virus eller?

[andcar]

*********************************************

2009-02-21:

Tråden är låst då problemet är löst.

Tycker du att den är felaktigt låst, var god kontakta

Malou

*********************************************

Största problemet är att google beter sig konstigt. texten har blivit större och jag hamnar på andra sidor ibland typ. poker siter m.m

Dessutom funkar inte systemåterställning

Jag har även problem med att en del sidor är väldigt sega. Jag kan öppna min hotmail. men inte läsa min mess :-/

Hoppas någon kan hjälpa mig

detta vet jag inte om att jag laddat ner... Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:31:05, on 2009-01-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Avira\AntiVir Server\avguard.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O13 - WWW Prefix:

O15 - Trusted Zone: http://www.adobe.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Server (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir Server\avguard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 10043 bytes

Redigerad Februari 20, 2009 av Malou
Tråden är låst då problemet är löst:

[Gäst Malou]

Hej andcar!

Självklart så skall vi hjälpa dig med allt vi kan

Ser att du har två antivirusprogram installerade (AVG och Antivir). Det är inte bra att ha två antivirusprogram installerade på detta sätt. Avinstallera det du inte använder via kontrollpanelen lägg till/ta bort.

detta vet jag inte om att jag laddat ner... Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

Troligen så har du installerat Google verktygsfält vad jag kan förstå. Du kan avinstallera detta via kontrollpanelen lägg till/ta bort.

Google sökmotor/verktyg finns intrigerat med IE7 så detta extra verktyg behöver inte vara installerat.

Är det du som har installerat => Yahoo! Toolbar/SWEETIE Toolbar och sedan försökt att avinstallera det?

Ser att du inte döpt om filen HiJack This.exe som det rekommenderas i instruktionerna.

C:\Program\Trend Micro\HijackThis\HijackThis.exe

Vänligen Läs/Följ information/instruktioner m.m som finns att hitta på nedanstående sida:

=> Trend Micro HiJack This (Nerladdning/Instruktioner):

Då du döpt om filen så gör ingen ny scanning med verktyget förrän du blir ombedd att göra så.

Gå vidare med nedanstående.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna noga:

Hämta hem Malwarebytes Anti-Malware:

http://www.malwarebytes.org/index.php

1: Spara installationsfilen till skrivbordet

2: För att påbörja installationen dubbelklicka på mbam-setup.exe

3: Bocka för nedanstående

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

4: Klicka på Slutför

Om där finns uppdateringar kommer dessa att installeras.

Då ovanstående är gjort gå vidare med nedanstående procedur:

1: När programmet startar så välj Utför snabb scanning

2: Klicka på knappen Scanna

3: Scanningen kommer nu att ta en stund

3: När programmet scannat klart klicka Ok och sedan Visa resultat

4: Bocka för allt och klicka på Remove Selected

5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

7: Berätta/Tala om hur datorn mår och om där kvarstår problem

OBS: Starta ingen ny tråd i ämnet utan fortsätt posta här i din tråd

MVH/Malou

[andcar]

Hej.

jag har tagit bort det onödiga. laddat ner Malwarebytes Anti-Malware:

men det startar inte.

när jag klickar kommer det upp kör. klickar ja! timglaset kommer igång, men sedan händer inget :-/

[Gäst Malou]

Hej andcar!

Härligt att du har avinstallerat allt onödigt

Såg nu i din TM HJT-logga att du har detta program installerat Malwarebytes Anti-Malware som jag postade om

C:\Program\Malwarebytes' Anti-Malware\

Har detta program fungerat tidigare?

Är det betal eller gratisversion du använder?

MVH/Malou

[Gäst Malou]

Hej igen andcar!

Ett litet tillägg till mitt ovanstående inlägg.

Ser att du har => Windows Defender <= installerad. Gör nedanstående och låt den vara avstängd/avaktiverad under pågående procedurer.

Är också undrande över om det är nödvändigt att ha denna installerad?

Stäng av/Avaktivera Windows Defender (Svensk) under pågående rensningsprocedurer (Mycket viktigt): Då dessa är aktiverade förhindrar de eventuella borttagningar/förändringar som sker i systemet:

Windows Defender (Svensk):

1: Öppna Windows Defender

2: Klicka på "Verktyg"

3: Klicka på "Alternativ" (Kugghjulet) under Inställningar

4: Scrolla ner till "Alternativ för Realtidsskydd"

5: Bocka av (Ta bort bocken) "Avaktivera Realtidsskydd (recommended)"

6: Klicka "Spara"

7: Stäng ner Windows Defender

8: Starta om datorn.

MVH/Malou

[andcar]

Jag har tagit bort det. Det fungerade inte. så jag laddade ner det på nytt.

men det går inte att få igång det. inget händer

[Gäst Malou]

Hej igen Andcar!

Här kommer lite information ang => C:\WINDOWS\ie.exe "Troj/Proxy-ER" <=som jag ser finns i din TM HJT-logga.

Det här är en trojan som installerar sig själv i registret.

http://www.bleepingcomputer.com/startups/ie.exe-16091.html

Troligen kan vi behöva använda helt andra verktyg för att komma åt elakingen. För det verkar som att det är denna som ställer till det med bla programmet Malwarebytes Anti-Malware.

Men vi gör ett försök med att få igång Malwarebytes Anti-Malware och håller tummarna.

MVH/Malou

[Gäst Malou]

Jag har tagit bort det. Det fungerade inte. så jag laddade ner det på nytt.

men det går inte att få igång det. inget händer

Ok.

Då tar vi till andra metoder

RSIT (random's system information tool)

Nedanstående verktyg åtgärdar inget gör enbart en genomsökning. Om där hittas något i loggan så får vi åtgärda manuellt.

Hämta hem RSIT från nedanstående länk

http://images.malwareremoval.com/random/RSIT.exe

1: Spara den till skrivbordet

2: Dubbelklicka på verktyget för att starta RSIT

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

3: Då den scannat klart produceras en textfil (log.txt) i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:\rsit => log.txt <=

4: Kopiera in den loggan hit till din tråd

MVH/Malou

[andcar]

Tack för all hjälp jag får!

Logfile of random's system information tool 1.05 (written by random/random)

Run by Nubben at 2009-01-20 17:24:16

Microsoft Windows XP Professional Service Pack 3

System drive C: has 4 GB (21%) free of 18 GB

Total RAM: 511 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:24:45, on 2009-01-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Nubben\Skrivbord\RSIT.exe

C:\Program\Trend Micro\HijackThis\Nubben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O13 - WWW Prefix:

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 9433 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At10.job

C:\WINDOWS\tasks\At11.job

C:\WINDOWS\tasks\At12.job

C:\WINDOWS\tasks\At13.job

C:\WINDOWS\tasks\At14.job

C:\WINDOWS\tasks\At15.job

C:\WINDOWS\tasks\At16.job

C:\WINDOWS\tasks\At17.job

C:\WINDOWS\tasks\At18.job

C:\WINDOWS\tasks\At19.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At20.job

C:\WINDOWS\tasks\At21.job

C:\WINDOWS\tasks\At22.job

C:\WINDOWS\tasks\At23.job

C:\WINDOWS\tasks\At24.job

C:\WINDOWS\tasks\At25.job

C:\WINDOWS\tasks\At26.job

C:\WINDOWS\tasks\At27.job

C:\WINDOWS\tasks\At28.job

C:\WINDOWS\tasks\At29.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At30.job

C:\WINDOWS\tasks\At31.job

C:\WINDOWS\tasks\At32.job

C:\WINDOWS\tasks\At33.job

C:\WINDOWS\tasks\At34.job

C:\WINDOWS\tasks\At35.job

C:\WINDOWS\tasks\At36.job

C:\WINDOWS\tasks\At37.job

C:\WINDOWS\tasks\At38.job

C:\WINDOWS\tasks\At39.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\At40.job

C:\WINDOWS\tasks\At41.job

C:\WINDOWS\tasks\At42.job

C:\WINDOWS\tasks\At43.job

C:\WINDOWS\tasks\At44.job

C:\WINDOWS\tasks\At45.job

C:\WINDOWS\tasks\At46.job

C:\WINDOWS\tasks\At47.job

C:\WINDOWS\tasks\At48.job

C:\WINDOWS\tasks\At49.job

C:\WINDOWS\tasks\At5.job

C:\WINDOWS\tasks\At50.job

C:\WINDOWS\tasks\At51.job

C:\WINDOWS\tasks\At52.job

C:\WINDOWS\tasks\At53.job

C:\WINDOWS\tasks\At54.job

C:\WINDOWS\tasks\At55.job

C:\WINDOWS\tasks\At56.job

C:\WINDOWS\tasks\At57.job

C:\WINDOWS\tasks\At58.job

C:\WINDOWS\tasks\At59.job

C:\WINDOWS\tasks\At6.job

C:\WINDOWS\tasks\At60.job

C:\WINDOWS\tasks\At61.job

C:\WINDOWS\tasks\At62.job

C:\WINDOWS\tasks\At63.job

C:\WINDOWS\tasks\At64.job

C:\WINDOWS\tasks\At65.job

C:\WINDOWS\tasks\At66.job

C:\WINDOWS\tasks\At67.job

C:\WINDOWS\tasks\At68.job

C:\WINDOWS\tasks\At69.job

C:\WINDOWS\tasks\At7.job

C:\WINDOWS\tasks\At70.job

C:\WINDOWS\tasks\At71.job

C:\WINDOWS\tasks\At72.job

C:\WINDOWS\tasks\At8.job

C:\WINDOWS\tasks\At9.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\Norton Security Scan for Nubben.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Länkhjälp till Adobe PDF Reader - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program\Java\jre6\bin\ssv.dll [2009-01-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program\Canon\Easy-WebPrint\Toolband.dll [2002-12-04 110592]

