Jump to content

Problem med felmeddelanden och USB-lagringsmedia försvinner


Recommended Posts

*********************************************

2009-08-02:

Tråden är låst då problemet verkar vara löst.

Tycker du att den är felaktigt låst, var god kontakta

Malou

*********************************************

Postade en tidigare tråd om mitt problem i en annan avdelning här. För att läsa hela långa historian kan ni klicka på min förra tråd:

http://www.alltomxp.se/forum/index.php?showtopic=17807

*****************************************************************************

Inkopierat från en tidigare tråd här i forumet:

Problem 2:

I samband med de här felmeddelanden började dyka upp, slutade även min dator att visa alla möjliga slags lagringsmedia på Den här datorn (dock inte mina hårddiskar och DVD-läsare), t.ex går det inte att ladda in bilder från mitt SD-kort från kamera, varken om jag stoppar in kortet i min skrivare (som har minneskortläsare), den inbyggda minneskortläsaren i själva datorn, eller när jag använder kamerasladden. Bilderna går helt enkelt inte att ladda in, och det kommer inte ens upp någon ikon om att kortet är insatt (eller den här rutan "Vad vill du göra?") som brukar poppa upp såfort datorn känner igen kortet.

Min iPod-hårddiisk syns inte heller i Den här datorn, går varken att koppla in den till iTunes, samma sak med mobilen.

Det enda som fungerar är att ladda iPoden och mobiltelefonens batterier.

Som avslut kan jag också meddela att datorn för nån vecka sen blev full med spywares, popup-reklam och allt vad det heter.

Jag vet helt enkelt inte hur jag ska göra, jag kör AntiVirus-program och Clean up-program hela tiden, men dom verkar inte hitta något fel heller.

*****************************************************************************

Här är mina loggar för Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.37

Databasversion: 2227

Windows 5.1.2600 Service Pack 2

2009-06-04 13:12:06

mbam-log-2009-06-04 (13-12-06).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 93882

Förfluten tid: 21 minute(s), 2 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 9

Infekterade registervärden: 1

Infekterade registerdataposter: 2

Infekterade mappar: 5

Infekterade filer: 3

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aff01325-0fc2-4749-8914-fbf0565ad9cc} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009dc19 (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast!Antivirus (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registervärden:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pidle (Trojan.Agent) -> Quarantined and deleted successfully.

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Spyware.OnlineGamer) -> Data: c:\progra~1\thunmail\testabd.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infekterade mappar:

C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Killinstinct\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Program Files\ThunMail (Spyware.OnlineGamer) -> Delete on reboot.

c:\documents and settings\Killinstinct\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.

Infekterade filer:

C:\WINDOWS\system32\jbnmck.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\program files\ThunMail\testabd.dll (Spyware.OnlineGamer) -> Delete on reboot.

C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully.

_____________________________

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:26:06, on 2009-06-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\ATI-CPanel\atiptaxx.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Killinstinct\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

C:\Program Files\Personal\bin\Personal.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\windows\ehome\mcrdsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\aksaru.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program

Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1

\tools\iesdsg.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program

Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Killinstinct\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2

\WN111V2.exe

O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program

Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12

\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF

Catcher\InternetExplorer.htm

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1

\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program

Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} -

C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8

\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8

\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32

\CTSvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program

Files\NETGEAR\WN111v2\jswpsapi.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program

Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 1: KILLINSTINCT PORTFOLIO - http://killinstinct.co.nr/

--

End of file - 9937 bytes

Link to comment
Share on other sites

Guest Malou

Hej aksaru!

Under tiden jag läser igenom den andra tråden så gör nedanstående ;)

Bakom en del detaljer så står det => Delete on reboot. <= det betyder att du måste starta om datorn för att programmet skall kunna åtgärda.

1: Starta om datorn

2: Uppdatera Malwarebytes' Anti-Malware

3: Starta programmet => välj Utför snabb scanning

4: Klicka på knappen Scanna

5: Scanningen kommer nu att ta en stund

6: När programmet scannat klart klicka Ok och sedan Visa resultat

7: Bocka för allt och klicka på Remove Selected

8: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd.

