andcar
-
Innehållsantal
39 -
Gick med
-
Besökte senast
andcar's Achievements
(2/8)
-
Hej Malou! Så lite så! det jobb du har lagt ner är värt mycket för mig Den mår bara bra. Uppdateringarna fungerade. Allt utan problem Dagens ----[--[-@ till dig Anders
-
Hej Malou! Du har gjort et bra jobb också! Hade ju aldrig klarat det utan dig! Dator&IT-Säkerhet: har jag lagt som favorit =) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:01:20, on 2009-01-25 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\internet explorer\iexplore.exe C:\Program\anders scan\Anders HijackThis\This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 8243 bytes
-
Hej! Tack! men det är du som har haft stort tålamod!!! ja en router,vi är två som delar. men den andra datorn funkar som den ska o används nästan aldrig. http://www.mediateknik.com är den leverantör jag alltid haft datornfunkar jätte bra!
-
Hej Malou! ComboFix 09-01-21.04 - Nubben 2009-01-24 18:55:24.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.511.136 [GMT 1:00] Körs från: c:\documents and settings\Nubben\Skrivbord\ComboFix.exe Använda kommandoväxlar :: c:\documents and settings\Nubben\Skrivbord\CFScript.txt AV: AVG 7.5.552 *On-access scanning enabled* (Updated) FW: Sygate Personal Firewall Pro *enabled* * Skapade en ny återställningspunkt FILE :: c:\windows\system32\iestat.exe . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\iestat.exe . (((((((((((((((((((((((( Filer Skapade från 2008-12-24 till 2009-01-24 )))))))))))))))))))))))))))))) . 2009-01-24 15:54 . 2009-01-24 15:54 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware 2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\Nubben\Application Data\Malwarebytes 2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-01-24 14:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-24 14:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 15:00 . 2009-01-23 15:00 <KAT> d-------- c:\program\Delade filer\SYMANT~1 2009-01-20 21:52 . 2009-01-20 21:52 <KAT> d-------- c:\windows\ERUNT 2009-01-20 21:10 . 2009-01-20 21:10 <KAT> d-------- c:\program\SDFix 2009-01-20 18:19 . 2009-01-22 10:15 <KAT> d--hs---- c:\windows\system32\twain32 2009-01-20 16:46 . 2009-01-20 16:46 <KAT> d-------- c:\program\CCleaner 2009-01-19 23:26 . 2009-01-19 23:30 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2009-01-19 23:05 . 2009-01-21 14:11 <KAT> d-------- c:\program\SUPERAntiSpyware 2009-01-19 22:35 . 2009-01-19 22:35 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-19 22:35 . 2009-01-19 22:35 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-19 20:19 . 2009-01-23 15:00 <KAT> d-------- c:\program\Norton Security Scan 2009-01-19 19:29 . 2009-01-19 19:31 <KAT> d-------- c:\documents and settings\Nubben\.SunDownloadManager 2009-01-13 09:58 . 2009-01-18 15:53 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\system32\sv 2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\l2schemas 2009-01-03 13:52 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-12-29 10:38 . 2009-01-22 10:51 7,680 --ahs---- c:\windows\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 10:07 --------- d-----w c:\documents and settings\Nubben\Application Data\AVG7 2009-01-22 10:40 --------- d--h--w c:\program\InstallShield Installation Information 2009-01-22 09:51 --------- d-----w c:\program\Windows Media Connect 2 2009-01-22 09:51 --------- d-----w c:\program\DivX 2009-01-22 09:51 --------- d-----w c:\program\Avanquest update 2009-01-22 09:15 --------- d-----w c:\program\Unlocker 2009-01-21 13:11 --------- d-----w c:\program\Delade filer\Wise Installation Wizard 2009-01-21 10:18 --------- d-----w c:\program\Java 2009-01-20 19:06 --------- d-----w c:\program\anders scan 2009-01-20 16:12 --------- d-----w c:\program\Winamp 2009-01-20 15:52 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-01-19 22:26 --------- d-----w c:\program\Lavasoft 2009-01-19 10:42 --------- d-----w c:\program\Windows Live Safety Center 2009-01-13 09:15 --------- d-----w c:\program\Delade filer\Adobe 2009-01-09 18:12 --------- d-----w c:\program\EA GAMES 2009-01-03 16:21 --------- d-----w c:\program\MSN Messenger 2008-12-03 21:31 --------- d-----w c:\documents and settings\Nubben\Application Data\uTorrent 2008-10-21 19:37 21,528 ----a-w c:\documents and settings\Nubben\Application Data\GDIPFONTCACHEV1.DAT 2007-09-25 15:49 32 ----a-r c:\documents and settings\All Users\hash.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-24_17.25.34.23 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-24 18:03:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_124.dat . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 15,360 2004-08-04 00:34:16 c:\windows\system32\bak\ctfmon.exe ----a-w 15,360 2008-04-14 16:05:02 c:\windows\system32\ctfmon.exe ----a-w 411,648 2007-03-01 08:27:54 d:\avg free\bak\avgcc.exe ----a-w 416,256 2007-04-28 11:23:53 d:\avg free\avgcc.exe . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "msnmsgr"="c:\program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\program\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-04 590848] "SmcService"="c:\program\Sygate\SPF\smc.exe" [2005-09-27 2635472] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-09-01 282624] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] "Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-19 136600] "nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "AVG7_Run"="c:\program\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136] "DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\ Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-01-01 438272] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.vp31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 c:\program\MSN Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program\\uTorrent\\utorrent.exe"= "d:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\MSN Messenger\\msnmsgr.exe"= "c:\\Program\\MSN Messenger\\livecall.exe"= "c:\\Program\\Java\\jre6\\bin\\java.exe"= R4 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2008-10-04 83880] S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2008-10-04 15016] S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2008-10-04 110504] S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2008-10-04 104488] S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2008-10-04 100648] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{030EE0AC-0F33-50E9-0307-070300010406}] c:\windows\System32\xp-clean.exe . Innehållet i mappen 'Schemalagda aktiviteter': 2009-01-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-01-23 c:\windows\Tasks\Norton Security Scan for Nubben.job - c:\program\Norton Security Scan\Nss.exe [2008-09-19 04:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.aftonbladet.se/ Trusted Zone: adobe.com\www Trusted Zone: bilddagboken.se Trusted Zone: google.se\www Trusted Zone: ignames.net\en10.ds Trusted Zone: internetkassan.nu\www Trusted Zone: kingsofchaos.com\www Trusted Zone: lunarstorm.se\www Trusted Zone: spela.se\www Trusted Zone: svenskfotboll.se\www Trusted Zone: tradera.com\www Trusted Zone: tribalwars.net\www Trusted Zone: vildawebben.se\www Trusted Zone: www.dn.se TCP: {F725B5B2-C8C6-4299-9A49-AC36782EA4BD} = 208.67.220.220 208.67.222.222 DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.extrafilm.se/ImageUploader5.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 19:03:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø|ÿÿÿÿ|ù6~*] "D140510900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . ------------------------ Andra processer som körs ------------------------ . c:\program\Lavasoft\Ad-Aware\aawservice.exe c:\program\Grisoft\AVGFRE~1\avgamsvr.exe c:\program\Grisoft\AVGFRE~1\avgupsvc.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe c:\program\Delade filer\Teleca Shared\Generic.exe c:\program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Sluttid: 2009-01-24 19:13:11 - datorn startades om. ComboFix-quarantined-files.txt 2009-01-24 18:13:01 ComboFix2.txt 2009-01-24 16:29:58 Före genomsökningen: 5 494 026 240 byte ledigt Efter genomsökningen: 5,877,202,944 byte ledigt 195 _______________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:16:26, on 2009-01-24 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\Program\internet explorer\iexplore.exe C:\Program\anders scan\Anders HijackThis\This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 8243 bytes
-
Hej det låg i en mapp i windows och i mappen fin det en DS fil som heter wiatwain.ds. Jag högerklickade o följande finns... version © Microsoft Corporation. All rights reserved. Beskrivning WIATWAIN Antivirus Version Senaste Uppdatering Resultat a-squared 4.0.0.73 2009.01.24 - AhnLab-V3 5.0.0.2 2009.01.24 - AntiVir 7.9.0.60 2009.01.23 - Authentium 5.1.0.4 2009.01.24 - Avast 4.8.1281.0 2009.01.23 Win32:Ups AVG 8.0.0.229 2009.01.23 - BitDefender 7.2 2009.01.24 Trojan.FakeAntivirus.Gen CAT-QuickHeal 10.00 2009.01.24 - ClamAV 0.94.1 2009.01.24 - Comodo 944 2009.01.24 - DrWeb 4.44.0.09170 2009.01.24 - eSafe 7.0.17.0 2009.01.22 - eTrust-Vet 31.6.6325 2009.01.24 - F-Prot 4.4.4.56 2009.01.23 - F-Secure 8.0.14470.0 2009.01.24 - Fortinet 3.117.0.0 2009.01.24 - GData 19 2009.01.24 Trojan.FakeAntivirus.Gen Ikarus T3.1.1.45.0 2009.01.24 - K7AntiVirus 7.10.604 2009.01.24 - Kaspersky 7.0.0.125 2009.01.24 - McAfee 5505 2009.01.24 - McAfee+Artemis 5504 2009.01.23 - Microsoft 1.4205 2009.01.24 Trojan:Win32/Zbot.BX NOD32 3796 2009.01.24 a variant of Win32/Kryptik.FL Norman 5.93.01 2009.01.23 - nProtect 2009.1.8.0 2009.01.23 - Panda 9.5.1.2 2009.01.24 - PCTools 4.4.2.0 2009.01.24 - Prevx1 V2 2009.01.24 - Rising 21.13.42.00 2009.01.23 - SecureWeb-Gateway 6.7.6 2009.01.24 - Sophos 4.37.0 2009.01.24 - Sunbelt 3.2.1835.2 2009.01.16 VIPRE.Suspicious Symantec 10 2009.01.24 - TheHacker 6.3.1.5.227 2009.01.24 - TrendMicro 8.700.0.1004 2009.01.24 - VBA32 3.12.8.11 2009.01.23 - ViRobot 2009.1.23.1576 2009.01.23 - VirusBuster 4.5.11.0 2009.01.24 -