{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_CC"=C:\Program\Grisoft\AVGFRE~1\avgcc.exe [2008-11-04 590848]

"SmcService"=C:\Program\Sygate\SPF\smc.exe [2005-09-27 2635472]

"QuickTime Task"=C:\Program\QuickTime\qttask.exe [2006-09-01 282624]

"Internet Explorer Run-Time"=C:\WINDOWS\ie.exe []

"nwiz"=nwiz.exe /install []

"Windows Defender"=C:\Program\Windows Defender\MSASCui.exe [2006-11-03 866584]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]

"Sony Ericsson PC Suite"=C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920]

"Adobe Photo Downloader"=C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-01-19 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

"msnmsgr"=C:\Program\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

"Sony Ericsson PC Suite"=C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk]

C:\Program\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart

Personal.lnk - C:\Program\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD}

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\Program\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program\DC++\DCPlusPlus.exe"="C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++"

"C:\Program\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"

"C:\Program\Fildelningsprogram\paranoia.exe"="C:\Program\Fildelningsprogram\paranoia.exe:*:Enabled:paranoia"

"C:\Program\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"

"C:\Program\Grisoft\AVG Free\avginet.exe"="C:\Program\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"

"C:\Program\Grisoft\AVG Free\avgamsvr.exe"="C:\Program\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program\Grisoft\AVG Free\avgcc.exe"="C:\Program\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Program\uTorrent\utorrent.exe"="C:\Program\uTorrent\utorrent.exe:*:Enabled:µTorrent"

"C:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="C:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW"

"D:\battlefield\BF1942.exe"="D:\battlefield\BF1942.exe:*:Enabled:BF1942"

"D:\Db\Db\Skins\Anders\DC++\DCPlusPlus.exe"="D:\Db\Db\Skins\Anders\DC++\DCPlusPlus.exe:*:Enabled:DC++"

"D:\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe"="D:\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe:*:Enabled:BF1942"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Documents and Settings\Nubben\Skrivbord\Panzer General 2-rip\panzer2\PANZER2.EXE"="C:\Documents and Settings\Nubben\Skrivbord\Panzer General 2-rip\panzer2\PANZER2.EXE:*:Enabled:PANZER2"

"D:\Db\Db\Skins\Anders\Fildelningsprogram\paranoia.exe"="D:\Db\Db\Skins\Anders\Fildelningsprogram\paranoia.exe:*:Disabled:paranoia"

"C:\Program\Azureus\Azureus.exe"="C:\Program\Azureus\Azureus.exe:*:Enabled:Azureus"

"D:\andcar\BF1942.exe"="D:\andcar\BF1942.exe:*:Enabled:BF1942"

"D:\andcar\call of\MOHAA.exe"="D:\andcar\call of\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"

"C:\Program\mswt kart 2004\MSWorldTour.exe"="C:\Program\mswt kart 2004\MSWorldTour.exe:*:Disabled:MSWorldTour"

"D:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="D:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW"

"C:\Program\Warcraft III\Warcraft III.exe"="C:\Program\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program\Java\jre6\bin\java.exe"="C:\Program\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-20 17:24:16 ----D---- C:\rsit

2009-01-20 16:46:42 ----D---- C:\Program\CCleaner

2009-01-19 23:26:05 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft

2009-01-19 23:05:47 ----D---- C:\Program\SUPERAntiSpyware

2009-01-19 23:05:12 ----SHD---- C:\Config.Msi

2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\javaws.exe

2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\javaw.exe

2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\java.exe

2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-01-19 20:19:46 ----D---- C:\Program\Norton Security Scan

2009-01-19 18:28:23 ----D---- C:\Avenger

2009-01-19 18:28:22 ----A---- C:\avenger.txt

2009-01-13 09:58:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS

2009-01-03 17:19:17 ----D---- C:\WINDOWS\Prefetch

2009-01-03 17:03:25 ----D---- C:\WINDOWS\l2schemas

2009-01-03 17:03:24 ----D---- C:\WINDOWS\system32\sv

2009-01-03 13:52:08 ----A---- C:\WINDOWS\system32\wuapi.dll.mui

======List of files/folders modified in the last 1 months======

2009-01-20 17:10:23 ----D---- C:\WINDOWS\Temp

2009-01-20 17:02:23 ----SD---- C:\WINDOWS\Tasks

2009-01-20 16:59:50 ----D---- C:\WINDOWS\system32

2009-01-20 16:59:42 ----D---- C:\WINDOWS

2009-01-20 16:58:34 ----RAD---- C:\Program

2009-01-20 16:58:33 ----D---- C:\Program\Google

2009-01-20 16:58:00 ----D---- C:\WINDOWS\system32\drivers

2009-01-20 16:57:09 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-20 16:52:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2009-01-20 16:52:11 ----D---- C:\WINDOWS\Debug

2009-01-20 16:26:44 ----SHD---- C:\WINDOWS\Installer

2009-01-20 09:59:35 ----D---- C:\Documents and Settings\Nubben\Application Data\AVG7

2009-01-19 23:26:07 ----D---- C:\Program\Lavasoft

2009-01-19 23:25:25 ----D---- C:\Program\Delade filer\Wise Installation Wizard

2009-01-19 22:35:06 ----D---- C:\Program\Java

2009-01-19 21:47:50 ----D---- C:\TEMP

2009-01-19 21:25:49 ----D---- C:\Program\Delade filer\Symantec Shared

2009-01-19 20:13:04 ----HD---- C:\Program\InstallShield Installation Information

2009-01-19 19:38:33 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-19 11:42:05 ----HD---- C:\WINDOWS\inf

2009-01-19 11:42:05 ----D---- C:\Program\Windows Live Safety Center

2009-01-19 11:29:48 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-01-13 10:16:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe

2009-01-13 10:15:14 ----D---- C:\Program\Delade filer\Adobe

2009-01-13 10:15:00 ----D---- C:\WINDOWS\WinSxS

2009-01-13 10:13:48 ----D---- C:\Program\Adobe

2009-01-13 09:55:37 ----RHD---- C:\$VAULT$.AVG

2009-01-11 10:04:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-01-09 19:12:36 ----D---- C:\Program\EA GAMES

2009-01-09 19:07:00 ----A---- C:\WINDOWS\NeroDigital.ini

2009-01-09 08:41:41 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-01-03 17:21:52 ----D---- C:\Program\MSN Messenger

2009-01-03 17:18:27 ----D---- C:\WINDOWS\system32\Setup

2009-01-03 17:18:27 ----D---- C:\WINDOWS\AppPatch

2009-01-03 17:18:26 ----D---- C:\WINDOWS\system32\wbem

2009-01-03 17:18:25 ----RSD---- C:\WINDOWS\Fonts

2009-01-03 17:14:12 ----D---- C:\WINDOWS\security

2009-01-03 17:13:07 ----D---- C:\WINDOWS\system32\CatRoot

2009-01-03 17:04:10 ----D---- C:\Program\Messenger

2009-01-03 17:04:07 ----D---- C:\WINDOWS\ServicePackFiles

2009-01-03 17:04:04 ----D---- C:\WINDOWS\EHome

2009-01-03 17:04:01 ----D---- C:\WINDOWS\system32\inetsrv

2009-01-03 17:04:01 ----D---- C:\WINDOWS\network diagnostic

2009-01-03 17:04:00 ----D---- C:\WINDOWS\ime

2009-01-03 17:04:00 ----D---- C:\WINDOWS\Help

2009-01-03 17:03:29 ----D---- C:\WINDOWS\system32\sv-se

2009-01-03 17:03:28 ----D---- C:\WINDOWS\system32\usmt

2009-01-03 17:03:27 ----D---- C:\Program\Movie Maker

2009-01-03 17:03:24 ----D---- C:\WINDOWS\system32\bits

2009-01-03 17:03:23 ----D---- C:\WINDOWS\peernet

2009-01-03 16:57:04 ----D---- C:\WINDOWS\system32\Restore

2009-01-03 16:57:04 ----D---- C:\WINDOWS\system32\npp

2009-01-03 16:57:02 ----D---- C:\WINDOWS\msagent

2009-01-03 16:56:59 ----D---- C:\WINDOWS\srchasst

2009-01-03 16:56:57 ----D---- C:\Program\NetMeeting

2009-01-03 16:56:55 ----D---- C:\WINDOWS\system32\Com

2009-01-03 16:56:50 ----D---- C:\Program\Windows Media Player

2009-01-03 16:56:49 ----D---- C:\Program\Windows NT

2009-01-03 16:56:49 ----D---- C:\Program\Outlook Express

2009-01-03 16:56:43 ----D---- C:\Program\Delade filer\System

2009-01-03 16:56:11 ----D---- C:\WINDOWS\system32\oobe

2009-01-03 16:56:05 ----D---- C:\WINDOWS\system

2009-01-03 16:49:12 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-01-03 16:48:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2009-01-03 13:52:38 ----D---- C:\WINDOWS\SoftwareDistribution

