andcar Posted January 20, 2009 Posted January 20, 2009 (edited) ********************************************* 2009-02-21: Tråden är låst då problemet är löst. Tycker du att den är felaktigt låst, var god kontakta Malou ********************************************* Största problemet är att google beter sig konstigt. texten har blivit större och jag hamnar på andra sidor ibland typ. poker siter m.m Dessutom funkar inte systemåterställning Jag har även problem med att en del sidor är väldigt sega. Jag kan öppna min hotmail. men inte läsa min mess :-/ Hoppas någon kan hjälpa mig detta vet jag inte om att jag laddat ner... Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:05, on 2009-01-20 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Avira\AntiVir Server\avguard.exe C:\Program\Java\jre6\bin\jusched.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\Program\Windows Defender\MsMpEng.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O13 - WWW Prefix: O15 - Trusted Zone: http://www.adobe.com O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Server (AntiVirService) - Avira GmbH - C:\Program\Avira\AntiVir Server\avguard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 10043 bytes Edited February 20, 2009 by Malou Tråden är låst då problemet är löst:
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! Självklart så skall vi hjälpa dig med allt vi kan Ser att du har två antivirusprogram installerade (AVG och Antivir). Det är inte bra att ha två antivirusprogram installerade på detta sätt. Avinstallera det du inte använder via kontrollpanelen lägg till/ta bort. detta vet jag inte om att jag laddat ner... Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe Troligen så har du installerat Google verktygsfält vad jag kan förstå. Du kan avinstallera detta via kontrollpanelen lägg till/ta bort. Google sökmotor/verktyg finns intrigerat med IE7 så detta extra verktyg behöver inte vara installerat. Är det du som har installerat => Yahoo! Toolbar/SWEETIE Toolbar och sedan försökt att avinstallera det? Ser att du inte döpt om filen HiJack This.exe som det rekommenderas i instruktionerna. C:\Program\Trend Micro\HijackThis\HijackThis.exe Vänligen Läs/Följ information/instruktioner m.m som finns att hitta på nedanstående sida: => Trend Micro HiJack This (Nerladdning/Instruktioner): Då du döpt om filen så gör ingen ny scanning med verktyget förrän du blir ombedd att göra så. Gå vidare med nedanstående. Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna noga: Hämta hem Malwarebytes Anti-Malware: http://www.malwarebytes.org/index.php 1: Spara installationsfilen till skrivbordet 2: För att påbörja installationen dubbelklicka på mbam-setup.exe 3: Bocka för nedanstående Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware 4: Klicka på Slutför Om där finns uppdateringar kommer dessa att installeras. Då ovanstående är gjort gå vidare med nedanstående procedur: 1: När programmet startar så välj Utför snabb scanning 2: Klicka på knappen Scanna 3: Scanningen kommer nu att ta en stund 3: När programmet scannat klart klicka Ok och sedan Visa resultat 4: Bocka för allt och klicka på Remove Selected 5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd. 6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut. 7: Berätta/Tala om hur datorn mår och om där kvarstår problem OBS: Starta ingen ny tråd i ämnet utan fortsätt posta här i din tråd MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Hej. jag har tagit bort det onödiga. laddat ner Malwarebytes Anti-Malware: men det startar inte. när jag klickar kommer det upp kör. klickar ja! timglaset kommer igång, men sedan händer inget :-/
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! Härligt att du har avinstallerat allt onödigt Såg nu i din TM HJT-logga att du har detta program installerat Malwarebytes Anti-Malware som jag postade om C:\Program\Malwarebytes' Anti-Malware\ Har detta program fungerat tidigare? Är det betal eller gratisversion du använder? MVH/Malou
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej igen andcar! Ett litet tillägg till mitt ovanstående inlägg. Ser att du har => Windows Defender <= installerad. Gör nedanstående och låt den vara avstängd/avaktiverad under pågående procedurer. Är också undrande över om det är nödvändigt att ha denna installerad? Stäng av/Avaktivera Windows Defender (Svensk) under pågående rensningsprocedurer (Mycket viktigt): Då dessa är aktiverade förhindrar de eventuella borttagningar/förändringar som sker i systemet: Windows Defender (Svensk): 1: Öppna Windows Defender 2: Klicka på "Verktyg" 3: Klicka på "Alternativ" (Kugghjulet) under Inställningar 4: Scrolla ner till "Alternativ för Realtidsskydd" 5: Bocka av (Ta bort bocken) "Avaktivera Realtidsskydd (recommended)" 6: Klicka "Spara" 7: Stäng ner Windows Defender 8: Starta om datorn. MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Jag har tagit bort det. Det fungerade inte. så jag laddade ner det på nytt. men det går inte att få igång det. inget händer
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej igen Andcar! Här kommer lite information ang => C:\WINDOWS\ie.exe "Troj/Proxy-ER" <=som jag ser finns i din TM HJT-logga. Det här är en trojan som installerar sig själv i registret. http://www.bleepingcomputer.com/startups/ie.exe-16091.html Troligen kan vi behöva använda helt andra verktyg för att komma åt elakingen. För det verkar som att det är denna som ställer till det med bla programmet Malwarebytes Anti-Malware. Men vi gör ett försök med att få igång Malwarebytes Anti-Malware och håller tummarna. MVH/Malou
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Jag har tagit bort det. Det fungerade inte. så jag laddade ner det på nytt. men det går inte att få igång det. inget händer Ok. Då tar vi till andra metoder RSIT (random's system information tool) Nedanstående verktyg åtgärdar inget gör enbart en genomsökning. Om där hittas något i loggan så får vi åtgärda manuellt. Hämta hem RSIT från nedanstående länk http://images.malwareremoval.com/random/RSIT.exe 1: Spara den till skrivbordet 2: Dubbelklicka på verktyget för att starta RSIT (För Vista => Högerklicka på verktyget och välj => Kör som Admin) 3: Då den scannat klart produceras en textfil (log.txt) i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:\rsit => log.txt <= 4: Kopiera in den loggan hit till din tråd MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Tack för all hjälp jag får! Logfile of random's system information tool 1.05 (written by random/random) Run by Nubben at 2009-01-20 17:24:16 Microsoft Windows XP Professional Service Pack 3 System drive C: has 4 GB (21%) free of 18 GB Total RAM: 511 MB (16% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:24:45, on 2009-01-20 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Nubben\Skrivbord\RSIT.exe C:\Program\Trend Micro\HijackThis\Nubben.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O13 - WWW Prefix: O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 9433 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At25.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At39.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At49.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At50.job C:\WINDOWS\tasks\At51.job C:\WINDOWS\tasks\At52.job C:\WINDOWS\tasks\At53.job C:\WINDOWS\tasks\At54.job C:\WINDOWS\tasks\At55.job C:\WINDOWS\tasks\At56.job C:\WINDOWS\tasks\At57.job C:\WINDOWS\tasks\At58.job C:\WINDOWS\tasks\At59.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At60.job C:\WINDOWS\tasks\At61.job C:\WINDOWS\tasks\At62.job C:\WINDOWS\tasks\At63.job C:\WINDOWS\tasks\At64.job C:\WINDOWS\tasks\At65.job C:\WINDOWS\tasks\At66.job C:\WINDOWS\tasks\At67.job C:\WINDOWS\tasks\At68.job C:\WINDOWS\tasks\At69.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At70.job C:\WINDOWS\tasks\At71.job C:\WINDOWS\tasks\At72.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Norton Security Scan for Nubben.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Länkhjälp till Adobe PDF Reader - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program\Java\jre6\bin\ssv.dll [2009-01-19 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program\Canon\Easy-WebPrint\Toolband.dll [2002-12-04 110592] {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"=C:\Program\Grisoft\AVGFRE~1\avgcc.exe [2008-11-04 590848] "SmcService"=C:\Program\Sygate\SPF\smc.exe [2005-09-27 2635472] "QuickTime Task"=C:\Program\QuickTime\qttask.exe [2006-09-01 282624] "Internet Explorer Run-Time"=C:\WINDOWS\ie.exe [] "nwiz"=nwiz.exe /install [] "Windows Defender"=C:\Program\Windows Defender\MSASCui.exe [2006-11-03 866584] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016] "Sony Ericsson PC Suite"=C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-03-28 593920] "Adobe Photo Downloader"=C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344] "Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-01-19 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264] "msnmsgr"=C:\Program\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] "Sony Ericsson PC Suite"=C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start-meny^Program^Autostart^Microsoft Office.lnk] C:\Program\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart Personal.lnk - C:\Program\Personal\bin\Personal.