2010-02-27 19:49 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Soldat
2010-02-26 21:10 . 2010-02-26 21:10 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\godzHell
2010-02-26 17:35 . 2010-02-26 17:35 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Mouse Recorder Pro
2010-02-25 06:19 . 2009-09-01 03:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-09-01 03:52 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 21:28 . 2009-09-01 05:17 -------- d-----w- c:\program\Microsoft Works
2010-02-20 13:38 . 2010-02-20 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-20 13:38 . 2009-11-23 18:37 -------- d-----w- c:\program\Google
2010-02-18 17:51 . 2010-02-18 17:51 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2010-02-16 19:09 . 2008-04-14 21:14 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:09 . 2008-04-14 21:13 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 17:02 . 2010-02-16 17:02 0 ----a-w- c:\windows\PowerReg.dat
2010-02-15 18:38 . 2010-02-15 14:53 -------- d-----w- c:\program\Delade filer\Adobe AIR
2010-02-15 18:38 . 2010-02-15 14:54 38784 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-15 15:11 . 2010-02-15 14:54 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\CreeperWorld
2010-02-15 14:54 . 2010-02-15 14:54 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\CreeperWorldDEMO.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
2010-02-14 18:17 . 2010-02-14 18:02 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\.freeciv
2010-02-12 10:03 . 2010-03-06 08:19 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2009-09-01 03:52 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-09-01 03:52 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 06:27 . 2010-02-08 06:27 503808 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-129777d2-n\msvcp71.dll
2010-02-08 06:27 . 2010-02-08 06:27 348160 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-129777d2-n\msvcr71.dll
2010-02-08 06:27 . 2010-02-08 06:27 499712 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-129777d2-n\jmc.dll
2010-02-08 06:27 . 2010-02-08 06:27 61440 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f77ee2a-n\decora-sse.dll
2010-02-08 06:27 . 2010-02-08 06:27 12800 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f77ee2a-n\decora-d3d.dll
2010-02-07 18:23 . 2010-02-07 18:24 919840 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\JRERunOnce.exe
2010-02-04 17:48 . 2009-11-25 05:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-04 17:48 . 2009-11-25 05:33 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-04 09:01 . 2010-02-22 18:09 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-22 18:09 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-22 18:09 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-22 18:09 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-29 18:58 . 2010-01-29 18:58 1585608 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-01-20 19:42 . 2010-01-20 19:39 461888 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-01-20 19:39 . 2010-01-20 19:39 367680 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaCie Ethernet Agent Startup "= "c:\program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe" [2008-06-19 4091904]
"Google Update "= "c:\documents and settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]
"Pando Media Booster "= "c:\program\Pando Networks\Media Booster\PMB.exe" [2009-11-28 2923192]
"swg "= "c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-29 39408]
"Skype "= "c:\program\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"DAEMON Tools Lite "= "d:\daemon tools lite\DTLite.exe" [2010-04-01 357696]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL "= "RTHDCPL.EXE" [2009-04-27 17881088]
"SynTPEnh "= "c:\program\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi "= "c:\program\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"AsusACPIServer "= "c:\program\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor "= "c:\program\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray "= "c:\program\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"LiveUpdate "= "c:\program\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"KMCONFIG "= "c:\program\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe Photo Downloader "= "c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-15 110592]
"BtTray "= "c:\program\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-19 231424]
"QuickTime Task "= "c:\program\QuickTime\qttask.exe" [2010-01-06 417792]
"Adobe ARM "= "c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Java(TM) ME Platform SDK 3.0 "= "c:\java_me_platform_sdk_3.0\bin\device-manager.exe" [2009-04-09 102400]
"ISUSPM Startup "= "c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler "= "c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched "= "c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt "= "d:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
SuperHybridEngine.lnk - c:\program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-9-1 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "c:\windows\system32\logonui.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsaj32]
2010-04-13 15:37 39424 ----a-w- c:\windows\system32\winsaj32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program\\Java\\jdk1.6.0_18\\bin\\javaw.exe "=
"c:\\Program\\Pando Networks\\Media Booster\\PMB.exe "=
"d:\\bnw\\runblack.exe "=
"d:\\GameCQ\\.Cache\\DarkSpace\\DarkSpaceClient.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
"d:\\Soldat\\Soldat.exe "=
"d:\\YSFLIGHT\\fsmaindx.exe "=
"c:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe "=
"d:\\YSFLIGHT\\fsmain.exe "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\Program\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57493:TCP "= 57493:TCPando Media Booster
"57493:UDP "= 57493:UDPando Media Booster
"16151:TCP "= 16151:TCPpen port
"15161:TCP "= 15161:TCPen port
"16151:UDP "= 16151:UDPpen port
"3105:TCP "= 3105:TCP:firewall/nat
"3105:UDP "= 3105:UDP:firewall
"1034:TCP "= 1034:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-01-21 21512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-01 691696]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-01-31 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-01-31 41616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira\AntiVir Desktop\sched.exe [2010-04-13 135336]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program\Mouse Driver\KMWDSrv.exe [2008-06-23 208896]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-01-21 26248]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-08-27 38912]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-12-17 110096]
S2 gupdate;Google Update Service (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-09-01 1684736]
S3 GWHid;VL807 Hidmini driver;c:\windows\system32\drivers\GWHid.sys [2009-11-25 18992]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-09-01 1015424]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-08-27 39040]
S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [2009-11-25 27184]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2009-11-25 15:42]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2009-11-25 15:42]