2008-12-30 11:33:57 ----A---- C:\WINDOWS\Edofma.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]

R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-03 4224]

R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-06-21 27776]

R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760]

R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]

R1 P3;Intel PentiumIII-processordrivrutin; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46720]

R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys []

R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-07-28 8552]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-09-28 63232]

R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-09-28 55936]

R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2005-09-27 14944]

R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2005-09-27 14944]

R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2005-09-27 14944]

R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2005-09-27 14944]

R3 ac97intc;Installationstjänst för Intel® 82801-ljuddrivrutin (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-08-02 3198560]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2008-04-13 163584]

R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880]

S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]

S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]

S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]

S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648]

S3 a5cd05l5;a5cd05l5; C:\WINDOWS\system32\drivers\a5cd05l5.sys []

S3 FreshIO;FreshIO; \??\C:\Program\FreshDevices\FreshDiagnose\FreshIO.sys []

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]

S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]

S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]

S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]

S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]

S3 SABProcEnum;SABProcEnum; \??\C:\Program\Internet Explorer\SABProcEnum.sys []

S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]

S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]

S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]

S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]

S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]

S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]

S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]

S3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816]

R2 Avg7UpdSvc;AVG7 Update Service; C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe [2007-06-21 49664]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-01-19 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program\Delade filer\LightScribe\LSSrvc.exe [2006-10-19 61440]

R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]

R2 SmcService;Sygate Personal Firewall Pro; C:\Program\Sygate\SPF\smc.exe [2005-09-27 2635472]

R2 WinDefend;Windows Defender; C:\Program\Windows Defender\MsMpEng.exe [2006-11-03 13592]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 NBService;NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

[Gäst Malou]

Hej Andcar!

Varsegod!

Ser redan nu vid en snabb titt i loggan att där är en del otyg. Återkommer med en procedur så snart jag gått igenom loggan mer grundligt. Tar dock en stund innan jag är klar så håll ut så länge

MVH/Malou

[Gäst Malou]

Hej Andcar!

Vi börjar lite försiktigt med nedanstående procedur.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ instruktionerna mycket noga:

Hämta hem Avenger från någon av nedanstående länkar:

http://swandog46.geekstogo.com/avenger.exe

1: Spara ner den till skrivbordet

2: Öppna Anteckningar (Använd INGEN ANNAN texteditor)

3: Kopiera in nedanstående "Fetmarkerade Text" i Anteckningar inklusive rubriken Files to delete:

Files to delete:

C:\WINDOWS\ie.exe

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At10.job

C:\WINDOWS\tasks\At11.job

C:\WINDOWS\tasks\At12.job

C:\WINDOWS\tasks\At13.job

C:\WINDOWS\tasks\At14.job

C:\WINDOWS\tasks\At15.job

C:\WINDOWS\tasks\At16.job

C:\WINDOWS\tasks\At17.job

C:\WINDOWS\tasks\At18.job

C:\WINDOWS\tasks\At19.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At20.job

C:\WINDOWS\tasks\At21.job

C:\WINDOWS\tasks\At22.job

C:\WINDOWS\tasks\At23.job

C:\WINDOWS\tasks\At24.job

C:\WINDOWS\tasks\At25.job

C:\WINDOWS\tasks\At26.job

C:\WINDOWS\tasks\At27.job

C:\WINDOWS\tasks\At28.job

C:\WINDOWS\tasks\At29.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At30.job

C:\WINDOWS\tasks\At31.job

C:\WINDOWS\tasks\At32.job

C:\WINDOWS\tasks\At33.job

C:\WINDOWS\tasks\At34.job

C:\WINDOWS\tasks\At35.job

C:\WINDOWS\tasks\At36.job

C:\WINDOWS\tasks\At37.job

C:\WINDOWS\tasks\At38.job

C:\WINDOWS\tasks\At39.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\At40.job

C:\WINDOWS\tasks\At41.job

C:\WINDOWS\tasks\At42.job

C:\WINDOWS\tasks\At43.job

C:\WINDOWS\tasks\At44.job

C:\WINDOWS\tasks\At45.job

C:\WINDOWS\tasks\At46.job

C:\WINDOWS\tasks\At47.job

C:\WINDOWS\tasks\At48.job

C:\WINDOWS\tasks\At49.job

C:\WINDOWS\tasks\At5.job

C:\WINDOWS\tasks\At50.job

C:\WINDOWS\tasks\At51.job

C:\WINDOWS\tasks\At52.job

C:\WINDOWS\tasks\At53.job

C:\WINDOWS\tasks\At54.job

C:\WINDOWS\tasks\At55.job

C:\WINDOWS\tasks\At56.job

C:\WINDOWS\tasks\At57.job

C:\WINDOWS\tasks\At58.job

C:\WINDOWS\tasks\At59.job

C:\WINDOWS\tasks\At6.job

C:\WINDOWS\tasks\At60.job

C:\WINDOWS\tasks\At61.job

C:\WINDOWS\tasks\At62.job

C:\WINDOWS\tasks\At63.job

C:\WINDOWS\tasks\At64.job

C:\WINDOWS\tasks\At65.job

C:\WINDOWS\tasks\At66.job

C:\WINDOWS\tasks\At67.job

C:\WINDOWS\tasks\At68.job

C:\WINDOWS\tasks\At69.job

C:\WINDOWS\tasks\At7.job

C:\WINDOWS\tasks\At70.job

C:\WINDOWS\tasks\At71.job

C:\WINDOWS\tasks\At72.job

C:\WINDOWS\tasks\At8.job

C:\WINDOWS\tasks\At9.job

4: Kontrollera noga att varje filnamn står på endast en rad och inte har delats upp på två rader.

5: Starta Avenger

6: I den stora textboxen klistrar du nu in texten som finns i Anteckningar.

7: Bocka i rutan Scan for rootkits om den inte redan är ibockad.

6: Tryck på Execute för att starta Avenger.

8: Datorn kommer nu att starta om (Kan eventuellt starta om två gånger).

9: Efter en liten stund så kommer loggan (C:\avenger.txt) upp, klistra in den loggan hit till din tråd.

10: Gör en ny TM HJT-logga, kopiera in även den

MVH/Malou

[andcar]

Hej Malou. så här ser det ut nu.

rsit funkar inte helt plötsligt. har laddat ner det men samma reultat. Errps subscript used with mom arrov variabel

Mvh Anders

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "UACd.sys" found!

ImagePath: \systemroot\system32\drivers\UACuwjqbouq.sys

Start Type: 1 (System)

Rootkit scan completed.

Error: file "C:\WINDOWS\ie.exe" not found!

Deletion of file "C:\WINDOWS\ie.exe" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

File "C:\WINDOWS\tasks\At1.job" deleted successfully.

File "C:\WINDOWS\tasks\At10.job" deleted successfully.

File "C:\WINDOWS\tasks\At11.job" deleted successfully.

File "C:\WINDOWS\tasks\At12.job" deleted successfully.

File "C:\WINDOWS\tasks\At13.job" deleted successfully.

File "C:\WINDOWS\tasks\At14.job" deleted successfully.

File "C:\WINDOWS\tasks\At15.job" deleted successfully.

File "C:\WINDOWS\tasks\At16.job" deleted successfully.

File "C:\WINDOWS\tasks\At17.job" deleted successfully.

File "C:\WINDOWS\tasks\At18.job" deleted successfully.

File "C:\WINDOWS\tasks\At19.job" deleted successfully.

File "C:\WINDOWS\tasks\At2.job" deleted successfully.

File "C:\WINDOWS\tasks\At20.job" deleted successfully.

File "C:\WINDOWS\tasks\At21.job" deleted successfully.

File "C:\WINDOWS\tasks\At22.job" deleted successfully.

File "C:\WINDOWS\tasks\At23.job" deleted successfully.

File "C:\WINDOWS\tasks\At24.job" deleted successfully.

File "C:\WINDOWS\tasks\At25.job" deleted successfully.

File "C:\WINDOWS\tasks\At26.job" deleted successfully.