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=" " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\Program\WIFD1F~1\MpShHook.dll [2006-11-03 83224] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program\DC++\DCPlusPlus.exe"="C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++" "C:\Program\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP" "C:\Program\Fildelningsprogram\paranoia.exe"="C:\Program\Fildelningsprogram\paranoia.exe:*:Enabled:paranoia" "C:\Program\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II" "C:\Program\Grisoft\AVG Free\avginet.exe"="C:\Program\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe" "C:\Program\Grisoft\AVG Free\avgamsvr.exe"="C:\Program\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\Program\Grisoft\AVG Free\avgcc.exe"="C:\Program\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe" "C:\Program\uTorrent\utorrent.exe"="C:\Program\uTorrent\utorrent.exe:*:Enabled:µTorrent" "C:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="C:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW" "D:\battlefield\BF1942.exe"="D:\battlefield\BF1942.exe:*:Enabled:BF1942" "D:\Db\Db\Skins\Anders\DC++\DCPlusPlus.exe"="D:\Db\Db\Skins\Anders\DC++\DCPlusPlus.exe:*:Enabled:DC++" "D:\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe"="D:\Battlefield 1942 Secret Weapons of WWII Demo\BF1942.exe:*:Enabled:BF1942" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\Nubben\Skrivbord\Panzer General 2-rip\panzer2\PANZER2.EXE"="C:\Documents and Settings\Nubben\Skrivbord\Panzer General 2-rip\panzer2\PANZER2.EXE:*:Enabled:PANZER2" "D:\Db\Db\Skins\Anders\Fildelningsprogram\paranoia.exe"="D:\Db\Db\Skins\Anders\Fildelningsprogram\paranoia.exe:*:Disabled:paranoia" "C:\Program\Azureus\Azureus.exe"="C:\Program\Azureus\Azureus.exe:*:Enabled:Azureus" "D:\andcar\BF1942.exe"="D:\andcar\BF1942.exe:*:Enabled:BF1942" "D:\andcar\call of\MOHAA.exe"="D:\andcar\call of\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault" "C:\Program\mswt kart 2004\MSWorldTour.exe"="C:\Program\mswt kart 2004\MSWorldTour.exe:*:Disabled:MSWorldTour" "D:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="D:\Program\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW" "C:\Program\Warcraft III\Warcraft III.exe"="C:\Program\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III" "C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program\Java\jre6\bin\java.exe"="C:\Program\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2009-01-20 17:24:16 ----D---- C:\rsit 2009-01-20 16:46:42 ----D---- C:\Program\CCleaner 2009-01-19 23:26:05 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2009-01-19 23:05:47 ----D---- C:\Program\SUPERAntiSpyware 2009-01-19 23:05:12 ----SHD---- C:\Config.Msi 2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\java.exe 2009-01-19 22:35:33 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-19 20:19:46 ----D---- C:\Program\Norton Security Scan 2009-01-19 18:28:23 ----D---- C:\Avenger 2009-01-19 18:28:22 ----A---- C:\avenger.txt 2009-01-13 09:58:40 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS 2009-01-03 17:19:17 ----D---- C:\WINDOWS\Prefetch 2009-01-03 17:03:25 ----D---- C:\WINDOWS\l2schemas 2009-01-03 17:03:24 ----D---- C:\WINDOWS\system32\sv 2009-01-03 13:52:08 ----A---- C:\WINDOWS\system32\wuapi.dll.mui ======List of files/folders modified in the last 1 months====== 2009-01-20 17:10:23 ----D---- C:\WINDOWS\Temp 2009-01-20 17:02:23 ----SD---- C:\WINDOWS\Tasks 2009-01-20 16:59:50 ----D---- C:\WINDOWS\system32 2009-01-20 16:59:42 ----D---- C:\WINDOWS 2009-01-20 16:58:34 ----RAD---- C:\Program 2009-01-20 16:58:33 ----D---- C:\Program\Google 2009-01-20 16:58:00 ----D---- C:\WINDOWS\system32\drivers 2009-01-20 16:57:09 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-20 16:52:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-01-20 16:52:11 ----D---- C:\WINDOWS\Debug 2009-01-20 16:26:44 ----SHD---- C:\WINDOWS\Installer 2009-01-20 09:59:35 ----D---- C:\Documents and Settings\Nubben\Application Data\AVG7 2009-01-19 23:26:07 ----D---- C:\Program\Lavasoft 2009-01-19 23:25:25 ----D---- C:\Program\Delade filer\Wise Installation Wizard 2009-01-19 22:35:06 ----D---- C:\Program\Java 2009-01-19 21:47:50 ----D---- C:\TEMP 2009-01-19 21:25:49 ----D---- C:\Program\Delade filer\Symantec Shared 2009-01-19 20:13:04 ----HD---- C:\Program\InstallShield Installation Information 2009-01-19 19:38:33 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-19 11:42:05 ----HD---- C:\WINDOWS\inf 2009-01-19 11:42:05 ----D---- C:\Program\Windows Live Safety Center 2009-01-19 11:29:48 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-01-13 10:16:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe 2009-01-13 10:15:14 ----D---- C:\Program\Delade filer\Adobe 2009-01-13 10:15:00 ----D---- C:\WINDOWS\WinSxS 2009-01-13 10:13:48 ----D---- C:\Program\Adobe 2009-01-13 09:55:37 ----RHD---- C:\$VAULT$.AVG 2009-01-11 10:04:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-09 19:12:36 ----D---- C:\Program\EA GAMES 2009-01-09 19:07:00 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-09 08:41:41 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-03 17:21:52 ----D---- C:\Program\MSN Messenger 2009-01-03 17:18:27 ----D---- C:\WINDOWS\system32\Setup 2009-01-03 17:18:27 ----D---- C:\WINDOWS\AppPatch 2009-01-03 17:18:26 ----D---- C:\WINDOWS\system32\wbem 2009-01-03 17:18:25 ----RSD---- C:\WINDOWS\Fonts 2009-01-03 17:14:12 ----D---- C:\WINDOWS\security 2009-01-03 17:13:07 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-03 17:04:10 ----D---- C:\Program\Messenger 2009-01-03 17:04:07 ----D---- C:\WINDOWS\ServicePackFiles 2009-01-03 17:04:04 ----D---- C:\WINDOWS\EHome 2009-01-03 17:04:01 ----D---- C:\WINDOWS\system32\inetsrv 2009-01-03 17:04:01 ----D---- C:\WINDOWS\network diagnostic 2009-01-03 17:04:00 ----D---- C:\WINDOWS\ime 2009-01-03 17:04:00 ----D---- C:\WINDOWS\Help 2009-01-03 17:03:29 ----D---- C:\WINDOWS\system32\sv-se 2009-01-03 17:03:28 ----D---- C:\WINDOWS\system32\usmt 2009-01-03 17:03:27 ----D---- C:\Program\Movie Maker 2009-01-03 17:03:24 ----D---- C:\WINDOWS\system32\bits 2009-01-03 17:03:23 ----D---- C:\WINDOWS\peernet 2009-01-03 16:57:04 ----D---- C:\WINDOWS\system32\Restore 2009-01-03 16:57:04 ----D---- C:\WINDOWS\system32\npp 2009-01-03 16:57:02 ----D---- C:\WINDOWS\msagent 2009-01-03 16:56:59 ----D---- C:\WINDOWS\srchasst 2009-01-03 16:56:57 ----D---- C:\Program\NetMeeting 2009-01-03 16:56:55 ----D---- C:\WINDOWS\system32\Com 2009-01-03 16:56:50 ----D---- C:\Program\Windows Media Player 2009-01-03 16:56:49 ----D---- C:\Program\Windows NT 2009-01-03 16:56:49 ----D---- C:\Program\Outlook Express 2009-01-03 16:56:43 ----D---- C:\Program\Delade filer\System 2009-01-03 16:56:11 ----D---- C:\WINDOWS\system32\oobe 2009-01-03 16:56:05 ----D---- C:\WINDOWS\system 2009-01-03 16:49:12 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-01-03 16:48:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-01-03 13:52:38 ----D---- C:\WINDOWS\SoftwareDistribution 2008-12-30 11:33:57 ----A---- C:\WINDOWS\Edofma.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856] R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-01-03 4224] R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-06-21 27776] R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-21 10760] R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840] R1 P3;Intel PentiumIII-processordrivrutin; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46720] R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys [] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2007-07-28 8552] R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-09-28 63232] R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-09-28 55936] R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2005-09-27 14944] R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2005-09-27 14944] R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2005-09-27 14944] R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2005-09-27 14944] R3 ac97intc;Installationstjänst för Intel® 82801-ljuddrivrutin (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-08-02 3198560] R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2008-04-13 163584] R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 a016bus;Sony Ericsson Device A016 driver (WDM); C:\WINDOWS\system32\DRIVERS\a016bus.sys [2008-01-18 83880] S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter; C:\WINDOWS\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016] S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\a016mdm.sys [2008-01-18 110504] S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488] S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\a016obex.sys [2008-01-18 100648] S3 a5cd05l5;a5cd05l5; C:\WINDOWS\system32\drivers\a5cd05l5.sys [] S3 FreshIO;FreshIO; \??