2010-04-14 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportera till Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Skicka till &Bluetooth-enhet... - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka till Bluetooth - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
FF - ProfilePath - c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref( "browser.fixup.alternate.suffix ", ".se ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-{373B1718-8CC5-4567-8EE2-9033AD08A680} - c:\documents and settings\magnus gunnarsson\Lokala inställningar\Application Data\RobloxVersions\version-3a86e3c87aac48ab\Roblox.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 16:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys hal.dll ACPI.sys iaStor.sys spvs.sys >>UNKNOWN [0x86F87938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf769bf28
\Driver\ACPI -> ACPI.sys @ 0xf7503cb8
\Driver\iaStor -> iaStor.sys @ 0xf743c720
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(1916)
c:\windows\system32\winsaj32.dll

- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
d:\avira\AntiVir Desktop\avguard.exe
c:\program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
d:\avira\AntiVir Desktop\avshadow.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\rundll32.exe
c:\program\Mouse Driver\KMConfig.exe
c:\program\Mouse Driver\KMProcess.exe
c:\program\Java\jdk1.6.0_18\bin\javaw.exe
c:\documents and settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program\Internet Explorer\IEXPLORE.EXE
c:\program\Internet Explorer\IEXPLORE.EXE
c:\program\Skype\Plugin Manager\skypePM.exe
c:\program\Internet Explorer\IEXPLORE.EXE
c:\program\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Sluttid: 2010-04-15 16:43:13 - datorn startades om.
ComboFix-quarantined-files.txt 2010-04-15 14:43

Före genomsökningen: 28*384*362*496 byte ledigt
Efter genomsökningen: 32*251*949*056 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /TUTag=S6HYWO /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=S6HYWO-BAK

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7BB21B0A96147E036316B4BAB7479AC5

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:52, on 2010-04-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir Desktop\sched.exe
D:\Avira\AntiVir Desktop\avguard.exe
C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Avira\AntiVir Desktop\avshadow.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\Program\Mouse Driver\KMWDSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\EeePC\ACPI\AsAcpiSvr.exe
C:\Program\EeePC\ACPI\AsEPCMon.exe
C:\Program\EeePC\ACPI\AsTray.exe
C:\Program\Asus\LiveUpdate\LiveUpdate.exe
C:\Program\Mouse Driver\StartAutorun.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\Mouse Driver\KMConfig.exe
C:\Program\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program\Mouse Driver\KMProcess.exe
C:\WINDOWS\System32\svchost.exe
C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\Delade filer\Java\Java Update\jusched.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe
C:\Program\Java\jdk1.6.0_18\bin\javaw.exe
C:\Program\Pando Networks\Media Booster\PMB.exe
C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program\Skype\Phone\Skype.exe
D:\DAEMON Tools Lite\DTLite.exe
C:\Program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Skype\Plugin Manager\skypePM.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Chrome\Application\chrome.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [LiveUpdate] C:\Program\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [KMCONFIG] C:\Program\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BtTray] "C:\Program\IVT Corporation\BlueSoleil\BtTray.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [Java(TM) ME Platform SDK 3.0] "C:\Java_ME_platform_SDK_3.0\bin\device-manager.exe "
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe "
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LaCie Ethernet Agent Startup] "C:\Program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [swg] "C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O4 - Global Startup: Network Space.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Skicka till &Bluetooth-enhet... - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Skicka till Bluetooth - C:\Program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O20 - Winlogon Notify: winsaj32 - C:\WINDOWS\SYSTEM32\winsaj32.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program\Mouse Driver\KMWDSrv.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program\Microsoft Private Folder 1.0\PrfldSvc.exe