File "C:\WINDOWS\tasks\At27.job" deleted successfully.

File "C:\WINDOWS\tasks\At28.job" deleted successfully.

File "C:\WINDOWS\tasks\At29.job" deleted successfully.

File "C:\WINDOWS\tasks\At3.job" deleted successfully.

File "C:\WINDOWS\tasks\At30.job" deleted successfully.

File "C:\WINDOWS\tasks\At31.job" deleted successfully.

File "C:\WINDOWS\tasks\At32.job" deleted successfully.

File "C:\WINDOWS\tasks\At33.job" deleted successfully.

File "C:\WINDOWS\tasks\At34.job" deleted successfully.

File "C:\WINDOWS\tasks\At35.job" deleted successfully.

File "C:\WINDOWS\tasks\At36.job" deleted successfully.

File "C:\WINDOWS\tasks\At37.job" deleted successfully.

File "C:\WINDOWS\tasks\At38.job" deleted successfully.

File "C:\WINDOWS\tasks\At39.job" deleted successfully.

File "C:\WINDOWS\tasks\At4.job" deleted successfully.

File "C:\WINDOWS\tasks\At40.job" deleted successfully.

File "C:\WINDOWS\tasks\At41.job" deleted successfully.

File "C:\WINDOWS\tasks\At42.job" deleted successfully.

File "C:\WINDOWS\tasks\At43.job" deleted successfully.

File "C:\WINDOWS\tasks\At44.job" deleted successfully.

File "C:\WINDOWS\tasks\At45.job" deleted successfully.

File "C:\WINDOWS\tasks\At46.job" deleted successfully.

File "C:\WINDOWS\tasks\At47.job" deleted successfully.

File "C:\WINDOWS\tasks\At48.job" deleted successfully.

File "C:\WINDOWS\tasks\At49.job" deleted successfully.

File "C:\WINDOWS\tasks\At5.job" deleted successfully.

File "C:\WINDOWS\tasks\At50.job" deleted successfully.

File "C:\WINDOWS\tasks\At51.job" deleted successfully.

File "C:\WINDOWS\tasks\At52.job" deleted successfully.

File "C:\WINDOWS\tasks\At53.job" deleted successfully.

File "C:\WINDOWS\tasks\At54.job" deleted successfully.

File "C:\WINDOWS\tasks\At55.job" deleted successfully.

File "C:\WINDOWS\tasks\At56.job" deleted successfully.

File "C:\WINDOWS\tasks\At57.job" deleted successfully.

File "C:\WINDOWS\tasks\At58.job" deleted successfully.

File "C:\WINDOWS\tasks\At59.job" deleted successfully.

File "C:\WINDOWS\tasks\At6.job" deleted successfully.

File "C:\WINDOWS\tasks\At60.job" deleted successfully.

File "C:\WINDOWS\tasks\At61.job" deleted successfully.

File "C:\WINDOWS\tasks\At62.job" deleted successfully.

File "C:\WINDOWS\tasks\At63.job" deleted successfully.

File "C:\WINDOWS\tasks\At64.job" deleted successfully.

File "C:\WINDOWS\tasks\At65.job" deleted successfully.

File "C:\WINDOWS\tasks\At66.job" deleted successfully.

File "C:\WINDOWS\tasks\At67.job" deleted successfully.

File "C:\WINDOWS\tasks\At68.job" deleted successfully.

File "C:\WINDOWS\tasks\At69.job" deleted successfully.

File "C:\WINDOWS\tasks\At7.job" deleted successfully.

File "C:\WINDOWS\tasks\At70.job" deleted successfully.

File "C:\WINDOWS\tasks\At71.job" deleted successfully.

File "C:\WINDOWS\tasks\At72.job" deleted successfully.

File "C:\WINDOWS\tasks\At8.job" deleted successfully.

File "C:\WINDOWS\tasks\At9.job" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[Gäst Malou]

Hej andcar!

rsit funkar inte helt plötsligt.

Ok utgår ifrån att det är den här du menar => RSIT (random's system information tool) <=

Men den behöver inte i nuläget så vi lämnar den för ett tag.

Ser att Avenger har åtgärdat det vi bad om. Men inte C:\WINDOWS\ie.ex.

Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut (omdöpt). Samt se till att Windows Defender är avstängd/avaktiverad.

MVH/Malou

[andcar]

Hej Malou

får en amatör fråga vad det va för filer som togs bort.

Tack för all hjälp jag får av dig!! windofs def har jag inaktiverat

Mvh Anders

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:27:02, on 2009-01-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O13 - WWW Prefix:

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 9717 bytes

[Gäst Malou]

Hej andcar!

får en amatör fråga vad det va för filer som togs bort.

Det vi tog bort med hjälp av Avenger var så kallade Taskjob => exempel=C:\WINDOWS\tasks\At1.job <= Det är schemalagda arbeten. Tyvärr så fanns inte de riktiga filerna synliga i Avenger som brukligt är med andra verktyg där man kan se filernas riktiga namn. Så det är lite svårt att svara på vad exakt det var/är. Men de brukar i regel ställa till med en väldigt massa problem så därför tas dessa alltid bort.

Vore även tacksam om jag kunde få svar på mina tidigare frågor som jag ställde här i tråden och som ännu inte besvarats.

Är det du som har installerat => Yahoo! Toolbar/SWEETIE Toolbar och sedan försökt att avinstallera det?

Är även undrande över nedanstående.

Är det du som lagt dessa som Trusted Zone?

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

******************************************************************************

Ser att du inte har döpt om filen som jag tidigare påtalade. Hur kan det komma sig?

C:\Program\Trend Micro\HijackThis\HijackThis.exe

Vänligen döp om filen enligt tidigare information här i tråden så vi kan gå vidare.

Ser i nuvarnade (ej omdöpta) TM HJT-logga att elakingen finns kvar.

C:\WINDOWS\ie.ex.

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna mycket noga

Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen:

O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe

O13 - WWW Prefix:

Då du gjort ovanstående:

Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

Visa dolda filer och mappar Windows XP och Windows Vista:

Windows XP-Användare:

1: Högerklicka på Start-knappen

2: Välj Utforska

3: I verktygsfältet klicka på => Verktyg => Mappalternativ

4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar

5: Avbocka Dölj filnamnstillägg för kända filtyper

6: Avbocka Dölj skyddade operativsystemfiler

Sök/Leta reda på:

Navigera dig fram enligt nedanstående sökväg och deleta filen

C:\WINDOWS\ie.ex<=Deleta filen.

Vidare:

Fortfarande felsäkert läge:

Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka Ok-knappen

Bocka i de här nedanstående och putsa bort dem. Kontrollera så att där inte finns bockar i övriga rutor om det finns så bocka bort dem.

Recycle Bin = Papperskorgen

Temporary Files = Temporära Filer

Temporary Internet Files = Temporära "Tillfälliga" Internetfiler

Nu:

Starta om datorn till normalläge igen:

1: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut.

2: Berätta/Tala om hur datorn mår och om där kvarstår problem.

MVH/Malou

[andcar]

Hejsan.

ja det är jag som installerat det :-/ trusted zone är oxå jag :-/

google verkar vara dålig som förut.

ibland kommer jag in på windowsclick som ser till att jag kommer till en sida jag inte vill på :-/

Mvh

Anders

Hoppas jag gjort rätt nu....

******************************************************************************

Min dator

Scan saved at 20:43:13, on 2009-01-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Trend Micro\Anders HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 9617 bytes

[Gäst Malou]

Hej Andcar!

Nu vet jag inte riktigt vad du har gjort. Men du har kopierat och klistrat in mitt inlägg i ditt inlägg

ja det är jag som installerat det :-/ trusted zone är oxå jag :-/

Ok och du vill ha Yahoo Toolbar samt SWEETIE Toolbar ?

I sådana fall så bör du installera om dessa. I upplysningssyfte så kan jag tala om att dessa är kända för att dra med sig en del skräp in i systemet samt lite annat smått och gott.

MVH/Malou

[andcar]

hej! jag såg det o skrev in min senaste log sedan jag gjort det du sa i felsäkert läge.

näe jag vill inte ha kvar dem

[Gäst Malou]

Hej igen andcar!

Såja nu blev ditt tidigare inlägg riktigt

Men du har döpt om mappen istället för filen

C:\Program\Trend Micro\Anders HijackThis\HijackThis.exeVänligen döp om filen och ingenting annat.

Titta noga på skärmdumpen som finns medlagd.

=> Trend Micro HiJack This (Nerladdning/Instruktioner):

********************************************************************************

*********

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet.

Läs/Följ instruktionerna mycket noga:

Hämta hem SDFix:

=> SDFix

1: Spara SDFix.exe till skrivbordet

2: Klicka på SDFix.exe

3: SDFixen packas upp här => C:\SDFix.

4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

5: Navigera dig fram till => C:\SDFix => Klicka på runthis.bat => Välj Y.