\C:\Program\FreshDevices\FreshDiagnose\FreshIO.sys [] S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648] S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208] S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112] S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680] S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360] S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176] S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568] S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080] S3 SABProcEnum;SABProcEnum; \??\C:\Program\Internet Explorer\SABProcEnum.sys [] S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800] S3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] R2 Avg7Alrt;AVG7 Alert Manager Server; C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816] R2 Avg7UpdSvc;AVG7 Update Service; C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe [2007-06-21 49664] R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-01-19 152984] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program\Delade filer\LightScribe\LSSrvc.exe [2006-10-19 61440] R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043] R2 SmcService;Sygate Personal Firewall Pro; C:\Program\Sygate\SPF\smc.exe [2005-09-27 2635472] R2 WinDefend;Windows Defender; C:\Program\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 NBService;NBService; C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Läsartjänsten USN Journal för mappdelning i Messenger; C:\Program\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-----------------
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej Andcar! Varsegod! Ser redan nu vid en snabb titt i loggan att där är en del otyg. Återkommer med en procedur så snart jag gått igenom loggan mer grundligt. Tar dock en stund innan jag är klar så håll ut så länge MVH/Malou
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej Andcar! Vi börjar lite försiktigt med nedanstående procedur. Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna mycket noga: Hämta hem Avenger från någon av nedanstående länkar: http://swandog46.geekstogo.com/avenger.exe 1: Spara ner den till skrivbordet 2: Öppna Anteckningar (Använd INGEN ANNAN texteditor) 3: Kopiera in nedanstående "Fetmarkerade Text" i Anteckningar inklusive rubriken Files to delete: Files to delete: C:\WINDOWS\ie.exe C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At25.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At39.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At49.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At50.job C:\WINDOWS\tasks\At51.job C:\WINDOWS\tasks\At52.job C:\WINDOWS\tasks\At53.job C:\WINDOWS\tasks\At54.job C:\WINDOWS\tasks\At55.job C:\WINDOWS\tasks\At56.job C:\WINDOWS\tasks\At57.job C:\WINDOWS\tasks\At58.job C:\WINDOWS\tasks\At59.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At60.job C:\WINDOWS\tasks\At61.job C:\WINDOWS\tasks\At62.job C:\WINDOWS\tasks\At63.job C:\WINDOWS\tasks\At64.job C:\WINDOWS\tasks\At65.job C:\WINDOWS\tasks\At66.job C:\WINDOWS\tasks\At67.job C:\WINDOWS\tasks\At68.job C:\WINDOWS\tasks\At69.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At70.job C:\WINDOWS\tasks\At71.job C:\WINDOWS\tasks\At72.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job 4: Kontrollera noga att varje filnamn står på endast en rad och inte har delats upp på två rader. 5: Starta Avenger 6: I den stora textboxen klistrar du nu in texten som finns i Anteckningar. 7: Bocka i rutan Scan for rootkits om den inte redan är ibockad. 6: Tryck på Execute för att starta Avenger. 8: Datorn kommer nu att starta om (Kan eventuellt starta om två gånger). 9: Efter en liten stund så kommer loggan (C:\avenger.txt) upp, klistra in den loggan hit till din tråd. 10: Gör en ny TM HJT-logga, kopiera in även den MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Hej Malou. så här ser det ut nu. rsit funkar inte helt plötsligt. har laddat ner det men samma reultat. Errps subscript used with mom arrov variabel Mvh Anders Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "UACd.sys" found! ImagePath: \systemroot\system32\drivers\UACuwjqbouq.sys Start Type: 1 (System) Rootkit scan completed. Error: file "C:\WINDOWS\ie.exe" not found! Deletion of file "C:\WINDOWS\ie.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\tasks\At1.job" deleted successfully. File "C:\WINDOWS\tasks\At10.job" deleted successfully. File "C:\WINDOWS\tasks\At11.job" deleted successfully. File "C:\WINDOWS\tasks\At12.job" deleted successfully. File "C:\WINDOWS\tasks\At13.job" deleted successfully. File "C:\WINDOWS\tasks\At14.job" deleted successfully. File "C:\WINDOWS\tasks\At15.job" deleted successfully. File "C:\WINDOWS\tasks\At16.job" deleted successfully. File "C:\WINDOWS\tasks\At17.job" deleted successfully. File "C:\WINDOWS\tasks\At18.job" deleted successfully. File "C:\WINDOWS\tasks\At19.job" deleted successfully. File "C:\WINDOWS\tasks\At2.job" deleted successfully. File "C:\WINDOWS\tasks\At20.job" deleted successfully. File "C:\WINDOWS\tasks\At21.job" deleted successfully. File "C:\WINDOWS\tasks\At22.job" deleted successfully. File "C:\WINDOWS\tasks\At23.job" deleted successfully. File "C:\WINDOWS\tasks\At24.job" deleted successfully. File "C:\WINDOWS\tasks\At25.job" deleted successfully. File "C:\WINDOWS\tasks\At26.job" deleted successfully. File "C:\WINDOWS\tasks\At27.job" deleted successfully. File "C:\WINDOWS\tasks\At28.job" deleted successfully. File "C:\WINDOWS\tasks\At29.job" deleted successfully. File "C:\WINDOWS\tasks\At3.job" deleted successfully. File "C:\WINDOWS\tasks\At30.job" deleted successfully. File "C:\WINDOWS\tasks\At31.job" deleted successfully. File "C:\WINDOWS\tasks\At32.job" deleted successfully. File "C:\WINDOWS\tasks\At33.job" deleted successfully. File "C:\WINDOWS\tasks\At34.job" deleted successfully. File "C:\WINDOWS\tasks\At35.job" deleted successfully. File "C:\WINDOWS\tasks\At36.job" deleted successfully. File "C:\WINDOWS\tasks\At37.job" deleted successfully. File "C:\WINDOWS\tasks\At38.job" deleted successfully. File "C:\WINDOWS\tasks\At39.job" deleted successfully. File "C:\WINDOWS\tasks\At4.job" deleted successfully. File "C:\WINDOWS\tasks\At40.job" deleted successfully. File "C:\WINDOWS\tasks\At41.job" deleted successfully. File "C:\WINDOWS\tasks\At42.job" deleted successfully. File "C:\WINDOWS\tasks\At43.job" deleted successfully. File "C:\WINDOWS\tasks\At44.job" deleted successfully. File "C:\WINDOWS\tasks\At45.job" deleted successfully. File "C:\WINDOWS\tasks\At46.job" deleted successfully. File "C:\WINDOWS\tasks\At47.job" deleted successfully. File "C:\WINDOWS\tasks\At48.job" deleted successfully. File "C:\WINDOWS\tasks\At49.job" deleted successfully. File "C:\WINDOWS\tasks\At5.job" deleted successfully. File "C:\WINDOWS\tasks\At50.job" deleted successfully. File "C:\WINDOWS\tasks\At51.job" deleted successfully. File "C:\WINDOWS\tasks\At52.job" deleted successfully. File "C:\WINDOWS\tasks\At53.job" deleted successfully. File "C:\WINDOWS\tasks\At54.job" deleted successfully. File "C:\WINDOWS\tasks\At55.job" deleted successfully. File "C:\WINDOWS\tasks\At56.job" deleted successfully. File "C:\WINDOWS\tasks\At57.job" deleted successfully. File "C:\WINDOWS\tasks\At58.job" deleted successfully. File "C:\WINDOWS\tasks\At59.job" deleted successfully. File "C:\WINDOWS\tasks\At6.job" deleted successfully. File "C:\WINDOWS\tasks\At60.job" deleted successfully. File "C:\WINDOWS\tasks\At61.job" deleted successfully. File "C:\WINDOWS\tasks\At62.job" deleted successfully. File "C:\WINDOWS\tasks\At63.job" deleted successfully. File "C:\WINDOWS\tasks\At64.job" deleted successfully. File "C:\WINDOWS\tasks\At65.job" deleted successfully. File "C:\WINDOWS\tasks\At66.job" deleted successfully. File "C:\WINDOWS\tasks\At67.job" deleted successfully. File "C:\WINDOWS\tasks\At68.job" deleted successfully. File "C:\WINDOWS\tasks\At69.job" deleted successfully. File "C:\WINDOWS\tasks\At7.job" deleted successfully. File "C:\WINDOWS\tasks\At70.job" deleted successfully. File "C:\WINDOWS\tasks\At71.job" deleted successfully. File "C:\WINDOWS\tasks\At72.job" deleted successfully. File "C:\WINDOWS\tasks\At8.job" deleted successfully. File "C:\WINDOWS\tasks\At9.job" deleted successfully. Completed script processing. ******************* Finished! Terminate.