-
Hej! jag har inte märkt av några problem alls
-
ComboFix 09-01-21.04 - Nubben 2009-01-24 17:09:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.511.121 [GMT 1:00] Körs från: c:\documents and settings\Nubben\Skrivbord\ComboFix.exe AV: AVG 7.5.552 *On-access scanning enabled* (Updated) FW: Sygate Personal Firewall Pro *enabled* * Skapade en ny återställningspunkt . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Nubben\Favoriter\Videos.url c:\program files\AMV Converter\_desktop.ini c:\program files\AMV Converter\skin\_desktop.ini c:\program files\AMV Converter\skin\xpstyle\_desktop.ini c:\windows\msettings.ini c:\windows\system32\Drivers\UACuwjqbouq.sys c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\UACdetkllmx.dat c:\windows\system32\UACswvcnupr.dll . ((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys (((((((((((((((((((((((( Filer Skapade från 2008-12-24 till 2009-01-24 )))))))))))))))))))))))))))))) . 2009-01-24 15:54 . 2009-01-24 15:54 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware 2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\Nubben\Application Data\Malwarebytes 2009-01-24 14:55 . 2009-01-24 14:55 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-01-24 14:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-24 14:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 15:00 . 2009-01-23 15:00 <KAT> d-------- c:\program\Delade filer\SYMANT~1 2009-01-20 21:52 . 2009-01-20 21:52 <KAT> d-------- c:\windows\ERUNT 2009-01-20 21:10 . 2009-01-20 21:10 <KAT> d-------- c:\program\SDFix 2009-01-20 18:19 . 2009-01-22 10:15 <KAT> d--hs---- c:\windows\system32\twain32 2009-01-20 18:18 . 2009-01-20 18:19 94,208 --a------ c:\windows\system32\iestat.exe 2009-01-20 16:46 . 2009-01-20 16:46 <KAT> d-------- c:\program\CCleaner 2009-01-19 23:26 . 2009-01-19 23:30 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft 2009-01-19 23:05 . 2009-01-21 14:11 <KAT> d-------- c:\program\SUPERAntiSpyware 2009-01-19 22:35 . 2009-01-19 22:35 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-19 22:35 . 2009-01-19 22:35 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-19 20:19 . 2009-01-23 15:00 <KAT> d-------- c:\program\Norton Security Scan 2009-01-19 19:29 . 2009-01-19 19:31 <KAT> d-------- c:\documents and settings\Nubben\.SunDownloadManager 2009-01-13 09:58 . 2009-01-18 15:53 <KAT> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NOS 2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\system32\sv 2009-01-03 17:03 . 2009-01-03 17:03 <KAT> d-------- c:\windows\l2schemas 2009-01-03 13:52 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2008-12-29 10:38 . 2009-01-22 10:51 7,680 --ahs---- c:\windows\Thumbs.db . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 10:07 --------- d-----w c:\documents and settings\Nubben\Application Data\AVG7 2009-01-22 10:40 --------- d--h--w c:\program\InstallShield Installation Information 2009-01-22 09:51 --------- d-----w c:\program\Windows Media Connect 2 2009-01-22 09:51 --------- d-----w c:\program\DivX 2009-01-22 09:51 --------- d-----w c:\program\Avanquest update 2009-01-22 09:15 --------- d-----w c:\program\Unlocker 2009-01-21 13:11 --------- d-----w c:\program\Delade filer\Wise Installation Wizard 2009-01-21 10:18 --------- d-----w c:\program\Java 2009-01-20 19:06 --------- d-----w c:\program\anders scan 2009-01-20 16:12 --------- d-----w c:\program\Winamp 2009-01-20 15:52 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-01-19 22:26 --------- d-----w c:\program\Lavasoft 2009-01-19 10:42 --------- d-----w c:\program\Windows Live Safety Center 2009-01-13 09:15 --------- d-----w c:\program\Delade filer\Adobe 2009-01-09 18:12 --------- d-----w c:\program\EA GAMES 2009-01-03 16:21 --------- d-----w c:\program\MSN Messenger 2008-12-03 21:31 --------- d-----w c:\documents and settings\Nubben\Application Data\uTorrent 2008-10-21 19:37 21,528 ----a-w c:\documents and settings\Nubben\Application Data\GDIPFONTCACHEV1.DAT 2007-09-25 15:49 32 ----a-r c:\documents and settings\All Users\hash.dat . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 15,360 2004-08-04 00:34:16 c:\windows\system32\bak\ctfmon.exe ----a-w 15,360 2008-04-14 16:05:02 c:\windows\system32\ctfmon.exe ----a-w 411,648 2007-03-01 08:27:54 d:\avg free\bak\avgcc.exe ----a-w 416,256 2007-04-28 11:23:53 d:\avg free\avgcc.exe . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264] "msnmsgr"="c:\program\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="c:\program\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-04 590848] "SmcService"="c:\program\Sygate\SPF\smc.exe" [2005-09-27 2635472] "QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-09-01 282624] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "Sony Ericsson PC Suite"="c:\program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920] "Adobe Photo Downloader"="c:\program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-19 136600] "nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "AVG7_Run"="c:\program\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136] "DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\ Personal.lnk - c:\program\Personal\bin\Personal.exe [2007-01-01 438272] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.vp31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users.WINDOWS\Start-meny\Program\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 c:\program\MSN Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\Grisoft\\AVG Free\\avginet.exe"= "c:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\Program\\Grisoft\\AVG Free\\avgcc.exe"= "c:\\Program\\uTorrent\\utorrent.exe"= "d:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\MSN Messenger\\msnmsgr.exe"= "c:\\Program\\MSN Messenger\\livecall.exe"= "c:\\Program\\Java\\jre6\\bin\\java.exe"= R4 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [2008-10-04 83880] S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [2008-10-04 15016] S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [2008-10-04 110504] S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [2008-10-04 104488] S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [2008-10-04 100648] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{030EE0AC-0F33-50E9-0307-070300010406}] c:\windows\System32\xp-clean.exe . Innehållet i mappen 'Schemalagda aktiviteter': 2009-01-24 c:\windows\Tasks\MP Scheduled Scan.job - c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2009-01-23 c:\windows\Tasks\Norton Security Scan for Nubben.job - c:\program\Norton Security Scan\Nss.exe [2008-09-19 04:18] . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.aftonbladet.se/ Trusted Zone: adobe.com\www Trusted Zone: bilddagboken.se Trusted Zone: google.se\www Trusted Zone: ignames.net\en10.ds Trusted Zone: internetkassan.nu\www Trusted Zone: kingsofchaos.com\www Trusted Zone: lunarstorm.se\www Trusted Zone: spela.se\www Trusted Zone: svenskfotboll.se\www Trusted Zone: tradera.com\www Trusted Zone: tribalwars.net\www Trusted Zone: vildawebben.se\www Trusted Zone: www.dn.se TCP: {F725B5B2-C8C6-4299-9A49-AC36782EA4BD} = 208.67.220.220 208.67.222.222 DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.extrafilm.se/ImageUploader5.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 17:23:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="" . --------------------- LÅSTA REGISTERNYCKLAR --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø|ÿÿÿÿ|ù6~*] "D140510900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL" . ------------------------ Andra processer som körs ------------------------ . c:\program\Lavasoft\Ad-Aware\aawservice.exe c:\program\Grisoft\AVGFRE~1\avgamsvr.exe c:\program\Grisoft\AVGFRE~1\avgupsvc.exe c:\program\Java\jre6\bin\jqs.exe c:\program\Delade filer\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe c:\program\Delade filer\Teleca Shared\Generic.exe c:\program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Sluttid: 2009-01-24 17:29:53 - datorn startades om. [Nubben] ComboFix-quarantined-files.txt 2009-01-24 16:29:42 Före genomsökningen: 5 198 413 824 byte ledigt Efter genomsökningen: 5,271,498,752 byte ledigt WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 207
-
Hej! verkar som det alltid hittas mer o mer fel :/ jag vågar inte köra det. kommer upp varningar beroende på at jag inte vet hur man stänger av avg. Hittade ingenstans hur man gör det. stängde ner det men varningarna kommer ändå :/ så jag vågar inte fortsätta
-
Hej! ja allt funkar som det ska jag laddade ner det du skrev SDFix: Version 1.240 Run by Nubben on 2009-01-24 at 15:56 Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Nubben\Skrivbord\SDFix\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 16:07:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:a3,c8,28,34,b7,77,19,84,09,4d,34,ef,52,07,68,3f,13,e3,84,16,4e,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:3d,ab,ed,84,1f,e2,3c,91,5d,0f,04,e3,e5,25,fb,6a,45,b8,33,56,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,be,08,a4,00,77,2e,93,af,2a,e5,ea,2e,3e,6e,e0,a2,30,.. "khjeh"=hex:af,df,c5,d1,a3,9f,6b,46,e4,a1,d7,6f,f9,8b,2c,b6,4c,95,79,78,a0,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:70,1c,94,c3,44,b3,cf,3c,f4,65,af,aa,4b,34,95,73,fc,9e,08,27,be,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys] "start"=dword:00000004 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\UACuwjqbouq.sys" "group"="file system" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UACd.sys\modules] "UACd"="\\?\globalroot\systemroot\system32\drivers\UACuwjqbouq.sys" "UACc"="\\?\globalroot\systemroot\system32\UACswvcnupr.dll" "uacsr"="\\?\globalroot\systemroot\system32\UACdetkllmx.dat" "uaclog"="\\?\globalroot\systemroot\system32\UACtnrnynnk.dll" "uacmask"="\\?\globalroot\systemroot\system32\UACvjkforlw.dll" "uacbbr"="\\?\globalroot\systemroot\system32\UACdnaqfmim.dll" "UACproc"="\\?\globalroot\systemroot\system32\UACehxtfkde.log" "uacurls"="\\?