6: När scanningen är klar så tryck på valfri tangent för att starta om datorn.

7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd.

Gör även en ny TM HJT-logga, kopiera in den hit.

MVH/Malou

[Gäst Malou]

hej! jag såg det o skrev in min senaste log sedan jag gjort det du sa i felsäkert läge.

Jag såg detta efter att jag fått postat mitt sista inlägg

Följ/gör proceduren i mitt sista ovanstående inlägg gällande SDFix.

Samt döp om filen HiJack This.exe och ingenting annat.

näe jag vill inte ha kvar dem

Då åtgärdar vi Yahoo Toolbar samt SWEETIE Toolbar skäpet i en senare procedur.

MVH/Malou

[andcar]

Tack för att du har bra tålamod!

Det bidde ett felmedelande i felsäkert läge på det programmet, så det gick inte att starta det.

stod nått om att det inte gick att läsa ipx/sp

jag körde en ändå o då ser det ut så här,

System Report

*************

Run on 2009-01-20 at 22:06

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\??\C:\WINDOWS\system32\csrss.exe [664]

\??\C:\WINDOWS\system32\winlogon.exe [688]

C:\WINDOWS\system32\services.exe [736]

C:\WINDOWS\system32\lsass.exe [748]

C:\WINDOWS\system32\svchost.exe [924]

C:\WINDOWS\system32\svchost.exe [1008]

C:\Program\Windows Defender\MsMpEng.exe [1116]

C:\WINDOWS\System32\svchost.exe [1160]

C:\WINDOWS\System32\svchost.exe [1220]

C:\WINDOWS\System32\svchost.exe [1344]

C:\Program\Lavasoft\Ad-Aware\aawservice.exe [1540]

C:\WINDOWS\system32\spoolsv.exe [1824]

C:\WINDOWS\Explorer.EXE [284]

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe [320]

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe [436]

C:\Program\Java\jre6\bin\jqs.exe [496]

C:\Program\Delade filer\LightScribe\LSSrvc.exe [528]

C:\WINDOWS\system32\nvsvc32.exe [612]

C:\Program\Sygate\SPF\smc.exe [712]

C:\Program\Grisoft\AVGFRE~1\avgcc.exe [1340]

C:\Program\Windows Defender\MSASCui.exe [1416]

C:\WINDOWS\system32\RUNDLL32.EXE [1448]

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [1484]

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [1508]

C:\Program\Java\jre6\bin\jusched.exe [1640]

C:\WINDOWS\system32\ctfmon.exe [1648]

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [1664]

C:\WINDOWS\system32\rundll32.exe [1668]

C:\Program\MSN Messenger\msnmsgr.exe [1708]

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [1744]

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe [1212]

C:\Program\Personal\bin\Personal.exe [224]

C:\WINDOWS\System32\alg.exe [3408]

C:\WINDOWS\System32\wbem\wmiprvse.exe [3428]

C:\WINDOWS\System32\svchost.exe [3836]

C:\Program\Delade filer\Teleca Shared\Generic.exe [2360]

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe [2896]

C:\Program\Internet Explorer\IEXPLORE.EXE [4020]

Drivers - Running:

ac97intc

ACPI

AFD

agp440

ASCTRM

atapi

audstub

Avg7Core

Avg7RsW

Avg7RsXP

AvgClean

BANTExt

Beep

Cdfs

Cdrom

Disk

dmio

dmload

E100B

Fastfat

Fdc

Fips

Flpydisk

FltMgr

Ftdisk

Gpc

HTTP

i8042prt

IFP700

Imapi

IntelIde

IpNat

IPSec

isapnp

Kbdclass

KSecDD

mnmdd

Mouclass

MountMgr

MRxDAV

MRxSmb

Msfs

mssmbios

Mup

NDIS

NdisTapi

Ndisuio

NdisWan

NDProxy

NetBIOS

NetBT

Npfs

Ntfs

Null

nv

NwlnkIpx

NwlnkNb

NwlnkSpx

NWRDR

P3

Parport

PartMgr

ParVdm

PCI

PptpMiniport

PSched

Ptilink

PxHelp20

RasAcd

Rasl2tp

RasPppoe

Raspti

Rdbss

RDPCDD

rdpdr

redbook

Secdrv

serenum

Serial

sptd

sr

Srv

swenum

sysaudio

Tcpip

Teefer

TermDD

Update

usbhub

usbuhci

VgaSave

VolSnap

Wanarp

wdmaud

wg3n

wg4n

wg5n

wg6n

wpsdrvnt

Drivers - Stopped:

a016bus

a016mdfl

a016mdm

a016mgmt

a016obex

Abiosdsk

abp480n5

ACPIEC

adpu160m

aec

Aha154x

aic78u2

aic78xx

AliIde

amsint

asc

asc3350p

asc3550

AsyncMac

Atdisk

Atmarpc

cbidf2k

cd20xrnt

Cdaudio

Changer

CmdIde

Cpqarray

dac960nt

dmboot

DMusic

dpti2o

drmkaud

FreshIO

hpn

hpt3xx

i2omgmt

i2omp

ini910u

ip6fw

IpFilterDriver

IpInIp

IRENUM

kmixer

lbrtfdc

Modem

mraid35x

MSKSSRV

MSPCLOCK

MSPQM

nv4

NwlnkFlt

NwlnkFwd

PCIDump

PCIIde

Pcmcia

PDCOMP

PDFRAME

PDRELI

PDRFRAME

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

RDPWD

s616bus

s616mdfl

s616mdm

s616mgmt

s616nd5

s616obex

s616unic

SABProcEnum

se59bus

se59mdfl

se59mdm

se59mgmt

se59nd5

se59obex

se59unic

Sfloppy

Simbad

Sparrow

splitter

swmidi

symc810

symc8xx

sym_hi

sym_u3

TDPIPE

TDTCP

TosIde

Udfs

ultra

usbprint

USBSTOR

ViaIde

vsdatant

WDICA

WudfPf

WudfRd

Services - Running:

aawservice

ALG

AudioSrv

Avg7Alrt

Avg7UpdSvc

Browser

DcomLaunch

Dhcp

dmserver

Dnscache

ERSvc

Eventlog

EventSystem

FastUserSwitchingCompatibility

helpsvc

JavaQuickStarterService

lanmanserver

lanmanworkstation

LightScribeService

LmHosts

Netman

Nla

NVSvc

NWCWorkstation

PlugPlay

PolicyAgent

ProtectedStorage

RasMan

RemoteRegistry

RpcSs

SamSs

Schedule

seclogon

SENS

SharedAccess

ShellHWDetection

SmcService

Spooler

srservice

SSDPSRV

stisvc

TapiSrv

Themes

TrkWks

W32Time

WebClient

WinDefend

winmgmt

wuauserv

WZCSVC

Services - Stopped:

Alerter

AppMgmt

aspnet_state

BITS

cisvc

ClipSrv

COMSysApp

CryptSvc

dmadmin

Dot3svc

EapHost

HidServ

hkmsvc

HTTPFilter

IDriverT

ImapiService

Messenger

mnmsrvc

MSDTC

MSIServer

napagent

NBService

NetDDE

NetDDEdsdm

Netlogon

NtLmSsp

NtmsSvc

ose

RasAuto

RDSessMgr

RemoteAccess

RpcLocator

RSVP

SCardSvr

SwPrv

SysmonLog

TermService

TlntSvr

upnphost

UPS

usnjsvc

VSS

WmdmPmSN

Wmi

WmiApSrv

WMPNetworkSvc

wscsvc

WudfSvc

xmlprov

Files Created/Modified - 60 Days:

C:\

2009-01-20 21.57.36 536 399 872 A.SH. "C:\hiberfil.sys"

2009-01-20 21.57.34 804 495 360 A.SH. "C:\pagefile.sys"

C:\WINDOWS\

2009-01-20 21.57.42 2 048 A.S.. "C:\WINDOWS\bootstat.dat"

2009-01-19 22.35.12 410 984 A.... "C:\WINDOWS\system32\deploytk.dll"

2009-01-03 17.18.34 126 112 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"

2009-01-20 18.19.02 94 208 A.... "C:\WINDOWS\system32\iestat.exe"

2009-01-19 22.35.12 144 792 A.... "C:\WINDOWS\system32\java.exe"

2009-01-19 22.35.12 144 792 A.... "C:\WINDOWS\system32\javaw.exe"

2009-01-19 22.35.12 148 888 A.... "C:\WINDOWS\system32\javaws.exe"

2009-01-11 10.04.30 52 764 A.... "C:\WINDOWS\system32\perfc009.dat"

2009-01-11 10.04.30 62 728 A.... "C:\WINDOWS\system32\perfc01D.dat"

2009-01-11 10.04.30 380 350 A.... "C:\WINDOWS\system32\perfh009.dat"

2009-01-11 10.04.30 383 448 A.... "C:\WINDOWS\system32\perfh01D.dat"