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! rsit funkar inte helt plötsligt. Ok utgår ifrån att det är den här du menar => RSIT (random's system information tool) <= Men den behöver inte i nuläget så vi lämnar den för ett tag. Ser att Avenger har åtgärdat det vi bad om. Men inte C:\WINDOWS\ie.ex. Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut (omdöpt). Samt se till att Windows Defender är avstängd/avaktiverad. MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Hej Malou får en amatör fråga vad det va för filer som togs bort. Tack för all hjälp jag får av dig!! windofs def har jag inaktiverat Mvh Anders Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:27:02, on 2009-01-20 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Personal\bin\Personal.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe, O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O13 - WWW Prefix: O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 9717 bytes
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! får en amatör fråga vad det va för filer som togs bort. Det vi tog bort med hjälp av Avenger var så kallade Taskjob => exempel=C:\WINDOWS\tasks\At1.job <= Det är schemalagda arbeten. Tyvärr så fanns inte de riktiga filerna synliga i Avenger som brukligt är med andra verktyg där man kan se filernas riktiga namn. Så det är lite svårt att svara på vad exakt det var/är. Men de brukar i regel ställa till med en väldigt massa problem så därför tas dessa alltid bort. Vore även tacksam om jag kunde få svar på mina tidigare frågor som jag ställde här i tråden och som ännu inte besvarats. Är det du som har installerat => Yahoo! Toolbar/SWEETIE Toolbar och sedan försökt att avinstallera det? Är även undrande över nedanstående. Är det du som lagt dessa som Trusted Zone? O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se ****************************************************************************** Ser att du inte har döpt om filen som jag tidigare påtalade. Hur kan det komma sig? C:\Program\Trend Micro\HijackThis\HijackThis.exe Vänligen döp om filen enligt tidigare information här i tråden så vi kan gå vidare. Ser i nuvarnade (ej omdöpta) TM HJT-logga att elakingen finns kvar. C:\WINDOWS\ie.ex. Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ Instruktionerna mycket noga Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen: O4 - HKLM\..\Run: [internet Explorer Run-Time] C:\WINDOWS\ie.exe O13 - WWW Prefix: Då du gjort ovanstående: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge): Visa dolda filer och mappar Windows XP och Windows Vista: Windows XP-Användare: 1: Högerklicka på Start-knappen 2: Välj Utforska 3: I verktygsfältet klicka på => Verktyg => Mappalternativ 4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar 5: Avbocka Dölj filnamnstillägg för kända filtyper 6: Avbocka Dölj skyddade operativsystemfiler Sök/Leta reda på: Navigera dig fram enligt nedanstående sökväg och deleta filen C:\WINDOWS\ie.ex<=Deleta filen. Vidare: Fortfarande felsäkert läge: Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka Ok-knappen Bocka i de här nedanstående och putsa bort dem. Kontrollera så att där inte finns bockar i övriga rutor om det finns så bocka bort dem. Recycle Bin = Papperskorgen Temporary Files = Temporära Filer Temporary Internet Files = Temporära "Tillfälliga" Internetfiler Nu: Starta om datorn till normalläge igen: 1: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut. 2: Berätta/Tala om hur datorn mår och om där kvarstår problem. MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Hejsan. ja det är jag som installerat det :-/ trusted zone är oxå jag :-/ google verkar vara dålig som förut. ibland kommer jag in på windowsclick som ser till att jag kommer till en sida jag inte vill på :-/ Mvh Anders Hoppas jag gjort rätt nu.... ****************************************************************************** Min dator Scan saved at 20:43:13, on 2009-01-20 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\Program\Personal\bin\Personal.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Trend Micro\Anders HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe, O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 9617 bytes
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej Andcar! Nu vet jag inte riktigt vad du har gjort. Men du har kopierat och klistrat in mitt inlägg i ditt inlägg ja det är jag som installerat det :-/ trusted zone är oxå jag :-/ Ok och du vill ha Yahoo Toolbar samt SWEETIE Toolbar ? I sådana fall så bör du installera om dessa. I upplysningssyfte så kan jag tala om att dessa är kända för att dra med sig en del skräp in i systemet samt lite annat smått och gott. MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 hej! jag såg det o skrev in min senaste log sedan jag gjort det du sa i felsäkert läge. näe jag vill inte ha kvar dem
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej igen andcar! Såja nu blev ditt tidigare inlägg riktigt Men du har döpt om mappen istället för filen C:\Program\Trend Micro\Anders HijackThis\HijackThis.exeVänligen döp om filen och ingenting annat. Titta noga på skärmdumpen som finns medlagd. => Trend Micro HiJack This (Nerladdning/Instruktioner): ******************************************************************************** ********* Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet. Läs/Följ instruktionerna mycket noga: Hämta hem SDFix: => SDFix 1: Spara SDFix.exe till skrivbordet 2: Klicka på SDFix.exe 3: SDFixen packas upp här => C:\SDFix. 4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge): 5: Navigera dig fram till => C:\SDFix => Klicka på runthis.bat => Välj Y. 6: När scanningen är klar så tryck på valfri tangent för att starta om datorn. 7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd. Gör även en ny TM HJT-logga, kopiera in den hit. MVH/Malou
Guest Malou Posted January 20, 2009 Posted January 20, 2009 hej! jag såg det o skrev in min senaste log sedan jag gjort det du sa i felsäkert läge. Jag såg detta efter att jag fått postat mitt sista inlägg Följ/gör proceduren i mitt sista ovanstående inlägg gällande SDFix. Samt döp om filen HiJack This.exe och ingenting annat. näe jag vill inte ha kvar dem Då åtgärdar vi Yahoo Toolbar samt SWEETIE Toolbar skäpet i en senare procedur. MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Tack för att du har bra tålamod! Det bidde ett felmedelande i felsäkert läge på det programmet, så det gick inte att starta det. stod nått om att det inte gick att läsa ipx/sp jag körde en ändå o då ser det ut så här, System Report ************* Run on 2009-01-20 at 22:06 Microsoft Windows XP [Version 5.1.2600] Current user is an administrator Running Processes: \??\C:\WINDOWS\system32\csrss.exe [664] \??\C:\WINDOWS\system32\winlogon.exe [688] C:\WINDOWS\system32\services.exe [736] C:\WINDOWS\system32\lsass.exe [748] C:\WINDOWS\system32\svchost.exe [924] C:\WINDOWS\system32\svchost.exe [1008] C:\Program\Windows Defender\MsMpEng.exe [1116] C:\WINDOWS\System32\svchost.exe [1160] C:\WINDOWS\System32\svchost.exe [1220] C:\WINDOWS\System32\svchost.exe [1344] C:\Program\Lavasoft\Ad-Aware\aawservice.exe [1540] C:\WINDOWS\system32\spoolsv.exe [1824] C:\WINDOWS\Explorer.EXE [284] C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe [320] C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe [436] C:\Program\Java\jre6\bin\jqs.exe [496] C:\Program\Delade filer\LightScribe\LSSrvc.exe [528] C:\WINDOWS\system32\nvsvc32.exe [612] C:\Program\Sygate\SPF\smc.exe [712] C:\Program\Grisoft\AVGFRE~1\avgcc.exe [1340] C:\Program\Windows Defender\MSASCui.exe [1416] C:\WINDOWS\system32\RUNDLL32.EXE [1448] C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [1484] C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [1508] C:\Program\Java\jre6\bin\jusched.exe [1640] C:\WINDOWS\system32\ctfmon.exe [1648] C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe [1664] C:\WINDOWS\system32\rundll32.exe [1668] C:\Program\MSN Messenger\msnmsgr.exe [1708] C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [1744] C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe [1212] C:\Program\Personal\bin\Personal.exe [224] C:\WINDOWS\System32\alg.exe [3408] C:\WINDOWS\System32\wbem\wmiprvse.exe [3428] C:\WINDOWS\System32\svchost.exe [3836] C:\Program\Delade filer\Teleca Shared\Generic.exe [2360] C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe [2896] C:\Program\Internet Explorer\IEXPLORE.EXE [4020] Drivers - Running: ac97intc ACPI AFD agp440 ASCTRM atapi audstub Avg7Core Avg7RsW Avg7RsXP AvgClean BANTExt Beep Cdfs Cdrom Disk dmio dmload E100B Fastfat Fdc Fips Flpydisk FltMgr Ftdisk Gpc HTTP i8042prt IFP700 Imapi IntelIde IpNat IPSec isapnp Kbdclass KSecDD mnmdd Mouclass MountMgr MRxDAV MRxSmb Msfs mssmbios Mup NDIS NdisTapi Ndisuio NdisWan NDProxy NetBIOS NetBT Npfs Ntfs Null nv NwlnkIpx NwlnkNb NwlnkSpx NWRDR P3 Parport PartMgr ParVdm PCI PptpMiniport PSched Ptilink PxHelp20 RasAcd Rasl2tp RasPppoe Raspti Rdbss RDPCDD rdpdr redbook Secdrv serenum Serial sptd sr Srv swenum sysaudio Tcpip Teefer TermDD Update usbhub usbuhci VgaSave VolSnap Wanarp wdmaud wg3n wg4n wg5n wg6n wpsdrvnt Drivers - Stopped: a016bus a016mdfl a016mdm a016mgmt a016obex Abiosdsk abp480n5 ACPIEC adpu160m aec Aha154x aic78u2 aic78xx AliIde amsint asc asc3350p asc3550 AsyncMac Atdisk Atmarpc cbidf2k cd20xrnt Cdaudio Changer CmdIde Cpqarray dac960nt dmboot DMusic dpti2o drmkaud FreshIO hpn hpt3xx i2omgmt i2omp ini910u ip6fw IpFilterDriver IpInIp IRENUM kmixer lbrtfdc Modem mraid35x MSKSSRV MSPCLOCK MSPQM nv4 NwlnkFlt NwlnkFwd PCIDump PCIIde Pcmcia PDCOMP PDFRAME PDRELI PDRFRAME perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 RDPWD s616bus s616mdfl s616mdm s616mgmt s616nd5 s616obex s616unic SABProcEnum se59bus se59mdfl se59mdm se59mgmt se59nd5 se59obex se59unic Sfloppy Simbad Sparrow splitter swmidi symc810 symc8xx sym_hi sym_u3 TDPIPE TDTCP TosIde Udfs ultra usbprint USBSTOR ViaIde vsdatant WDICA WudfPf WudfRd Services - Running: aawservice ALG AudioSrv Avg7Alrt Avg7UpdSvc Browser DcomLaunch Dhcp dmserver Dnscache ERSvc Eventlog EventSystem FastUserSwitchingCompatibility helpsvc JavaQuickStarterService lanmanserver lanmanworkstation LightScribeService LmHosts Netman Nla NVSvc NWCWorkstation PlugPlay PolicyAgent ProtectedStorage RasMan RemoteRegistry RpcSs SamSs Schedule seclogon SENS SharedAccess ShellHWDetection SmcService Spooler srservice SSDPSRV stisvc TapiSrv Themes TrkWks W32Time WebClient WinDefend winmgmt wuauserv WZCSVC Services - Stopped: Alerter AppMgmt aspnet_state BITS cisvc ClipSrv COMSysApp CryptSvc dmadmin Dot3svc EapHost HidServ hkmsvc HTTPFilter IDriverT ImapiService Messenger mnmsrvc MSDTC MSIServer napagent NBService NetDDE NetDDEdsdm Netlogon NtLmSsp NtmsSvc ose RasAuto RDSessMgr RemoteAccess RpcLocator RSVP SCardSvr SwPrv SysmonLog TermService TlntSvr upnphost UPS usnjsvc VSS WmdmPmSN Wmi WmiApSrv WMPNetworkSvc wscsvc WudfSvc xmlprov Files Created/Modified - 60 Days: C:\ 2009-01-20 21.57.36 536 399 872 A.SH. "C:\hiberfil.sys" 2009-01-20 21.57.34 804 495 360 A.SH. "C:\pagefile.sys" C:\WINDOWS\ 2009-01-20 21.57.42 2 048 A.S.. "C:\WINDOWS\bootstat.dat" 2009-01-19 22.35.12 410 984 A.... "C:\WINDOWS\system32\deploytk.dll" 2009-01-03 17.18.34 126 112 A.... "C:\WINDOWS\system32\FNTCACHE.DAT" 2009-01-20 18.19.02 94 208 A.... "C:\WINDOWS\system32\iestat.exe" 2009-01-19 22.35.12 144 792 A.... "C:\WINDOWS\system32\java.exe" 2009-01-19 22.35.12 144 792 A.... "C:\WINDOWS\system32\javaw.exe" 2009-01-19 22.35.12 148 888 A.... "C:\WINDOWS\system32\javaws.exe" 2009-01-11 10.04.30 52 764 A.... "C:\WINDOWS\system32\perfc009.dat" 2009-01-11 10.04.30 62 728 A.... "C:\WINDOWS\system32\perfc01D.dat" 2009-01-11 10.04.30 380 350 A.... "C:\WINDOWS\system32\perfh009.dat" 2009-01-11 10.04.30 383 448 A.... "C:\WINDOWS\system32\perfh01D.dat" 2009-01-20 21.58.14 6 A..H. "C:\WINDOWS\Tasks\SA.DAT" 2009-01-20 22.05.32 73 A.... "C:\WINDOWS\Temp\scs4.tmp" 2009-01-18 15.03.24 5 566 A.... "C:\WINDOWS\Temp\winntsec.dat" 2009-01-03 17.19.08 32 051 A.... "C:\WINDOWS\system32\oobe\updshell.htm" 2009-01-19 22.06.42 32 768 A.SH. "C:\WINDOWS\Temp\Cookies\index.dat" 2009-01-03 17.09.44 86 665 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\OfflineCache\index.dat" 2008-12-10 21.40.44 89 102 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe" 2009-01-03 17.19.08 5 693 A.... "C:\WINDOWS\system32\oobe\setup\autoupdt.htm" 2009-01-03 17.19.08 13 738 A.... "C:\WINDOWS\system32\oobe\setup\au_plcy.htm" 2009-01-19 22.06.42 32 768 A.SH. "C:\WINDOWS\Temp\History\History.IE5\index.dat" 2009-01-19 22.06.42 49 152 A.SH. "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat" 2009-01-19 22.06.56 14 866 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QWLNF3UW\headerutilsjs[1].htm" 2009-01-19 22.06.52 55 107 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QWLNF3UW\index[2].htm" 2009-01-03 17.08.12 16 267 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm" 2009-01-03 17.08.12 5 429 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm" 2009-01-03 17.08.12 2 998 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm" 2009-01-03 17.08.14 3 530 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm" 2009-01-03 17.08.12 8 027 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm" 2009-01-03 17.08.14 30 640 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm" 2009-01-03 17.08.12 3 237 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm" C:\Program\ 2008-12-19 19.28.02 1 434 864 A.... "C:\Program\CCleaner\CCleaner.exe" 2009-01-20 16.46.46 114 658 A.... "C:\Program\CCleaner\uninst.exe" 2008-12-11 12.47.46 4 194 304 A.... "C:\Program\DC++\HashData.dat" 2008-11-26 17.48.00 4 141 976 A.... "C:\Program\Windows Live Safety Center\mpengine.dll" 2008-12-19 3.33.50 21 504 A.... "C:\Program\CCleaner\Lang\lang-1063.dll" 2008-12-19 3.34.22 21 504 A.... "C:\Program\CCleaner\Lang\lang-1071.dll" 2008-12-19 3.34.34 21 504 A.... "C:\Program\CCleaner\Lang\lang-1066.dll" 2008-12-19 3.34.30 22 016 A.... "C:\Program\CCleaner\Lang\lang-1050.dll" 2008-12-19 3.33.16 21 504 A.... "C:\Program\CCleaner\Lang\lang-1030.dll" 2008-12-19 3.33.40 23 552 A.... "C:\Program\CCleaner\Lang\lang-1040.dll" 2008-12-19 3.34.12 24 576 A.... "C:\Program\CCleaner\Lang\lang-1034.dll" 2008-12-19 3.33.54 21 504 A.... "C:\Program\CCleaner\Lang\lang-1044.dll" 2008-12-19 3.33.38 23 040 A.... "C:\Program\CCleaner\Lang\lang-1038.dll" 2008-12-19 3.33.10 11 776 A.... "C:\Program\CCleaner\Lang\lang-1028.dll" 2008-12-19 3.34.06 22 016 A.... "C:\Program\CCleaner\Lang\lang-1048.dll" 2008-12-19 3.33.28 21 504 A.... "C:\Program\CCleaner\Lang\lang-1110.dll" 2008-12-19 3.32.50 21 504 A.... "C:\Program\CCleaner\Lang\lang-1051.dll" 2008-12-19 3.34.12 21 504 A.... "C:\Program\CCleaner\Lang\lang-1055.dll" 2008-12-19 3.33.04 19 456 A.... "C:\Program\CCleaner\Lang\lang-1025.dll" 2008-12-19 3.33.22 23 040 A.... "C:\Program\CCleaner\Lang\lang-1035.dll" 2008-12-19 3.33.58 22 016 A.... "C:\Program\CCleaner\Lang\lang-1045.dll" 2008-12-19 3.33.12 20 480 A.... "C:\Program\CCleaner\Lang\lang-1029.dll" 2008-12-19 3.32.52 21 504 A.... "C:\Program\CCleaner\Lang\lang-1052.dll" 2008-12-19 3.33.32 26 112 A.... "C:\Program\CCleaner\Lang\lang-1032.dll" 2008-12-19 3.33.48 11 776 A.... "C:\Program\CCleaner\Lang\lang-1042.dll" 2008-12-19 3.34.24 24 064 A.... "C:\Program\CCleaner\Lang\lang-1026.dll" 2008-12-19 3.33.26 24 576 A.... "C:\Program\CCleaner\Lang\lang-1036.dll" 2008-12-19 3.34.04 24 576 A.... "C:\Program\CCleaner\Lang\lang-1046.dll" 2008-12-19 3.33.18 24 576 A.... "C:\Program\CCleaner\Lang\lang-1043.dll" 2008-12-19 3.33.00 23 040 A.... "C:\Program\CCleaner\Lang\lang-1027.dll" 2008-12-19 3.33.34 18 944 A.... "C:\Program\CCleaner\Lang\lang-1037.dll" 2008-12-19 3.32.58 22 016 A.... "C:\Program\CCleaner\Lang\lang-1031.dll" 2008-12-19 3.33.44 14 848 A.... "C:\Program\CCleaner\Lang\lang-1041.dll" 2008-12-19 3.34.10 20 992 A.... "C:\Program\CCleaner\Lang\lang-1049.dll" 2008-12-19 3.32.54 22 016 A.... "C:\Program\CCleaner\Lang\lang-1053.dll" 2008-12-19 3.34.00 25 088 A.... "C:\Program\CCleaner\Lang\lang-2070.dll" 2008-12-19 3.33.06 11 776 A.... "C:\Program\CCleaner\Lang\lang-2052.dll" 2008-12-19 3.34.20 20 992 A.... "C:\Program\CCleaner\Lang\lang-2074.dll" 2008-12-19 3.34.16 20 992 