\globalroot\systemroot\system32\UACsgvjbjex.log" "uacerrors"="\\?\globalroot\systemroot\system32\UACyjbqxrqa.log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:a3,c8,28,34,b7,77,19,84,09,4d,34,ef,52,07,68,3f,13,e3,84,16,4e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:3d,ab,ed,84,1f,e2,3c,91,5d,0f,04,e3,e5,25,fb,6a,45,b8,33,56,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,be,08,a4,00,77,2e,93,af,2a,e5,ea,2e,3e,6e,e0,a2,30,.. "khjeh"=hex:af,df,c5,d1,a3,9f,6b,46,e4,a1,d7,6f,f9,8b,2c,b6,4c,95,79,78,a0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:70,1c,94,c3,44,b3,cf,3c,f4,65,af,aa,4b,34,95,73,fc,9e,08,27,be,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys] "start"=dword:00000004 "type"=dword:00000001 "imagepath"=str(2):"\systemroot\system32\drivers\UACuwjqbouq.sys" "group"="file system" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys\modules] "UACd"="\\?\globalroot\systemroot\system32\drivers\UACuwjqbouq.sys" "UACc"="\\?\globalroot\systemroot\system32\UACswvcnupr.dll" "uacsr"="\\?\globalroot\systemroot\system32\UACdetkllmx.dat" "uaclog"="\\?\globalroot\systemroot\system32\UACtnrnynnk.dll" "uacmask"="\\?\globalroot\systemroot\system32\UACvjkforlw.dll" "uacbbr"="\\?\globalroot\systemroot\system32\UACdnaqfmim.dll" "UACproc"="\\?\globalroot\systemroot\system32\UACehxtfkde.log" "uacurls"="\\?\globalroot\systemroot\system32\UACsgvjbjex.log" "uacerrors"="\\?\globalroot\systemroot\system32\UACyjbqxrqa.log" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "h0"=dword:00000000 "ujdew"=hex:a3,c8,28,34,b7,77,19,84,09,4d,34,ef,52,07,68,3f,13,e3,84,16,4e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program\DAEMON Tools Lite\" "h0"=dword:00000001 "khjeh"=hex:3d,ab,ed,84,1f,e2,3c,91,5d,0f,04,e3,e5,25,fb,6a,45,b8,33,56,a6,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,be,08,a4,00,77,2e,93,af,2a,e5,ea,2e,3e,6e,e0,a2,30,.. "khjeh"=hex:af,df,c5,d1,a3,9f,6b,46,e4,a1,d7,6f,f9,8b,2c,b6,4c,95,79,78,a0,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:91,6e,16,f1,93,8b,7e,b8,f9,73,24,0f,97,5a,59,52,72,8c,50,5b,f9,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program\\DC++\\DCPlusPlus.exe"="C:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP" "C:\\Program\\Fildelningsprogram\\paranoia.exe"="C:\\Program\\Fildelningsprogram\\paranoia.exe:*:Enabled:paranoia" "C:\\Program\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II" "C:\\Program\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW" "D:\\battlefield\\BF1942.exe"="D:\\battlefield\\BF1942.exe:*:Enabled:BF1942" "D:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"="D:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "D:\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe"="D:\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe:*:Enabled:BF1942" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\Nubben\\Skrivbord\\Panzer General 2-rip\\panzer2\\PANZER2.EXE"="C:\\Documents and Settings\\Nubben\\Skrivbord\\Panzer General 2-rip\\panzer2\\PANZER2.EXE:*:Enabled:PANZER2" "D:\\Db\\Db\\Skins\\Anders\\Fildelningsprogram\\paranoia.exe"="D:\\Db\\Db\\Skins\\Anders\\Fildelningsprogram\\paranoia.exe:*:Disabled:paranoia" "C:\\Program\\Azureus\\Azureus.exe"="C:\\Program\\Azureus\\Azureus.exe:*:Enabled:Azureus" "D:\\andcar\\BF1942.exe"="D:\\andcar\\BF1942.exe:*:Enabled:BF1942" "D:\\andcar\\call of\\MOHAA.exe"="D:\\andcar\\call of\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\\Program\\mswt kart 2004\\MSWorldTour.exe"="C:\\Program\\mswt kart 2004\\MSWorldTour.exe:*:Disabled:MSWorldTour" "D:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="D:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW" "C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program\\Java\\jre6\\bin\\java.exe"="C:\\Program\\Java\\jre6\\bin\\java.exe:*:Enabled:Java Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program\Messenger\msmsgs.exe" Fri 22 Jul 2005 32,768 A..H. --- "C:\Program Files\AMV Converter\AmvTransform.dll" Mon 6 Mar 2006 77,824 A..H. --- "C:\Program Files\AMV Converter\AMV_EncDLL.dll" Tue 27 Dec 2005 40,960 A..H. --- "C:\Program Files\AMV Converter\net.dll" Wed 8 Mar 2006 106,496 A..H. --- "C:\Program Files\AMV Converter\transdll.dll" Mon 15 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 31 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Wed 31 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv14.bak" Tue 28 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp" Thu 23 Jan 2003 1,740 A..HR --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc3\Registry Backup\ccReg.reg" Thu 23 Jan 2003 242,962 A..HR --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc3\Registry Backup\CommonClient.reg" Thu 23 Jan 2003 158,818 A..HR --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc3\Registry Backup\IAM.reg" Wed 14 Aug 2002 65,088 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\3COM 3c556 Packet\3C556.COM" Wed 14 Aug 2002 12,732 