2009-01-20 21.58.14 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"

2009-01-20 22.05.32 73 A.... "C:\WINDOWS\Temp\scs4.tmp"

2009-01-18 15.03.24 5 566 A.... "C:\WINDOWS\Temp\winntsec.dat"

2009-01-03 17.19.08 32 051 A.... "C:\WINDOWS\system32\oobe\updshell.htm"

2009-01-19 22.06.42 32 768 A.SH. "C:\WINDOWS\Temp\Cookies\index.dat"

2009-01-03 17.09.44 86 665 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat"

2008-12-10 21.40.44 89 102 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"

2009-01-03 17.19.08 5 693 A.... "C:\WINDOWS\system32\oobe\setup\autoupdt.htm"

2009-01-03 17.19.08 13 738 A.... "C:\WINDOWS\system32\oobe\setup\au_plcy.htm"

2009-01-19 22.06.42 32 768 A.SH. "C:\WINDOWS\Temp\History\History.IE5\index.dat"

2009-01-19 22.06.42 49 152 A.SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat"

2009-01-19 22.06.56 14 866 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QWLNF3UW\headerutilsjs[1].htm"

2009-01-19 22.06.52 55 107 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QWLNF3UW\index[2].htm"

2009-01-03 17.08.12 16 267 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm"

2009-01-03 17.08.12 5 429 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm"

2009-01-03 17.08.12 2 998 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm"

2009-01-03 17.08.14 3 530 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm"

2009-01-03 17.08.12 8 027 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm"

2009-01-03 17.08.14 30 640 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm"

2009-01-03 17.08.12 3 237 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm"

C:\Program\

2008-12-19 19.28.02 1 434 864 A.... "C:\Program\CCleaner\CCleaner.exe"

2009-01-20 16.46.46 114 658 A.... "C:\Program\CCleaner\uninst.exe"

2008-12-11 12.47.46 4 194 304 A.... "C:\Program\DC++\HashData.dat"

2008-11-26 17.48.00 4 141 976 A.... "C:\Program\Windows Live Safety Center\mpengine.dll"

2008-12-19 3.33.50 21 504 A.... "C:\Program\CCleaner\Lang\lang-1063.dll"

2008-12-19 3.34.22 21 504 A.... "C:\Program\CCleaner\Lang\lang-1071.dll"

2008-12-19 3.34.34 21 504 A.... "C:\Program\CCleaner\Lang\lang-1066.dll"

2008-12-19 3.34.30 22 016 A.... "C:\Program\CCleaner\Lang\lang-1050.dll"

2008-12-19 3.33.16 21 504 A.... "C:\Program\CCleaner\Lang\lang-1030.dll"

2008-12-19 3.33.40 23 552 A.... "C:\Program\CCleaner\Lang\lang-1040.dll"

2008-12-19 3.34.12 24 576 A.... "C:\Program\CCleaner\Lang\lang-1034.dll"

2008-12-19 3.33.54 21 504 A.... "C:\Program\CCleaner\Lang\lang-1044.dll"

2008-12-19 3.33.38 23 040 A.... "C:\Program\CCleaner\Lang\lang-1038.dll"

2008-12-19 3.33.10 11 776 A.... "C:\Program\CCleaner\Lang\lang-1028.dll"

2008-12-19 3.34.06 22 016 A.... "C:\Program\CCleaner\Lang\lang-1048.dll"

2008-12-19 3.33.28 21 504 A.... "C:\Program\CCleaner\Lang\lang-1110.dll"

2008-12-19 3.32.50 21 504 A.... "C:\Program\CCleaner\Lang\lang-1051.dll"

2008-12-19 3.34.12 21 504 A.... "C:\Program\CCleaner\Lang\lang-1055.dll"

2008-12-19 3.33.04 19 456 A.... "C:\Program\CCleaner\Lang\lang-1025.dll"

2008-12-19 3.33.22 23 040 A.... "C:\Program\CCleaner\Lang\lang-1035.dll"

2008-12-19 3.33.58 22 016 A.... "C:\Program\CCleaner\Lang\lang-1045.dll"

2008-12-19 3.33.12 20 480 A.... "C:\Program\CCleaner\Lang\lang-1029.dll"

2008-12-19 3.32.52 21 504 A.... "C:\Program\CCleaner\Lang\lang-1052.dll"

2008-12-19 3.33.32 26 112 A.... "C:\Program\CCleaner\Lang\lang-1032.dll"

2008-12-19 3.33.48 11 776 A.... "C:\Program\CCleaner\Lang\lang-1042.dll"

2008-12-19 3.34.24 24 064 A.... "C:\Program\CCleaner\Lang\lang-1026.dll"

2008-12-19 3.33.26 24 576 A.... "C:\Program\CCleaner\Lang\lang-1036.dll"

2008-12-19 3.34.04 24 576 A.... "C:\Program\CCleaner\Lang\lang-1046.dll"

2008-12-19 3.33.18 24 576 A.... "C:\Program\CCleaner\Lang\lang-1043.dll"

2008-12-19 3.33.00 23 040 A.... "C:\Program\CCleaner\Lang\lang-1027.dll"

2008-12-19 3.33.34 18 944 A.... "C:\Program\CCleaner\Lang\lang-1037.dll"

2008-12-19 3.32.58 22 016 A.... "C:\Program\CCleaner\Lang\lang-1031.dll"

2008-12-19 3.33.44 14 848 A.... "C:\Program\CCleaner\Lang\lang-1041.dll"

2008-12-19 3.34.10 20 992 A.... "C:\Program\CCleaner\Lang\lang-1049.dll"

2008-12-19 3.32.54 22 016 A.... "C:\Program\CCleaner\Lang\lang-1053.dll"

2008-12-19 3.34.00 25 088 A.... "C:\Program\CCleaner\Lang\lang-2070.dll"

2008-12-19 3.33.06 11 776 A.... "C:\Program\CCleaner\Lang\lang-2052.dll"

2008-12-19 3.34.20 20 992 A.... "C:\Program\CCleaner\Lang\lang-2074.dll"

2008-12-19 3.34.16 20 992 A.... "C:\Program\CCleaner\Lang\lang-3098.dll"

2008-12-19 3.34.28 21 504 A.... "C:\Program\CCleaner\Lang\lang-5146.dll"

2008-11-28 9.04.40 17 754 112 A.... "C:\Program\Grisoft\AVG Free\avgabout.dll"

2008-11-28 9.04.40 120 064 A.... "C:\Program\Grisoft\AVG Free\avgchk75.exe"

2008-11-28 9.04.40 732 298 A.... "C:\Program\Grisoft\AVG Free\setup.dat"

2009-01-19 22.35.12 994 A.... "C:\Program\Java\jre6\Welcome.html"

2009-01-19 23.28.58 3 265 864 A.... "C:\Program\Lavasoft\Ad-Aware\Ad-Aware.exe"

2009-01-19 23.28.38 1 042 792 A.... "C:\Program\Lavasoft\Ad-Aware\CEAPI.dll"

2009-01-19 23.29.00 622 424 A.... "C:\Program\Lavasoft\Ad-Aware\FreeUpdate.exe"

2009-01-19 23.29.02 465 240 A.... "C:\Program\Lavasoft\Ad-Aware\ThreatWork.exe"

2009-01-20 21.59.58 129 136 A.... "C:\Program\Sygate\SPF\Default.dat"

2008-12-16 3.11.06 672 512 A.... "C:\Program\Sygate\SPF\sdi.dat"

2009-01-20 21.59.58 129 136 A.... "C:\Program\Sygate\SPF\stddef.dat"

2009-01-20 22.00.06 137 136 A.... "C:\Program\Sygate\SPF\StdState.dat"

2008-12-16 3.11.12 33 121 A.... "C:\Program\Sygate\SPF\trojan.dat"

2009-01-20 22.00.06 137 136 A.... "C:\Program\Sygate\SPF\TState.dat"

2009-01-19 22.35.12 1 130 496 A.... "C:\Program\Java\jre6\bin\awt.dll"

2009-01-19 22.35.12 110 592 A.... "C:\Program\Java\jre6\bin\axbridge.dll"

2009-01-19 22.35.12 192 512 A.... "C:\Program\Java\jre6\bin\cmm.dll"

2009-01-19 22.35.12 143 360 A.... "C:\Program\Java\jre6\bin\dcpr.dll"

2009-01-19 22.35.12 77 824 A.... "C:\Program\Java\jre6\bin\deploy.dll"

2009-01-19 22.35.12 410 984 A.... "C:\Program\Java\jre6\bin\deploytk.dll"

2009-01-19 22.35.12 16 896 A.... "C:\Program\Java\jre6\bin\dt_shmem.dll"

2009-01-19 22.35.12 13 312 A.... "C:\Program\Java\jre6\bin\dt_socket.dll"

2009-01-19 22.35.12 339 968 A.... "C:\Program\Java\jre6\bin\fontmanager.dll"