--
End of file - 12490 bytes

 

what... i posted the 2 log files for 10 hours ago, why arent they here

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-880824880-3436134146-2971665550-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\magnus gunnarsson

SystemRoot REG_SZ C:\WINDOWS

 

ok gmer workt in secure mode

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-16 19:00:05
Windows 5.1.2600 Service Pack 3
Running: 8iz2jxex.exe; Driver: C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\pwtdypob.sys


---- System - GMER 1.0.15 ----

SSDT sprt.sys ZwCreateKey [0xF75440E0]
SSDT sprt.sys ZwEnumerateKey [0xF755CDA4]
SSDT sprt.sys ZwEnumerateValueKey [0xF755D132]
SSDT sprt.sys ZwOpenKey [0xF75440C0]
SSDT sprt.sys ZwQueryKey [0xF755D20A]
SSDT sprt.sys ZwQueryValueKey [0xF755D08A]
SSDT sprt.sys ZwSetValueKey [0xF755D29C]

INT 0x63 ? 864FFBF8
INT 0x83 ? 864FFBF8
INT 0x94 ? 864FFBF8
INT 0xB4 ? 86FD6BF8

---- Kernel code sections - GMER 1.0.15 ----

? sprt.sys Det går inte att hitta filen. !
.text USBPORT.SYS!DllUnload F71D28AC 5 Bytes JMP 864FF1D8
.text a6pgzjdr.SYS F70D3386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6pgzjdr.SYS F70D33AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6pgzjdr.SYS F70D33C4 3 Bytes [00, 80, 02]
.text a6pgzjdr.SYS F70D33C9 1 Byte [30]
.text a6pgzjdr.SYS F70D33C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7554B90] sprt.sys
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a6pgzjdr.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD51F8
Device \FileSystem\Fastfat \FatCdrom 863081F8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8644A500
Device \Driver\usbuhci \Device\USBPDO-1 8644A500
Device \Driver\usbuhci \Device\USBPDO-2 8644A500
Device \Driver\usbuhci \Device\USBPDO-3 8644A500
Device \Driver\usbehci \Device\USBPDO-4 86507500
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F671F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F671F8
Device \Driver\Cdrom \Device\CdRom0 864A61F8
Device \Driver\PCI_PNP8930 \Device\00000059 sprt.sys
Device \Driver\Cdrom \Device\CdRom1 864A61F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F671F8
Device \Driver\iaStor \Device\Ide\iaStor0 [F743C720] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F743C720] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 86F671F8
Device \Driver\usbstor \Device\00000082 8631C500
Device \Driver\usbstor \Device\00000083 8631C500
Device \Driver\usbstor \Device\00000087 8631C500
Device \Driver\usbstor \Device\00000088 8631C500
Device \Driver\sptd \Device\835716430 sprt.sys
Device \Driver\usbuhci \Device\USBFDO-0 8644A500
Device \Driver\usbuhci \Device\USBFDO-1 8644A500
Device \Driver\usbuhci \Device\USBFDO-2 8644A500
Device \Driver\usbuhci \Device\USBFDO-3 8644A500
Device \Driver\usbehci \Device\USBFDO-4 86507500
Device \Driver\Ftdisk \Device\FtControl 86F671F8
Device \Driver\a6pgzjdr \Device\Scsi\a6pgzjdr1Port1Path0Target0Lun0 864B41F8
Device \Driver\a6pgzjdr \Device\Scsi\a6pgzjdr1 864B41F8
Device \FileSystem\Fastfat \Fat 863081F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86483500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0xF3 0xEF 0x2F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA7 0xD8 0x51 0x5B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBF 0xA5 0x1E 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015832a3d11
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0xD5 0x13 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xDD 0xFF 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC5 0x22 0xEC 0x76 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0015832a3d11 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet003\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0xC0 0x98 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0x99 0x31 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xBF 0xA5 0x1E 0x24 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0015832a3d11 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventSourceFlags 1
Reg HKLM\SYSTEM\ControlSet004\Services\Eventlog\Security\MSSQL$SQLEXPRESS$AUDIT@EventMessageFile C:\Program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\Resources\1033\sqlevn70.rll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCC 0xD5 0x13 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x31 0xC6 0x22 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xDD 0xFF 0xA2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC5 0x22 0xEC 0x76 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\win143.tmp 0 bytes
File C:\WINDOWS\Temp\win144.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