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM" Wed 14 Aug 2002 26,424 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM" Wed 14 Aug 2002 28,062 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM" Wed 14 Aug 2002 10,710 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM" Wed 14 Aug 2002 10,083 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM" Wed 14 Aug 2002 10,257 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM" Wed 14 Aug 2002 29,499 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM" Wed 14 Aug 2002 12,660 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM" Wed 14 Aug 2002 11,031 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM" Wed 14 Aug 2002 17,952 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM" Wed 14 Aug 2002 9,424 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM" Wed 14 Aug 2002 13,673 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN166X Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM" Wed 14 Aug 2002 7,243 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM" Wed 14 Aug 2002 24,767 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM" Wed 14 Aug 2002 7,463 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM" Wed 14 Aug 2002 10,286 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM" Wed 14 Aug 2002 25,460 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM" Wed 14 Aug 2002 28,866 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM" Wed 14 Aug 2002 8,544 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\CATC USB Ethernet\Elndis.sys" Wed 14 Aug 2002 33,149 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\CATC USB Ethernet\Usbd.sys" Wed 28 May 2003 51,150 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI1394.SYS" Wed 14 Aug 2002 35,340 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI2DOS.SYS" Wed 14 Aug 2002 14,378 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI4DOS.SYS" Wed 14 Aug 2002 37,984 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI8DOS.SYS" Wed 14 Aug 2002 44,828 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPI8U2.SYS" Wed 14 Aug 2002 29,628 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPICD.SYS" Wed 28 May 2003 52,106 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPIEHCI.SYS" Wed 14 Aug 2002 49,242 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPIOHCI.SYS" Wed 14 Aug 2002 50,606 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\ASPIUHCI.SYS" Wed 14 Aug 2002 161,792 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\BOOTSRV.SYS" Wed 14 Aug 2002 174,080 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\bootsrv16.sys" Wed 14 Aug 2002 21,971 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\BTCDROM.SYS" Wed 14 Aug 2002 30,955 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\BTDOSM.SYS" Wed 14 Aug 2002 202,517 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\CMDS.EXE" Wed 14 Aug 2002 374,038 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\CMDS16.EXE" Wed 14 Aug 2002 22,158 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\COUNTRY.SYS" Wed 14 Aug 2002 1,608 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\DEVICE.COM" Wed 14 Aug 2002 15,345 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\DISPLAY.SYS" Wed 14 Aug 2002 7,840 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\DLSHELP.SYS" Wed 14 Aug 2002 56,821 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\E.EXE" Wed 14 Aug 2002 64,425 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\FLASHPT.SYS" Wed 14 Aug 2002 32,396 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\GUEST.EXE" Wed 14 Aug 2002 14,160 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\HIMEM.SYS" Wed 14 Aug 2002 10,898 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\KEYB.COM" Wed 14 Aug 2002 53,556 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\KEYBOARD.SYS" Wed 14 Aug 2002 15,777 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\MODE.COM" Wed 14 Aug 2002 37,681 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\MOUSE.COM" Wed 14 Aug 2002 354,304 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\msbootsrv16.sys" Wed 14 Aug 2002 21,180 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\MSCDEX.EXE" Wed 14 Aug 2002 354,263 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\Net.exe" Wed 14 Aug 2002 8,513 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\NETBIND.COM" Wed 14 Aug 2002 41,302 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\OAKCDROM.SYS" Wed 14 Aug 2002 129,240 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\OHCI.EXE" Wed 14 Aug 2002 28,439 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\Paralink.com" Wed 14 Aug 2002 13,770 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\PROTMAN.EXE" Wed 14 Aug 2002 130,980 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\UHCI.EXE" Wed 14 Aug 2002 11,854 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM" Wed 14 Aug 2002 52,715 