2009-01-19 22.35.12 15 872 A.... "C:\Program\Java\jre6\bin\hpi.dll"

2009-01-19 22.35.12 139 264 A.... "C:\Program\Java\jre6\bin\hprof.dll"

2009-01-19 22.35.12 98 304 A.... "C:\Program\Java\jre6\bin\instrument.dll"

2009-01-19 22.35.12 12 800 A.... "C:\Program\Java\jre6\bin\ioser12.dll"

2009-01-19 22.35.12 7 680 A.... "C:\Program\Java\jre6\bin\j2pcsc.dll"

2009-01-19 22.35.12 37 376 A.... "C:\Program\Java\jre6\bin\j2pkcs11.dll"

2009-01-19 22.35.12 10 240 A.... "C:\Program\Java\jre6\bin\jaas_nt.dll"

2009-01-19 22.35.12 32 664 A.... "C:\Program\Java\jre6\bin\java-rmi.exe"

2009-01-19 22.35.12 126 976 A.... "C:\Program\Java\jre6\bin\java.dll"

2009-01-19 22.35.12 144 792 A.... "C:\Program\Java\jre6\bin\java.exe"

2009-01-19 22.35.12 58 776 A.... "C:\Program\Java\jre6\bin\javacpl.exe"

2009-01-19 22.35.12 144 792 A.... "C:\Program\Java\jre6\bin\javaw.exe"

2009-01-19 22.35.12 148 888 A.... "C:\Program\Java\jre6\bin\javaws.exe"

2009-01-19 22.35.12 14 336 A.... "C:\Program\Java\jre6\bin\java_crw_demo.dll"

2009-01-19 22.35.12 5 120 A.... "C:\Program\Java\jre6\bin\jawt.dll"

2009-01-19 22.35.12 79 256 A.... "C:\Program\Java\jre6\bin\jbroker.exe"

2009-01-19 22.35.12 36 352 A.... "C:\Program\Java\jre6\bin\JdbcOdbc.dll"

2009-01-19 22.35.12 167 936 A.... "C:\Program\Java\jre6\bin\jdwp.dll"

2009-01-19 22.35.12 274 432 A.... "C:\Program\Java\jre6\bin\jkernel.dll"

2009-01-19 22.35.12 77 824 A.... "C:\Program\Java\jre6\bin\jli.dll"

2009-01-19 22.35.12 94 208 A.... "C:\Program\Java\jre6\bin\jp2iexp.dll"

2009-01-19 22.35.12 22 424 A.... "C:\Program\Java\jre6\bin\jp2launcher.exe"

2009-01-19 22.35.12 8 192 A.... "C:\Program\Java\jre6\bin\jp2native.dll"

2009-01-19 22.35.12 34 816 A.... "C:\Program\Java\jre6\bin\jp2ssv.dll"

2009-01-19 22.35.12 147 456 A.... "C:\Program\Java\jre6\bin\jpeg.dll"

2009-01-19 22.35.12 98 304 A.... "C:\Program\Java\jre6\bin\jpicom.dll"

2009-01-19 22.35.12 110 592 A.... "C:\Program\Java\jre6\bin\jpiexp.dll"

2009-01-19 22.35.12 98 304 A.... "C:\Program\Java\jre6\bin\jpinscp.dll"

2009-01-19 22.35.12 65 536 A.... "C:\Program\Java\jre6\bin\jpioji.dll"

2009-01-19 22.35.12 122 880 A.... "C:\Program\Java\jre6\bin\jpishare.dll"

2009-01-19 22.35.12 152 984 A.... "C:\Program\Java\jre6\bin\jqs.exe"

2009-01-19 22.35.12 54 680 A.... "C:\Program\Java\jre6\bin\jqsnotify.exe"

2009-01-19 22.35.12 147 456 A.... "C:\Program\Java\jre6\bin\jsound.dll"

2009-01-19 22.35.12 18 432 A.... "C:\Program\Java\jre6\bin\jsoundds.dll"

2009-01-19 22.35.12 382 384 A.... "C:\Program\Java\jre6\bin\jucheck.exe"

2009-01-19 22.35.12 54 680 A.... "C:\Program\Java\jre6\bin\jureg.exe"

2009-01-19 22.35.12 136 600 A.... "C:\Program\Java\jre6\bin\jusched.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\keytool.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\kinit.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\klist.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\ktab.exe"

2009-01-19 22.35.12 18 432 A.... "C:\Program\Java\jre6\bin\management.dll"

2009-01-19 22.35.12 602 112 A.... "C:\Program\Java\jre6\bin\mlib_image.dll"

2009-01-19 22.35.12 348 160 A.... "C:\Program\Java\jre6\bin\msvcr71.dll"

2009-01-19 22.35.12 266 293 A.... "C:\Program\Java\jre6\bin\msvcrt.dll"

2009-01-19 22.35.12 77 824 A.... "C:\Program\Java\jre6\bin\net.dll"

2009-01-19 22.35.12 20 480 A.... "C:\Program\Java\jre6\bin\nio.dll"

2009-01-19 22.35.12 410 984 A.... "C:\Program\Java\jre6\bin\npdeploytk.dll"

2009-01-19 22.35.12 132 504 A.... "C:\Program\Java\jre6\bin\npjpi160_11.dll"

2009-01-19 22.35.12 126 976 A.... "C:\Program\Java\jre6\bin\npoji610.dll"

2009-01-19 22.35.12 8 192 A.... "C:\Program\Java\jre6\bin\npt.dll"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\orbd.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\pack200.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\policytool.exe"

2009-01-19 22.35.12 5 120 A.... "C:\Program\Java\jre6\bin\rmi.dll"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\rmid.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\rmiregistry.exe"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\servertool.exe"

2009-01-19 22.35.12 131 072 A.... "C:\Program\Java\jre6\bin\splashscreen.dll"

2009-01-19 22.35.12 320 920 A.... "C:\Program\Java\jre6\bin\ssv.dll"

2009-01-19 22.35.12 17 816 A.... "C:\Program\Java\jre6\bin\ssvagent.exe"

2009-01-19 22.35.12 16 384 A.... "C:\Program\Java\jre6\bin\sunmscapi.dll"

2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\tnameserv.exe"

2009-01-19 22.35.12 245 400 A.... "C:\Program\Java\jre6\bin\unicows.dll"

2009-01-19 22.35.12 61 440 A.... "C:\Program\Java\jre6\bin\unpack.dll"

2009-01-19 22.35.12 128 408 A.... "C:\Program\Java\jre6\bin\unpack200.exe"

2009-01-19 22.35.12 31 744 A.... "C:\Program\Java\jre6\bin\verify.dll"

2009-01-19 22.35.12 24 701 A.... "C:\Program\Java\jre6\bin\w2k_lsa_auth.dll"

2009-01-19 22.35.12 110 592 A.... "C:\Program\Java\jre6\bin\wsdetect.dll"

2009-01-19 22.35.12 47 104 A.... "C:\Program\Java\jre6\bin\zip.dll"

2008-12-19 12.50.20 736 A.... "C:\Program\Real\RealPlayer\Msg\Category.dat"

2008-12-30 12.20.48 881 A.... "C:\Program\Winamp\Plugins\ml\main.dat"

2009-01-15 13.52.48 22 016 A.... "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\pdf2img.dll"

2009-01-13 10.08.54 341 352 A.... "C:\Program\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1053-7B44-A90000000001}\Setup.exe"

2009-01-19 22.35.12 2 359 296 A.... "C:\Program\Java\jre6\bin\client\jvm.dll"

2009-01-19 22.35.12 348 160 A.... "C:\Program\Java\jre6\bin\new_plugin\msvcr71.dll"

2009-01-19 22.35.12 410 984 A.... "C:\Program\Java\jre6\bin\new_plugin\npdeploytk.dll"

2009-01-19 22.35.12 65 536 A.... "C:\Program\Java\jre6\bin\new_plugin\npjp2.dll"

2009-01-19 22.35.12 16 801 A.... "C:\Program\Java\jre6\lib\deploy\ffjcext.zip"

2009-01-19 22.35.12 152 576 A.... "C:\Program\Java\jre6\lib\deploy\lzma.dll"

2009-01-19 22.35.12 73 728 A.... "C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"

Files with hidden attributes:

Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program\Spybot - Search & Destroy\SDUpdate.exe"

Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program\Spybot - Search & Destroy\SpybotSD.exe"

Fri 22 Jul 2005 32,768 A..H. --- "C:\Program Files\AMV Converter\AmvTransform.dll"

Mon 6 Mar 2006 77,824 A..H. --- "C:\Program Files\AMV Converter\AMV_EncDLL.dll"

Tue 27 Dec 2005 40,960 A..H. --- "C:\Program Files\AMV Converter\net.dll"

Wed 8 Mar 2006 106,496 A..H. --- "C:\Program Files\AMV Converter\transdll.dll"

Mon 15 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Wed 31 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"