 

yay i tink it worked, heres the comofix text

*some text in swedish

ComboFix 10-04-15.05 - magnus gunnarsson 2010-04-17 10:52:09.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.1015.440 [GMT 2:00]
Körs från: c:\documents and settings\magnus gunnarsson\Skrivbord\anti virus\ComboFix.exe
Använda kommandoväxlar :: c:\documents and settings\magnus gunnarsson\Skrivbord\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\DXT3E2.tmp "
"c:\windows\DXT3E3.tmp "
"c:\windows\DXT3E4.tmp "
"c:\windows\DXT3E5.tmp "
"c:\windows\DXT3E6.tmp "
"c:\windows\DXT3E7.tmp "
"c:\windows\system32\winsaj32.dll "
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\DXT3E2.tmp
c:\windows\DXT3E3.tmp
c:\windows\DXT3E4.tmp
c:\windows\DXT3E5.tmp
c:\windows\DXT3E6.tmp
c:\windows\DXT3E7.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\winsaj32.dll

.
(((((((((((((((((((((((( Filer Skapade från 2010-03-17 till 2010-04-17 ))))))))))))))))))))))))))))))
.

2010-04-16 13:39 . 2010-04-16 17:01 -------- d-----w- c:\documents and settings\Administratör
2010-04-15 14:48 . 2010-04-15 14:48 -------- d-----w- c:\program\Trend Micro
2010-04-15 13:28 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-14 21:15 . 2010-04-14 21:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2010-04-14 21:15 . 2010-04-14 21:15 -------- d-----r- c:\documents and settings\LocalService\Favoriter
2010-04-13 13:31 . 2010-04-13 13:31 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Avira
2010-04-13 13:27 . 2010-04-15 18:14 -------- d-----w- c:\windows\system32\NtmsData
2010-04-13 13:21 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-13 13:21 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-04-13 13:21 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-13 13:21 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-13 13:21 . 2010-04-13 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-11 18:45 . 2010-04-11 19:17 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\gtk-2.0
2010-04-11 18:45 . 2010-04-11 18:45 -------- d-----w- c:\documents and settings\magnus gunnarsson\.thumbnails
2010-04-11 18:42 . 2010-04-15 22:28 -------- d-----w- c:\documents and settings\magnus gunnarsson\.gimp-2.6
2010-04-08 15:34 . 2010-04-08 15:34 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Secret of the Solstice
2010-04-08 11:54 . 2010-04-08 12:00 -------- d-----w- c:\program\Outspark
2010-04-07 16:20 . 2010-04-07 16:20 -------- d-----w- c:\program\MSECache
2010-03-31 16:43 . 2010-04-14 13:14 -------- d-----r- c:\documents and settings\magnus gunnarsson\My Private Folder
2010-03-31 16:36 . 2010-03-31 16:36 -------- d-----w- c:\program\Microsoft Private Folder 1.0
2010-03-31 16:04 . 2010-03-31 16:04 -------- d-----w- c:\documents and settings\magnus gunnarsson\Personal
2010-03-31 15:26 . 2003-06-25 14:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-03-29 21:25 . 2010-03-29 21:25 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\TeamViewer
2010-03-29 17:42 . 2010-03-29 17:42 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Media Player Classic
2010-03-28 21:04 . 2010-03-28 21:04 2286080 ----a-w- c:\windows\system32\TUKernel.exe
2010-03-28 18:55 . 2010-03-28 18:55 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\TuneUp Software
2010-03-28 18:54 . 2010-04-01 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-03-28 18:47 . 2010-03-28 18:47 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-27 15:53 . 2010-03-27 15:53 0 ----a-w- c:\documents and settings\magnus gunnarsson\jagex__preferences3.dat
2010-03-25 21:04 . 2010-03-25 21:05 -------- d-----w- c:\program\Delade filer\Common Share
2010-03-25 21:04 . 2008-12-18 12:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-03-25 21:04 . 2008-12-18 12:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-03-25 21:04 . 2008-12-18 12:38 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-03-23 16:11 . 2009-09-14 09:36 758018 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-23 16:11 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-23 14:29 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Publish Providers
2010-03-23 14:25 . 2010-03-23 14:29 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Sony
2010-03-23 14:22 . 2010-03-23 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-03-22 17:06 . 2010-03-22 17:08 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Template