A.... "C:\Program\CCleaner\Lang\lang-3098.dll" 2008-12-19 3.34.28 21 504 A.... "C:\Program\CCleaner\Lang\lang-5146.dll" 2008-11-28 9.04.40 17 754 112 A.... "C:\Program\Grisoft\AVG Free\avgabout.dll" 2008-11-28 9.04.40 120 064 A.... "C:\Program\Grisoft\AVG Free\avgchk75.exe" 2008-11-28 9.04.40 732 298 A.... "C:\Program\Grisoft\AVG Free\setup.dat" 2009-01-19 22.35.12 994 A.... "C:\Program\Java\jre6\Welcome.html" 2009-01-19 23.28.58 3 265 864 A.... "C:\Program\Lavasoft\Ad-Aware\Ad-Aware.exe" 2009-01-19 23.28.38 1 042 792 A.... "C:\Program\Lavasoft\Ad-Aware\CEAPI.dll" 2009-01-19 23.29.00 622 424 A.... "C:\Program\Lavasoft\Ad-Aware\FreeUpdate.exe" 2009-01-19 23.29.02 465 240 A.... "C:\Program\Lavasoft\Ad-Aware\ThreatWork.exe" 2009-01-20 21.59.58 129 136 A.... "C:\Program\Sygate\SPF\Default.dat" 2008-12-16 3.11.06 672 512 A.... "C:\Program\Sygate\SPF\sdi.dat" 2009-01-20 21.59.58 129 136 A.... "C:\Program\Sygate\SPF\stddef.dat" 2009-01-20 22.00.06 137 136 A.... "C:\Program\Sygate\SPF\StdState.dat" 2008-12-16 3.11.12 33 121 A.... "C:\Program\Sygate\SPF\trojan.dat" 2009-01-20 22.00.06 137 136 A.... "C:\Program\Sygate\SPF\TState.dat" 2009-01-19 22.35.12 1 130 496 A.... "C:\Program\Java\jre6\bin\awt.dll" 2009-01-19 22.35.12 110 592 A.... "C:\Program\Java\jre6\bin\axbridge.dll" 2009-01-19 22.35.12 192 512 A.... "C:\Program\Java\jre6\bin\cmm.dll" 2009-01-19 22.35.12 143 360 A.... "C:\Program\Java\jre6\bin\dcpr.dll" 2009-01-19 22.35.12 77 824 A.... "C:\Program\Java\jre6\bin\deploy.dll" 2009-01-19 22.35.12 410 984 A.... "C:\Program\Java\jre6\bin\deploytk.dll" 2009-01-19 22.35.12 16 896 A.... "C:\Program\Java\jre6\bin\dt_shmem.dll" 2009-01-19 22.35.12 13 312 A.... "C:\Program\Java\jre6\bin\dt_socket.dll" 2009-01-19 22.35.12 339 968 A.... "C:\Program\Java\jre6\bin\fontmanager.dll" 2009-01-19 22.35.12 15 872 A.... "C:\Program\Java\jre6\bin\hpi.dll" 2009-01-19 22.35.12 139 264 A.... "C:\Program\Java\jre6\bin\hprof.dll" 2009-01-19 22.35.12 98 304 A.... "C:\Program\Java\jre6\bin\instrument.dll" 2009-01-19 22.35.12 12 800 A.... "C:\Program\Java\jre6\bin\ioser12.dll" 2009-01-19 22.35.12 7 680 A.... "C:\Program\Java\jre6\bin\j2pcsc.dll" 2009-01-19 22.35.12 37 376 A.... "C:\Program\Java\jre6\bin\j2pkcs11.dll" 2009-01-19 22.35.12 10 240 A.... "C:\Program\Java\jre6\bin\jaas_nt.dll" 2009-01-19 22.35.12 32 664 A.... "C:\Program\Java\jre6\bin\java-rmi.exe" 2009-01-19 22.35.12 126 976 A.... "C:\Program\Java\jre6\bin\java.dll" 2009-01-19 22.35.12 144 792 A.... "C:\Program\Java\jre6\bin\java.exe" 2009-01-19 22.35.12 58 776 A.... "C:\Program\Java\jre6\bin\javacpl.exe" 2009-01-19 22.35.12 144 792 A.... "C:\Program\Java\jre6\bin\javaw.exe" 2009-01-19 22.35.12 148 888 A.... "C:\Program\Java\jre6\bin\javaws.exe" 2009-01-19 22.35.12 14 336 A.... "C:\Program\Java\jre6\bin\java_crw_demo.dll" 2009-01-19 22.35.12 5 120 A.... "C:\Program\Java\jre6\bin\jawt.dll" 2009-01-19 22.35.12 79 256 A.... "C:\Program\Java\jre6\bin\jbroker.exe" 2009-01-19 22.35.12 36 352 A.... "C:\Program\Java\jre6\bin\JdbcOdbc.dll" 2009-01-19 22.35.12 167 936 A.... "C:\Program\Java\jre6\bin\jdwp.dll" 2009-01-19 22.35.12 274 432 A.... "C:\Program\Java\jre6\bin\jkernel.dll" 2009-01-19 22.35.12 77 824 A.... "C:\Program\Java\jre6\bin\jli.dll" 2009-01-19 22.35.12 94 208 A.... "C:\Program\Java\jre6\bin\jp2iexp.dll" 2009-01-19 22.35.12 22 424 A.... "C:\Program\Java\jre6\bin\jp2launcher.exe" 2009-01-19 22.35.12 8 192 A.... "C:\Program\Java\jre6\bin\jp2native.dll" 2009-01-19 22.35.12 34 816 A.... "C:\Program\Java\jre6\bin\jp2ssv.dll" 2009-01-19 22.35.12 147 456 A.... "C:\Program\Java\jre6\bin\jpeg.dll" 2009-01-19 22.35.12 98 304 A.... "C:\Program\Java\jre6\bin\jpicom.dll" 2009-01-19 22.35.12 110 592 A.... "C:\Program\Java\jre6\bin\jpiexp.dll" 2009-01-19 22.35.12 98 304 A.... "C:\Program\Java\jre6\bin\jpinscp.dll" 2009-01-19 22.35.12 65 536 A.... "C:\Program\Java\jre6\bin\jpioji.dll" 2009-01-19 22.35.12 122 880 A.... "C:\Program\Java\jre6\bin\jpishare.dll" 2009-01-19 22.35.12 152 984 A.... "C:\Program\Java\jre6\bin\jqs.exe" 2009-01-19 22.35.12 54 680 A.... "C:\Program\Java\jre6\bin\jqsnotify.exe" 2009-01-19 22.35.12 147 456 A.... "C:\Program\Java\jre6\bin\jsound.dll" 2009-01-19 22.35.12 18 432 A.... "C:\Program\Java\jre6\bin\jsoundds.dll" 2009-01-19 22.35.12 382 384 A.... "C:\Program\Java\jre6\bin\jucheck.exe" 2009-01-19 22.35.12 54 680 A.... "C:\Program\Java\jre6\bin\jureg.exe" 2009-01-19 22.35.12 136 600 A.... "C:\Program\Java\jre6\bin\jusched.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\keytool.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\kinit.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\klist.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\ktab.exe" 2009-01-19 22.35.12 18 432 A.... "C:\Program\Java\jre6\bin\management.dll" 2009-01-19 22.35.12 602 112 A.... "C:\Program\Java\jre6\bin\mlib_image.dll" 2009-01-19 22.35.12 348 160 A.... "C:\Program\Java\jre6\bin\msvcr71.dll" 2009-01-19 22.35.12 266 293 A.... "C:\Program\Java\jre6\bin\msvcrt.dll" 2009-01-19 22.35.12 77 824 A.... "C:\Program\Java\jre6\bin\net.dll" 2009-01-19 22.35.12 20 480 A.... "C:\Program\Java\jre6\bin\nio.dll" 2009-01-19 22.35.12 410 984 A.... "C:\Program\Java\jre6\bin\npdeploytk.dll" 2009-01-19 22.35.12 132 504 A.... "C:\Program\Java\jre6\bin\npjpi160_11.dll" 2009-01-19 22.35.12 126 976 A.... "C:\Program\Java\jre6\bin\npoji610.dll" 2009-01-19 22.35.12 8 192 A.... "C:\Program\Java\jre6\bin\npt.dll" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\orbd.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\pack200.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\policytool.exe" 2009-01-19 22.35.12 5 120 A.... "C:\Program\Java\jre6\bin\rmi.dll" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\rmid.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\rmiregistry.exe" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\servertool.exe" 2009-01-19 22.35.12 131 072 A.... "C:\Program\Java\jre6\bin\splashscreen.dll" 2009-01-19 22.35.12 320 920 A.... "C:\Program\Java\jre6\bin\ssv.dll" 2009-01-19 22.35.12 17 816 A.... "C:\Program\Java\jre6\bin\ssvagent.exe" 2009-01-19 22.35.12 16 384 A.... "C:\Program\Java\jre6\bin\sunmscapi.dll" 2009-01-19 22.35.12 33 176 A.... "C:\Program\Java\jre6\bin\tnameserv.exe" 2009-01-19 22.35.12 245 400 A.... "C:\Program\Java\jre6\bin\unicows.dll" 2009-01-19 22.35.12 61 440 A.... "C:\Program\Java\jre6\bin\unpack.dll" 2009-01-19 22.35.12 128 408 A.... "C:\Program\Java\jre6\bin\unpack200.exe" 2009-01-19 22.35.12 31 744 A.... "C:\Program\Java\jre6\bin\verify.dll" 2009-01-19 22.35.12 24 701 A.... "C:\Program\Java\jre6\bin\w2k_lsa_auth.dll" 2009-01-19 22.35.12 110 592 A.... "C:\Program\Java\jre6\bin\wsdetect.dll" 2009-01-19 22.35.12 47 104 A.... "C:\Program\Java\jre6\bin\zip.dll" 2008-12-19 12.50.20 736 A.... "C:\Program\Real\RealPlayer\Msg\Category.dat" 2008-12-30 12.20.48 881 A.... "C:\Program\Winamp\Plugins\ml\main.dat" 2009-01-15 13.52.48 22 016 A.... "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\pdf2img.dll" 2009-01-13 10.08.54 341 352 A.... "C:\Program\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1053-7B44-A90000000001}\Setup.exe" 2009-01-19 22.35.12 2 359 296 A.... "C:\Program\Java\jre6\bin\client\jvm.dll" 2009-01-19 22.35.12 348 160 A.... "C:\Program\Java\jre6\bin\new_plugin\msvcr71.dll" 2009-01-19 22.35.12 410 984 A.... "C:\Program\Java\jre6\bin\new_plugin\npdeploytk.dll" 2009-01-19 22.35.12 65 536 A.... "C:\Program\Java\jre6\bin\new_plugin\npjp2.dll" 2009-01-19 22.35.12 16 801 A.... "C:\Program\Java\jre6\lib\deploy\ffjcext.zip" 2009-01-19 22.35.12 152 576 A.... "C:\Program\Java\jre6\lib\deploy\lzma.dll" 2009-01-19 22.35.12 73 728 A.... "C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" Files with hidden attributes: Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program\Spybot - Search & Destroy\SDUpdate.exe" Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program\Spybot - Search & Destroy\SpybotSD.exe" Fri 22 Jul 2005 32,768 A..H. --- "C:\Program Files\AMV Converter\AmvTransform.dll" Mon 6 Mar 2006 77,824 A..H. --- "C:\Program Files\AMV Converter\AMV_EncDLL.dll" Tue 27 Dec 2005 40,960 A..H. --- "C:\Program Files\AMV