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM" Wed 14 Aug 2002 62,391 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM" Wed 14 Aug 2002 11,491 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com" Wed 14 Aug 2002 17,791 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DLink DT620 Packet\Dt620pd.com" Wed 14 Aug 2002 17,043 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\DLink DE400 Packet\De400pd.com" Wed 14 Aug 2002 11,786 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com" Wed 14 Aug 2002 18,300 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com" Wed 14 Aug 2002 48,224 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com" Wed 14 Aug 2002 13,360 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com" Wed 14 Aug 2002 9,190 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com" Wed 14 Aug 2002 12,567 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Melco LPC2-T\Lpchkat2.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM" Wed 14 Aug 2002 56,896 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com" Wed 14 Aug 2002 9,692 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\PXE Packet Driver\Undipd.com" Wed 14 Aug 2002 9,537 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\SN 2000p Packet\PNPPD.COM" Wed 14 Aug 2002 32,484 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\WaveLAN Packet\Wvlan42.com" Wed 14 Aug 2002 52,225 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe" Wed 14 Aug 2002 48,491 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom RE10BT\Ce3ndis.exe" Wed 14 Aug 2002 50,405 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com" Wed 14 Aug 2002 33,860 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe" Wed 14 Aug 2002 50,175 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe" Wed 14 Aug 2002 50,795 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe" Wed 14 Aug 2002 48,223 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com" Wed 14 Aug 2002 48,641 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe" Wed 14 Aug 2002 49,015 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com" Wed 14 Aug 2002 53,786 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\pcdos\command.com" Wed 14 Aug 2002 44,240 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\pcdos\IBMBIO.COM" Wed 14 Aug 2002 42,550 A..H. --- "C:\RECYCLER\S-1-5-21-1957994488-573735546-725345543-1003\Dc2\Ghost\Template\common\pcdos\IBMDOS.COM" Finished! _________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:18:09, on 2009-01-24 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\Program\Personal\bin\Personal.exe C:\WINDOWS\System32\svchost.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\anders scan\Anders HijackThis\This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 8625 bytes
-
Hej igen Malwarebytes' Anti-Malware 1.33 Databasversion: 1688 Windows 5.1.2600 Service Pack 3 2009-01-24 15:23:04 mbam-log-2009-01-24 (15-23-04).txt Skanningstyp: Snabb skanning Antal skannade objekt: 66637 Förfluten tid: 10 minute(s), 57 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 1 Infekterade registervärden: 1 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 6 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{85589b5d-d53d-4237-a677-46b82ea275f3} (Unknown.Malware) -> Quarantined and deleted successfully. Infekterade registervärden: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: C:\WINDOWS\system32\UACdnaqfmim.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACtnrnynnk.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACvjkforlw.dll (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\UAC41d1.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\UAC5d68.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\UACa52.tmp (Trojan.TDSS) -> Quarantined and deleted successfully. ________________________________________________________________________________ ____ Ht-LOg Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:25:30, on 2009-01-24 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\MSN Messenger\usnsvc.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\anders scan\Anders HijackThis\This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 8478 bytes
-
jippppi! nu verkar allt funka!!! Tack för all hjälp! Du är en ängel!! <3 vad är UACd.sys ? så här blev det.... Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "UACd.sys" found! ImagePath: \systemroot\system32\drivers\UACuwjqbouq.sys Driver disabled successfully. Rootkit scan completed. Completed script processing. ******************* Finished! Terminate.
-
Jag har inget usb minne. Dc ++ hittar varken jag eller datorsökningen i C utan det ligger i D . men är inte igång då det inte kan komma ut på IT om jag inte godkänner det Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "UACd.sys" found! ImagePath: \systemroot\system32\drivers\UACuwjqbouq.sys Start Type: 1 (System) Rootkit scan completed. Completed script processing. ******************* Finished! Terminate.