2010-03-22 15:48 . 2010-03-22 15:48 -------- d-----w- c:\documents and settings\magnus gunnarsson\.netbeans
2010-03-22 15:47 . 2010-03-22 15:48 -------- d-----w- c:\documents and settings\magnus gunnarsson\javame-sdk
2010-03-22 15:42 . 2010-03-22 15:47 -------- d-----w- C:\Java_ME_platform_SDK_3.0
2010-03-22 15:24 . 2010-03-30 17:43 -------- d-----w- c:\documents and settings\magnus gunnarsson\.javame-sdk
2010-03-21 20:17 . 2010-03-21 20:17 -------- d-----w- c:\program\directx
2010-03-21 15:46 . 2010-03-21 15:52 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\IGN_DLM
2010-03-21 11:07 . 1997-01-23 12:41 132096 ----a-w- c:\windows\system32\sst1init.dll
2010-03-21 11:07 . 1997-01-23 12:45 263168 ----a-w- c:\windows\system32\glide.dll
2010-03-21 09:08 . 1996-07-18 12:06 297472 ----a-w- c:\windows\uninst.exe
2010-03-21 08:53 . 2010-03-21 08:53 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Earthsim
2010-03-21 08:48 . 2010-03-21 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Earthsim
2010-03-20 19:04 . 2010-03-29 21:03 -------- d-----w- c:\program\Perfect Uninstaller
2010-03-19 16:03 . 1996-03-18 23:00 136448 ----a-w- c:\windows\RMTOOLS.DLL
2010-03-19 16:03 . 1994-09-15 23:00 20976 ----a-w- c:\windows\system\CTL3D.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 09:22 . 2009-11-24 13:32 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Skype
2010-04-17 07:56 . 2009-11-28 09:48 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\skypePM
2010-04-15 14:29 . 2010-01-03 12:21 -------- d-----w- c:\program\HyperCam Toolbar
2010-04-15 13:28 . 2009-11-27 17:44 -------- d-----w- c:\program\Java
2010-04-12 15:25 . 2009-11-28 09:20 75 ----a-w- c:\documents and settings\magnus gunnarsson\jagex_runescape_preferences2.dat
2010-04-12 15:23 . 2009-11-28 09:19 41 ----a-w- c:\documents and settings\magnus gunnarsson\jagex_runescape_preferences.dat
2010-04-11 18:42 . 2010-01-29 18:00 -------- d-----w- c:\program\Easy Icon Maker
2010-04-08 11:54 . 2009-09-01 04:36 -------- d--h--w- c:\program\InstallShield Installation Information
2010-04-08 09:13 . 2009-11-28 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-04-07 16:30 . 2009-11-24 00:01 1080 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\wklnhst.dat
2010-04-01 17:01 . 2009-12-31 21:32 -------- d-----w- c:\program\Delade filer\AVSMedia
2010-04-01 17:00 . 2009-12-31 21:32 -------- d-----w- c:\program\AVS4YOU
2010-04-01 15:46 . 2009-09-01 04:36 -------- d-----w- c:\program\Delade filer\InstallShield
2010-04-01 08:02 . 2009-11-27 17:44 -------- d-----w- c:\program\Delade filer\Java
2010-03-29 19:52 . 2010-03-29 19:07 2788864 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
2010-03-29 18:21 . 2009-09-01 05:20 -------- d-----w- c:\program\Windows Live
2010-03-28 22:38 . 2009-09-01 03:52 509226 ----a-w- c:\windows\system32\perfh01D.dat
2010-03-28 22:38 . 2009-09-01 03:52 108010 ----a-w- c:\windows\system32\perfc01D.dat
2010-03-25 09:27 . 2010-03-25 09:27 1107264 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-23 21:50 . 2010-03-23 21:50 9662 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{8D52E0F9-17A0-493B-8692-937381DDB62B}\SIMCITY.EXE_8D52E0F917A0493B8692937381DDB62B.EXE
2010-03-23 21:50 . 2010-03-23 21:50 8854 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{8D52E0F9-17A0-493B-8692-937381DDB62B}\Uninstall_SimCity_20_8D52E0F917A0493B8692937381DDB62B.exe
2010-03-23 21:50 . 2010-03-23 21:50 10134 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{8D52E0F9-17A0-493B-8692-937381DDB62B}\ARPPRODUCTICON.exe
2010-03-23 15:37 . 2009-09-01 05:16 -------- d-----w- c:\program\Delade filer\Adobe
2010-03-22 15:38 . 2010-01-31 14:25 -------- d-----w- c:\program\Sun
2010-03-20 18:46 . 2009-09-01 05:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 16:14 . 2010-03-03 18:27 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Notepad++
2010-03-17 17:01 . 2010-03-07 17:21 -------- d-----w- c:\program\Ask.com
2010-03-17 08:50 . 2010-04-03 17:02 681472 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
2010-03-14 13:24 . 2010-03-14 13:24 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-03-14 13:24 . 2010-03-14 13:24 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-03-13 22:01 . 2009-09-01 03:52 28400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-13 16:45 . 2010-03-13 16:45 -------- d-----w- c:\program\Microsoft Synchronization Services