Converter\net.dll" Wed 8 Mar 2006 106,496 A..H. --- "C:\Program Files\AMV Converter\transdll.dll" Mon 15 Sep 2003 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 31 Jan 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Wed 31 Jan 2007 401 ..SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv14.bak" Wed 2 Apr 2008 37,376 ...H. --- "C:\Documents and Settings\Nubben\Mina dokument\~WRL0004.tmp" Tue 28 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv02.tmp" Thu 23 Jan 2003 1,740 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\ccReg.reg" Thu 23 Jan 2003 242,962 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\CommonClient.reg" Thu 23 Jan 2003 158,818 A..HR --- "C:\Program\Delade filer\Symantec Shared\Registry Backup\IAM.reg" Wed 31 Jan 2007 4,348 ...H. --- "C:\Documents and Settings\Nubben\Mina dokument\Min musik\Skerhetskopia fr licens\drmv1key.bak" Mon 2 Apr 2007 401 A..H. --- "C:\Documents and Settings\Nubben\Mina dokument\Min musik\Skerhetskopia fr licens\drmv1lic.bak" Tue 13 Mar 2007 9,855 A.SH. --- "C:\Documents and Settings\Nubben\Mina dokument\Min musik\Skerhetskopia fr licens\drmv2key.bak" Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM" Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM" Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM" Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM" Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM" Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM" Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM" Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM" Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM" Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM" Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM" Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM" Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM" Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM" Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM" Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM" Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM" Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM" Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM" Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM" Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM" Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys" Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys" Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS" Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS" Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS" Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS" Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS" Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS" Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS" Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS" Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS" Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS" Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys" Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS" Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS" Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE" Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE" Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS" Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM" Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS" Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS" Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE" Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS" Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE" Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS" Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM" Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS" Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM" Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM" Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys" Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE" Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe" Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM" Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS" Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE" Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com" Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE" Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE" Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM" Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM" Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM" Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com" Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com" Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com" Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com" Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com" Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com" Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com" Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com" Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM" Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com" Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com" Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com" Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM" Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com" Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe" Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe" Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com" Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe" Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe" Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe" Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com" Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe" Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com" Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com" Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM" Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM" Program Folders: C:\Program\ Adobe AsmwSoft Avanquest update AVG Free Belarc Blender Foundation Canon CCleaner DAEMON Tools Lite DC++ Delade filer Disc2Phone DivX DivXCodec EA GAMES GetData Grisoft Hattrick Manager InstallShield Installation Information Internet Explorer IrfanView iriver Jasc Software Inc Java Lavalys Lavasoft Messenger Microsoft ActiveSync microsoft frontpage Microsoft Office Microsoft Visual Studio Microsoft.NET MoodLogic Movie Maker Mozilla Firefox MSN MSN Apps MSN Gaming Zone MSN Messenger MSXML 4.0 Nero NetMeeting Norton Security Scan OfficeUpdate11 Onlinetjnster Outlook Express Personal PowerQuest QuickTime RADsoft RamBooster 2.0 Real Scriptfabriken Sierra On-Line SmartTrust Sony Ericsson Spybot - Search & Destroy SUPERAntiSpyware Support Tools Sygate Symantec SystemRequirementsLab The Playa Trend Micro Uninstall Information Unlocker Utero Digital Media uTorrent Winamp Windows Defender Windows Journal Viewer Windows Live Safety Center Windows Media Connect 2 Windows Media Player Windows NT WindowsUpdate WinRAR xerox Zero G Registry Zone Labs C:\Program\Delade filer\ ADAPTEC Adobe Ahead Designer DirectX GST InstallShield Java LightScribe Microsoft Shared MSSoap ODBC Real Services Sony Ericsson Shared SpeechEngines Symantec Shared System Teleca Shared Webroot Shared Wise Installation Wizard xing shared Add/Remove Programs: Adobe Flash Player 10 ActiveX Adobe Shockwave Player 11 AVG Free Edition Belarc Advisor 7.2 BitZip (remove only) Canon i250 CCleaner (remove only) DC++ 0.707 Canon Utilities Easy-PhotoPrint Easy-WebPrint EVEREST Corporate Edition v4.50 HijackThis 2.0.2 Microsoft Internationalized Domain Names Mitigation APIs Windows Internet Explorer 7 IrfanView (remove only) Windows Genuine Advantage Validation Tool (KB892130) Säkerhetsuppdatering för Windows Media Player (KB911564) Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398) Hotfix for Windows Media Format 11 SDK (KB929399) Säkerhetsuppdatering för Windows Media Player 11 (KB936782) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653) Snabbkorrigering för Windows Media Player 11 (KB939683) Säkerhetsuppdatering