Wed 31 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv14.bak"

Wed 2 Apr 2008 37,376 ...H. --- "C:\Documents and Settings\Nubben\Mina dokument\~WRL0004.tmp"

Tue 28 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp"

Thu 23 Jan 2003 1,740 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\ccReg.reg"

Thu 23 Jan 2003 242,962 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\CommonClient.reg"

Thu 23 Jan 2003 158,818 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\IAM.reg"

Wed 31 Jan 2007 4,348 ...H. --- "C:\Documents and Settings\Nubben\Mina dokument\Min musik\Skerhetskopia fr licens\drmv1key.bak"

Mon 2 Apr 2007 401 A..H. --- "C:\Documents and Settings\Nubben\Mina dokument\Min musik\Skerhetskopia fr licens\drmv1lic.bak"

Tue 13 Mar 2007 9,855 A.SH. --- "C:\Documents and Settings\Nubben\Mina dokument\Min musik\Skerhetskopia fr licens\drmv2key.bak"

Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"

Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"

Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"

Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"

Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"

Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"

Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"

Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"

Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"

Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"

Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"

Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"

Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"

Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"

Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"

Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"

Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"

Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"

Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"

Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"

Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"

Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"

Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"

Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"

Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"

Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"

Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"

Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"

Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"

Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"

Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"

Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"

Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"

Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"

Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"

Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"

Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"

Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"

Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"

Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"

Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"

Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"

Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"

Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"

Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"

Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"

Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"

Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"

Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"

Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"

Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"

Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"

Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"

Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"

Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"

Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"

Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"

Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"

Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"

Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"

Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"

Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"

Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"

Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"

Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"

Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"

Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"

Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"

Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"

Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"

Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"

Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"

Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"

Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"

Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"

Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"

Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"

Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"

Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"

Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"

Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"

Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"

Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"

Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"

Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"

Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"

Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"

Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"

Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"

Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Program Folders:

C:\Program\

Adobe

AsmwSoft

Avanquest update

AVG Free

Belarc

Blender Foundation

Canon

CCleaner

DAEMON Tools Lite

DC++

Delade filer

Disc2Phone

DivX

DivXCodec

EA GAMES

GetData

Grisoft

Hattrick Manager

InstallShield Installation Information

Internet Explorer

IrfanView

iriver

Jasc Software Inc

Java

Lavalys

Lavasoft

Messenger

Microsoft ActiveSync

microsoft frontpage

Microsoft Office

Microsoft Visual Studio

Microsoft.NET

MoodLogic

Movie Maker

Mozilla Firefox

MSN

MSN Apps

MSN Gaming Zone

MSN Messenger

MSXML 4.0

Nero

NetMeeting

Norton Security Scan

OfficeUpdate11

Onlinetjnster

Outlook Express

Personal

PowerQuest

QuickTime

RADsoft

RamBooster 2.0

Real

Scriptfabriken

Sierra On-Line

SmartTrust

Sony Ericsson

Spybot - Search & Destroy

SUPERAntiSpyware

Support Tools

Sygate

Symantec

SystemRequirementsLab

The Playa

Trend Micro

Uninstall Information

Unlocker

Utero Digital Media

uTorrent

Winamp

Windows Defender

Windows Journal Viewer

Windows Live Safety Center

Windows Media Connect 2

Windows Media Player

Windows NT

WindowsUpdate

WinRAR

xerox

Zero G Registry

Zone Labs

C:\Program\Delade filer\

ADAPTEC

Adobe

Ahead

Designer

DirectX

GST

InstallShield

Java

LightScribe

Microsoft Shared

MSSoap

ODBC

Real

Services

Sony Ericsson Shared

SpeechEngines

Symantec Shared

System

Teleca Shared

Webroot Shared

Wise Installation Wizard

xing shared

Add/Remove Programs:

Adobe Flash Player 10 ActiveX

Adobe Shockwave Player 11

AVG Free Edition

Belarc Advisor 7.2

BitZip (remove only)

Canon i250

CCleaner (remove only)

DC++ 0.707

Canon Utilities Easy-PhotoPrint

Easy-WebPrint

EVEREST Corporate Edition v4.50

HijackThis 2.0.2

Microsoft Internationalized Domain Names Mitigation APIs

Windows Internet Explorer 7

IrfanView (remove only)

Windows Genuine Advantage Validation Tool (KB892130)

Säkerhetsuppdatering för Windows Media Player (KB911564)

Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)

Hotfix for Windows Media Format 11 SDK (KB929399)

Säkerhetsuppdatering för Windows Media Player 11 (KB936782)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)

Snabbkorrigering för Windows Media Player 11 (KB939683)

Säkerhetsuppdatering för Windows XP (KB941569)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)

KeePass Password Safe 0.98b

Microsoft .NET Framework 1.1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft National Language Support Downlevel APIs

Norton Security Scan (Symantec Corporation)

NVIDIA Drivers

Oront Burning Kit 1.3.3

Personal 4.4.1

Intel® PRO Network Adapters and Drivers

RealPlayer Basic

Recover My Files

Sierra Utilities

Top Girl Strip Poker

Strippoker II Alexis

Strippoker II Roxy

Svenska Spels Poker

System Requirements Lab

Unlocker 1.8.5

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Notifications (KB905474)

Winamp

Windows Live OneCare safety scanner

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR archiver

Windows Media Format 11 runtime

Windows Media Player 11

Microsoft User-Mode Driver Framework Feature Pack 1.0

Rummel & Rabalder 2

iriver Music Manager

Sygate Personal Firewall Pro

AutoUpdate

Java 6 Update 11

Windows Live Messenger

Sony Ericsson PC Suite 3.209.00

J2SE Runtime Environment 5.0 Update 10

Adobe® Photoshop® Album Starter Edition 3.0

The Sims 2

Avanquest update

Norton Security Scan

Microsoft Tool Web Package:Diruse.exe

Microsoft Office Access 2003

Microsoft Office XP Web Components

Microsoft Office XP Professional with FrontPage

Windows Defender

Adobe Reader 9 - Svenska

RamBooster

Spybot - Search & Destroy

DivX Web Player

MSXML 4.0 SP2 (KB936181)

Nero 7 Essentials

Stronghold

Microsoft .NET Framework 1.1

SUPERAntiSpyware Free Edition

Bomben VX

Ad-Aware

LightScribe 1.4.124.1

QuickTime

Sony Ericsson PC Suite

Disc2Phone

Sun Download Manager 2.0 (web)

µTorrent

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"SmcService"="C:\\Program\\Sygate\\SPF\\smc.exe -startgui"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"nwiz"="nwiz.exe /install"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"Adobe Reader Speed Launcher"="\"C:\\Program\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre6\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"NoChange"="1"

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\""

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon"

Bot Check:

SERVICE_NAME: wscsvc

DISPLAY_NAME : Security Center

START_TYPE : 4 DISABLED

SERVICE_NAME: sharedaccess

DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)

START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv

DISPLAY_NAME : Automatiska uppdateringar

START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice

DISPLAY_NAME : System Restore Service

START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\twex.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program\QuickTime\QTSystem\;C:\Program\Delade filer\Teleca Shared

windir REG_EXPAND_SZ %SystemRoot%

OS REG_SZ Windows_NT

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

CLASSPATH REG_SZ .;C:\Program\Java\jre1.5.0_10\lib\ext\QTJava.zip

QTJAVA REG_SZ C:\Program\Java\jre1.5.0_10\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midi"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{030ee0ac-0f33-50e9-0307-070300010406}

StubPath REG_SZ C:\WINDOWS\System32\xp-clean.exe

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\windefend

<NO NAME> REG_SZ Service

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]

@="\"C:\\Program\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

nästa logg....

Running processes:

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Sygate\SPF\smc.exe

C:\Program\Grisoft\AVGFRE~1\avgcc.exe

C:\Program\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\anders scan\Anders HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.lunarstorm.se

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222

O20 - AppInit_DLLs:

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

--

End of file - 9534 bytes

[Gäst Malou]

Hej andcar!

Nu är jag lite undrande här. Är detta verkligen loggan från SDFix

MVH/Malou

[Gäst Malou]

Hej andcar!

Gör om proceduren med SDFix och i felsäkert läge, med början från punkt 4:

4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge):

5: Navigera dig fram till => C:\SDFix => Klicka på runthis.bat => Välj Y.

6: När scanningen är klar så tryck på valfri tangent för att starta om datorn.

7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd.

Gör även en ny TM HJT-logga, kopiera in den hit.

Och döp om filen som jag har påpekat ett antal gånger nu. Tack.

MVH/Malou

[andcar]

Jag testade detta när det inte funkade i felsäkertläge

DBFix Version 1.005

Run on 2009-01-20 @ 23:02

No DelfBot Files Found

No DelfBot Run Values Found

Finished!

Även

RunThis.bat -->create a systam report. och catch me

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-20 23:06:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0

disk error: C:\Documents and Settings\Nubben\ntuser.dat, 0

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

[Gäst Malou]

Hej andcar!

Är du inloggad som Admin?

Om inte så logga in på ditt adminkonto och utför proceduren.

MVH/Malou