2010-03-13 16:45 . 2009-09-01 05:22 -------- d-----w- c:\program\Microsoft SQL Server Compact Edition
2010-03-13 16:44 . 2010-03-13 16:44 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-03-13 16:43 . 2009-11-25 20:41 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-13 12:07 . 2010-03-05 12:34 8854 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-03-13 12:07 . 2010-03-05 12:34 40960 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-03-13 12:07 . 2010-03-05 12:34 40960 ----a-r- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-03-10 21:19 . 2010-03-10 21:01 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\FreeOrion
2010-03-10 06:17 . 2009-09-01 03:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 21:18 . 2010-03-09 21:18 -------- d-----w- c:\program\Oberon Media
2010-03-09 20:51 . 2009-11-25 16:24 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Microsoft Games
2010-03-07 18:08 . 2010-03-07 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2010-03-07 17:13 . 2010-02-01 18:07 -------- d-----w- c:\program\Free ISO Creator
2010-03-07 16:19 . 2010-03-07 16:19 -------- d-----w- c:\program\ElcomSoft
2010-03-06 11:41 . 2010-03-06 11:41 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Toribash
2010-03-06 09:41 . 2010-03-06 09:41 -------- d-----w- c:\program\Delade filer\DirectX
2010-03-05 12:07 . 2010-03-04 18:20 139456 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-05 12:07 . 2010-01-20 19:26 190160 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-05 11:44 . 2010-03-04 18:20 138056 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\PnkBstrK.sys
2010-03-05 11:44 . 2010-03-04 18:20 138056 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\PnkBstrK.sys
2010-03-05 11:43 . 2010-01-20 19:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-05 11:43 . 2010-03-04 18:20 2407792 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-03-05 08:06 . 2010-03-05 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-03-05 08:06 . 2010-01-06 19:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-05 08:05 . 2010-03-05 08:05 -------- d-----w- c:\program\bfgclient
2010-02-28 12:39 . 2009-11-25 05:33 -------- d-----w- c:\program\OpenAL
2010-02-27 20:07 . 2010-02-27 19:51 114688 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Soldat\Battleye\BEClient.dll
2010-02-27 19:51 . 2010-02-27 19:51 0 ----a-r- C:\logwmemory.bin
2010-02-27 19:49 . 2010-02-27 19:49 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Soldat
2010-02-26 21:10 . 2010-02-26 21:10 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\godzHell
2010-02-26 17:35 . 2010-02-26 17:35 -------- d-----w- c:\documents and settings\magnus gunnarsson\Application Data\Mouse Recorder Pro
2010-02-25 06:19 . 2009-09-01 03:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2009-09-01 03:52 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 21:28 . 2009-09-01 05:17 -------- d-----w- c:\program\Microsoft Works
2010-02-20 13:38 . 2010-02-20 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-02-20 13:38 . 2009-11-23 18:37 -------- d-----w- c:\program\Google
2010-02-18 17:51 . 2010-02-18 17:51 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2010-02-16 19:09 . 2008-04-14 21:14 2025472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:09 . 2008-04-14 21:13 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 17:02 . 2010-02-16 17:02 0 ----a-w- c:\windows\PowerReg.dat
2010-02-15 18:38 . 2010-02-15 14:54 38784 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-12 10:03 . 2010-03-06 08:19 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2009-09-01 03:52 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-09-01 03:52 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-08 06:27 . 2010-02-08 06:27 503808 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-129777d2-n\msvcp71.dll
2010-02-08 06:27 . 2010-02-08 06:27 348160 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-129777d2-n\msvcr71.dll
2010-02-08 06:27 . 2010-02-08 06:27 499712 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-129777d2-n\jmc.dll
2010-02-08 06:27 . 2010-02-08 06:27 61440 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f77ee2a-n\decora-sse.dll
2010-02-08 06:27 . 2010-02-08 06:27 12800 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7f77ee2a-n\decora-d3d.dll
2010-02-07 18:23 . 2010-02-07 18:24 919840 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\Sun\Java\JRERunOnce.exe