för Windows XP (KB941569) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615) Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533) KeePass Password Safe 0.98b Microsoft .NET Framework 1.1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft National Language Support Downlevel APIs Norton Security Scan (Symantec Corporation) NVIDIA Drivers Oront Burning Kit 1.3.3 Personal 4.4.1 Intel® PRO Network Adapters and Drivers RealPlayer Basic Recover My Files Sierra Utilities Top Girl Strip Poker Strippoker II Alexis Strippoker II Roxy Svenska Spels Poker System Requirements Lab Unlocker 1.8.5 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Notifications (KB905474) Winamp Windows Live OneCare safety scanner Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Windows Media Format 11 runtime Windows Media Player 11 Microsoft User-Mode Driver Framework Feature Pack 1.0 Rummel & Rabalder 2 iriver Music Manager Sygate Personal Firewall Pro AutoUpdate Java 6 Update 11 Windows Live Messenger Sony Ericsson PC Suite 3.209.00 J2SE Runtime Environment 5.0 Update 10 Adobe® Photoshop® Album Starter Edition 3.0 The Sims 2 Avanquest update Norton Security Scan Microsoft Tool Web Package:Diruse.exe Microsoft Office Access 2003 Microsoft Office XP Web Components Microsoft Office XP Professional with FrontPage Windows Defender Adobe Reader 9 - Svenska RamBooster Spybot - Search & Destroy DivX Web Player MSXML 4.0 SP2 (KB936181) Nero 7 Essentials Stronghold Microsoft .NET Framework 1.1 SUPERAntiSpyware Free Edition Bomben VX Ad-Aware LightScribe 1.4.124.1 QuickTime Sony Ericsson PC Suite Disc2Phone Sun Download Manager 2.0 (web) µTorrent Run Values: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "AVG7_CC"="C:\\Program\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "SmcService"="C:\\Program\\Sygate\\SPF\\smc.exe -startgui" "QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime" "nwiz"="nwiz.exe /install" "Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "Adobe Photo Downloader"="\"C:\\Program\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program\\Java\\jre6\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\"" "msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background" "Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Sony Ericsson PC Suite\\SEPCSuite.exe\" /systray /nologon" Bot Check: SERVICE_NAME: wscsvc DISPLAY_NAME : Security Center START_TYPE : 4 DISABLED SERVICE_NAME: sharedaccess DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS) START_TYPE : 2 AUTO_START SERVICE_NAME: wuauserv DISPLAY_NAME : Automatiska uppdateringar START_TYPE : 2 AUTO_START SERVICE_NAME: srservice DISPLAY_NAME : System Restore Service START_TYPE : 2 AUTO_START [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole] "EnableDCOM"="Y" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "restrictanonymous"=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update] "AUOptions"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "WaitToKillServiceTimeout"="20000" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SFCDisable"=dword:00000000 "Shell"="Explorer.exe" "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\twex.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters] "TransportBindName"="\\Device\\" ShellExecuteHooks: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" Environment: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program\QuickTime\QTSystem\;C:\Program\Delade filer\Teleca Shared windir REG_EXPAND_SZ %SystemRoot% OS REG_SZ Windows_NT PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH TEMP REG_EXPAND_SZ %SystemRoot%\TEMP TMP REG_EXPAND_SZ %SystemRoot%\TEMP CLASSPATH REG_SZ .;C:\Program\Java\jre1.5.0_10\lib\ext\QTJava.zip QTJAVA REG_SZ C:\Program\Java\jre1.5.0_10\lib\ext\QTJava.zip SecurityProviders: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Authentication Packages: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Authentication Packages REG_MULTI_SZ msv1_0\0nwprovau\0\0 Subsystem Startup: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Midi Drivers: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midi"="wdmaud.drv" Non-Default IFEO Debugger: Non-Default Installed Components: HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{030ee0ac-0f33-50e9-0307-070300010406} StubPath REG_SZ C:\WINDOWS\System32\xp-clean.exe Non-Default Safeboot Minimal: HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice <NO NAME> REG_SZ Service HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\windefend <NO NAME> REG_SZ Service File Associations: [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\cmdfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\htafile\shell\open\command] @="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*" [HKEY_CLASSES_ROOT\http\shell\open\command] @="\"C:\\Program\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\htmlfile\shell\open\command] @="\"C:\\Program\\Internet Explorer\\IEXPLORE.EXE\" -nohome" [HKEY_CLASSES_ROOT\regedit\shell\open\command] @="regedit.exe %1" [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @="%SystemRoot%\system32\NOTEPAD.EXE %1" Finished! nästa logg.... Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program\Java\jre6\bin\jqs.exe C:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program\Sygate\SPF\smc.exe C:\Program\Grisoft\AVGFRE~1\avgcc.exe C:\Program\Windows Defender\MSASCui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\rundll32.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe C:\Program\Personal\bin\Personal.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Teleca Shared\Generic.exe C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Program\anders scan\Anders HijackThis\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe, O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [smcService] C:\Program\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\Program\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.lunarstorm.se O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/196b2af035ab75...ip/RdxIE601.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230987003140 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1230986939281 O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{F725B5B2-C8C6-4299-9A49-AC36782EA4BD}: NameServer = 208.67.220.220 208.67.222.222 O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll O21 - SSODL: syshelps - {DBE12772-6FAD-4F3E-882C-00DA4DB4D2DD} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe -- End of file - 9534 bytes
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! Nu är jag lite undrande här. Är detta verkligen loggan från SDFix MVH/Malou
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! Gör om proceduren med SDFix och i felsäkert läge, med början från punkt 4: 4: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge): 5: Navigera dig fram till => C:\SDFix => Klicka på runthis.bat => Välj Y. 6: När scanningen är klar så tryck på valfri tangent för att starta om datorn. 7: När det står finished så tryck på valfri tangent. En logg kommer automatiskt att visas, kopiera in loggan hit till din tråd. Gör även en ny TM HJT-logga, kopiera in den hit. Och döp om filen som jag har påpekat ett antal gånger nu. Tack. MVH/Malou
andcar Posted January 20, 2009 Author Posted January 20, 2009 Jag testade detta när det inte funkade i felsäkertläge DBFix Version 1.005 Run on 2009-01-20 @ 23:02 No DelfBot Files Found No DelfBot Run Values Found Finished! Även RunThis.bat -->create a systam report. och catch me catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 23:06:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... disk error: C:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: C:\WINDOWS\system32\config\software, 0 disk error: C:\Documents and Settings\Nubben\ntuser.dat, 0 scanning hidden files ... disk error: C:\WINDOWS\ please note that you need administrator rights to perform deep scan
Guest Malou Posted January 20, 2009 Posted January 20, 2009 Hej andcar! Är du inloggad som Admin? Om inte så logga in på ditt adminkonto och utför proceduren. MVH/Malou
Recommended Posts