-
Hej Malou! Ser att det står => disk error <= Har du några problem med din hårddisk?................ svar Nej Har du fler Operativsystem installerade än Windows XP?.....................svar Nix DC++/ Azureus/paranoia/uTorrent = det är igång men inte till internet då jag måste godkänna det först för brandväggen Jag har godkänt dem O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se Tog bort dem nu C:\Documents and Settings\All Users\Application Data\Symantec\Ghost C:\Program\Delade filer\Symantec Shared Mvh Anders
-
Hello Malou så här bidde det Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 15:27:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Nubben\ntuser.dat, 0 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program\\DC++\\DCPlusPlus.exe"="C:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "C:\\Program\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Enabled:CoDMP" "C:\\Program\\Fildelningsprogram\\paranoia.exe"="C:\\Program\\Fildelningsprogram\\paranoia.exe:*:Enabled:paranoia" "C:\\Program\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II" "C:\\Program\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program\\uTorrent\\utorrent.exe"="C:\\Program\\uTorrent\\utorrent.exe:*:Enabled:æTorrent" "C:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW" "D:\\battlefield\\BF1942.exe"="D:\\battlefield\\BF1942.exe:*:Enabled:BF1942" "D:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe"="D:\\Db\\Db\\Skins\\Anders\\DC++\\DCPlusPlus.exe:*:Enabled:DC++" "D:\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe"="D:\\Battlefield 1942 Secret Weapons of WWII Demo\\BF1942.exe:*:Enabled:BF1942" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\Nubben\\Skrivbord\\Panzer General 2-rip\\panzer2\\PANZER2.EXE"="C:\\Documents and Settings\\Nubben\\Skrivbord\\Panzer General 2-rip\\panzer2\\PANZER2.EXE:*:Enabled:PANZER2" "D:\\Db\\Db\\Skins\\Anders\\Fildelningsprogram\\paranoia.exe"="D:\\Db\\Db\\Skins\\Anders\\Fildelningsprogram\\paranoia.exe:*:Disabled:paranoia" "C:\\Program\\Azureus\\Azureus.exe"="C:\\Program\\Azureus\\Azureus.exe:*:Enabled:Azureus" "D:\\andcar\\BF1942.exe"="D:\\andcar\\BF1942.exe:*:Enabled:BF1942" "D:\\andcar\\call of\\MOHAA.exe"="D:\\andcar\\call of\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\\Program\\mswt kart 2004\\MSWorldTour.exe"="C:\\Program\\mswt kart 2004\\MSWorldTour.exe:*:Disabled:MSWorldTour" "D:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="D:\\Program\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW" "C:\\Program\\Warcraft III\\Warcraft III.exe"="C:\\Program\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program\\Java\\jre6\\bin\\java.exe"="C:\\Program\\Java\\jre6\\bin\\java.exe:*:Enabled:Java Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : Files with Hidden Attributes : Mon 14 Apr 2008 1,695,232 ..SH. --- "C:\Program\Messenger\msmsgs.exe" Fri 22 Jul 2005 32,768 A..H. --- "C:\Program Files\AMV Converter\AmvTransform.dll" Mon 6 Mar 2006 77,824 A..H. --- "C:\Program Files\AMV Converter\AMV_EncDLL.dll" Tue 27 Dec 2005 40,960 A..H. --- "C:\Program Files\AMV Converter\net.dll" Wed 8 Mar 2006 106,496 A..H. --- "C:\Program Files\AMV Converter\transdll.dll" Mon 15 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 31 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Wed 31 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv14.bak" Tue 28 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp" Thu 23 Jan 2003 1,740 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\ccReg.reg" Thu 23 Jan 2003 242,962 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\CommonClient.reg" Thu 23 Jan 2003 158,818 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\IAM.reg" Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM" Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM" Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM" Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM" Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM" Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM" Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM" Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM" Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM" Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM" Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM" Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM" Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM" Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM" Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM" Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM" Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM" Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM" Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM" Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys" Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys" Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS" Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS" Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS" Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS" Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS" Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS" Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS" Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS" Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS" Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS" Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys" Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS" Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS" Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE" Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE" Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS" Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM" Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS" Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS" Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE" Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS" Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE" Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS" Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM" Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS" Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM" Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM" Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys" Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE" Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe" Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM" Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS" Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE" Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com" Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE" Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE" Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM" Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM" Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM" Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com" Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com" Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com" Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com" Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com" Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com" Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com" Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com" Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM" Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com" Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com" Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM" Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com" Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe" Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe" Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com" Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe" Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe" Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe" Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com" Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe" Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com" Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com" Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM" Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM" Finished! ________________________________________________________________________________ _________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:36:16, on 2009-01-22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\rundll32.exe C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\anders scan\Anders HijackThis\This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 8542 bytes
-
hej! jag kunde inte starta om så jag stängde av datorn. sedan funkade det som vanligt Nu har jag gjort som du sa. google är knepigt ännu. hotmail=går att öppna men inte att läsa mina mejl. tradera tar minst 5 min att logga in på :-/ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:20:43, on 2009-01-22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Sygate\SPF\smc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\anders scan\Anders HijackThis\This.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 8542 bytes