2010-02-04 17:48 . 2009-11-25 05:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-04 17:48 . 2009-11-25 05:33 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-04 09:01 . 2010-02-22 18:09 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-22 18:09 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-22 18:09 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-22 18:09 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-29 18:58 . 2010-01-29 18:58 1585608 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F35E193DC3E84933B83DE961D9AC33BF\SketchPad.exe
2010-01-20 19:42 . 2010-01-20 19:39 461888 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-01-20 19:39 . 2010-01-20 19:39 367680 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-01-20 19:39 . 2010-01-20 19:39 179264 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-01-20 19:39 . 2010-01-20 19:39 887856 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-01-20 19:39 . 2010-01-20 19:39 57344 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-01-20 19:39 . 2010-01-20 19:39 2407488 ----a-w- c:\documents and settings\magnus gunnarsson\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-01-20 19:27 . 2010-01-20 19:25 2373712 ----a-w- c:\windows\system32\pbsvc.exe
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaCie Ethernet Agent Startup "= "c:\program\LaCie\Ethernet Agent\LaCie Ethernet Agent.exe" [2008-06-19 4091904]
"Google Update "= "c:\documents and settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-25 135664]
"Pando Media Booster "= "c:\program\Pando Networks\Media Booster\PMB.exe" [2009-11-28 2923192]
"swg "= "c:\program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-29 39408]
"Skype "= "c:\program\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"DAEMON Tools Lite "= "d:\daemon tools lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"RTHDCPL "= "RTHDCPL.EXE" [2009-04-27 17881088]
"SynTPEnh "= "c:\program\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi "= "c:\program\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"AsusACPIServer "= "c:\program\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-16 630784]
"AsusEPCMonitor "= "c:\program\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]
"AsusTray "= "c:\program\EeePC\ACPI\AsTray.exe" [2009-04-16 118784]
"LiveUpdate "= "c:\program\Asus\LiveUpdate\LiveUpdate.exe" [2009-08-27 735208]
"KMCONFIG "= "c:\program\Mouse Driver\StartAutorun.exe" [2008-05-30 212992]
"Adobe Photo Downloader "= "c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"BluetoothAuthenticationAgent "= "bthprops.cpl" [2008-04-15 110592]
"BtTray "= "c:\program\IVT Corporation\BlueSoleil\BtTray.exe" [2008-06-19 231424]
"QuickTime Task "= "c:\program\QuickTime\qttask.exe" [2010-01-06 417792]
"Adobe ARM "= "c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Java(TM) ME Platform SDK 3.0 "= "c:\java_me_platform_sdk_3.0\bin\device-manager.exe" [2009-04-09 102400]
"ISUSPM Startup "= "c:\program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
"ISUSScheduler "= "c:\program\Delade filer\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched "= "c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt "= "d:\avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
SuperHybridEngine.lnk - c:\program\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-9-1 376832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "c:\windows\system32\logonui.exe "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher "= "c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program\\Java\\jdk1.6.0_18\\bin\\javaw.exe "=
"c:\\Program\\Pando Networks\\Media Booster\\PMB.exe "=
"d:\\bnw\\runblack.exe "=
"d:\\GameCQ\\.Cache\\DarkSpace\\DarkSpaceClient.exe "=
"c:\\WINDOWS\\system32\\dpnsvr.exe "=
"d:\\Soldat\\Soldat.exe "=
"d:\\YSFLIGHT\\fsmaindx.exe "=
"c:\\Program\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe "=
"d:\\YSFLIGHT\\fsmain.exe "=
"c:\\WINDOWS\\system32\\dplaysvr.exe "=
"c:\\Program\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57493:TCP "= 57493:TCPando Media Booster
"57493:UDP "= 57493:UDPando Media Booster
"16151:TCP "= 16151:TCPpen port
"15161:TCP "= 15161:TCPen port
"16151:UDP "= 16151:UDPpen port
"3105:TCP "= 3105:TCP:firewall/nat
"3105:UDP "= 3105:UDP:firewall
"1034:TCP "= 1034:TCP:Akamai NetSession Interface
"5000:UDP "= 5000:UDP:Akamai NetSession Interface

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-01-21 21512]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-01-01 691696]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-01-31 123280]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-01-31 41616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\avira\AntiVir Desktop\sched.exe [2010-04-13 135336]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program\Mouse Driver\KMWDSrv.exe [2008-06-23 208896]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [2006-04-21 70912]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-01-21 26248]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-12-17 110096]
S2 gupdate;Google Update Service (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-09-01 1684736]
S3 GWHid;VL807 Hidmini driver;c:\windows\system32\drivers\GWHid.sys [2009-11-25 18992]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-08-27 38912]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2009-09-01 1015424]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-08-27 39040]
S3 VL807;VL807 Filter;c:\windows\system32\drivers\VL807.sys [2009-11-25 27184]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program\Google\Update\GoogleUpdate.exe [2009-11-25 15:42]

2010-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program\Google\Update\GoogleUpdate.exe [2009-11-25 15:42]

2010-04-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportera till Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Skicka till &Bluetooth-enhet... - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Skicka till Bluetooth - c:\program\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
FF - ProfilePath - c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\magnus gunnarsson\Application Data\Mozilla\Firefox\Profiles\jw1t28dz.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICY ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
c:\program\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref( "browser.fixup.alternate.suffix ", ".se ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 11:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys spjy.sys >>UNKNOWN [0x86F87938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf769bf28
\Driver\ACPI -> ACPI.sys @ 0xf7503cb8
\Driver\iaStor -> iaStor.sys @ 0xf743c720
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e668e
ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b1
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LÃ…STA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-880824880-3436134146-2971665550-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-880824880-3436134146-2971665550-1006\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-880824880-3436134146-2971665550-1006)
@Allowed: (Read) (S-1-5-21-880824880-3436134146-2971665550-1006)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(2856)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andra processer som körs ------------------------
.
d:\avira\AntiVir Desktop\avguard.exe
c:\program\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
d:\avira\AntiVir Desktop\avshadow.exe
c:\program\Bonjour\mDNSResponder.exe
c:\program\Java\jre6\bin\jqs.exe
c:\program\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\rundll32.exe
c:\program\Mouse Driver\KMConfig.exe
c:\program\Mouse Driver\KMProcess.exe
c:\program\Java\jdk1.6.0_18\bin\javaw.exe
c:\documents and settings\magnus gunnarsson\Lokala inställningar\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Sluttid: 2010-04-17 11:28:12 - datorn startades om.
ComboFix-quarantined-files.txt 2010-04-17 09:28
ComboFix2.txt 2010-04-15 14:43

Före genomsökningen: 31*948*664*832 byte ledigt
Efter genomsökningen: 31*956*475*904 byte ledigt

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B118648B3AFEDFC623166D2C407CB311