9: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut.

10: Berätta/Tala om hur datorn mår och om där kvarstår problem

MVH/Malou

Link to comment
Share on other sites

Guest Malou
Okey, då gör jag så som du säger! :)

Gör så ;)

Edit:

Tog mig friheten att kopiera/klistra in vald text i ditt första inlägg här i din nya tråd från din tidigare tråd här i forumet. Detta för att underlätta för mig med att slippa hoppa mellan olika trådar.

//Malou

Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.37

Databasversion: 2230

Windows 5.1.2600 Service Pack 2

2009-06-04 23:22:50

mbam-log-2009-06-04 (23-22-50).txt

Skanningstyp: Snabb skanning

Antal skannade objekt: 93983

Förfluten tid: 6 minute(s), 58 second(s)

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

Infekterade registernycklar:

(Inga illasinnade poster hittades)

Infekterade registervärden:

(Inga illasinnade poster hittades)

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

Infekterade mappar:

(Inga illasinnade poster hittades)

Infekterade filer:

(Inga illasinnade poster hittades)

Link to comment
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:27:02, on 2009-06-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\ATI-CPanel\atiptaxx.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Documents and Settings\Killinstinct\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

C:\Program Files\Personal\bin\Personal.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\windows\ehome\mcrdsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe

C:\DOCUME~1\KILLIN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\DOCUME~1\KILLIN~1\LOCALS~1\Temp\Adobelm_Cleanup.0001

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Last.fm\LastFM.exe

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\aksaru.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Killinstinct\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTSvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 1: KILLINSTINCT PORTFOLIO - http://killinstinct.co.nr/

--

End of file - 10290 bytes

Link to comment
Share on other sites

Guest Malou
Datorn har inte längre popup-reklam, och sånt.. Men jag kan fortfarande inte hitta minneskort- eller USB-kopplade apparater i Den här datorn..

:/

Underbart att höra att det har upphört ;)

Under tiden jag går igenom loggarna så gör nedanstående procedur. Förhoppningsvis så skall du kunna få tillgång till minneskorten/usb osv...

Flash Disinfector by sUBs

Ladda ner Flash Disinfector by sUBs till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/...Disinfector.exe

Dubbelklicka på den nedladdade filen för att starta programmet.

Följ de anvisningar som kommer upp.

När det står att du ska sätta in flash-diskar så stoppar du in de USB-minnen etc som kan tänkas vara infekterade.

När allt är klart så avsluta programmet och starta om datorn.

//Malou

Link to comment
Share on other sites

Guest Malou

Hej igen aksaru!

Malwarebytes' Anti-Malware loggan är ren och fin.

Din TM HJT-logga:

Är det du som har lagt in den här som din bakgrundsbild och låter den ligga och köra i bakgrunden?

O24 - Desktop Component 1: KILLINSTINCT PORTFOLIO - http://killinstinct.co.nr/

Är det nödvändigt att ha dessa nedanstående program som inte gör någon större nytta?

Windows Defender/Ad-Aware med Ad-Watch

Är Ad-Aware med Ad-Watch något du har betalat för eller är det gratisversionen du använder?

Ad-Aware med Ad-Watch har en förmåga att ställa till en del förtret för användare samt har dålig förmåga till att hitta otrevligheter/åtgärda brukar även i regel enbart hitta F/P (False/Posetive). Och ett sådant spywareprogram har man ingen nytta av.

Iställer för två ovanstående program så rekommenderar jag att istället använda Malwarebytes' Anti-Malware som du just nu har använt. Den är bättre på att hitta sådant som ett spywareprogram bör hitta samt att även åtgärda det upphittade.

Hur mår datorn nu?

//Malou

Link to comment
Share on other sites

Ja, det är jag som lagt in http://killinstinct.co.nr/ eftersom det är min portfolio. ;D

Jag använder gratisversionen av Ad-Aware med Ad-Watch.

Menar du att jag borde avinstallera dessa två program? :)

Jag provade på att köra det där programmet du länkade till nyss, men den här jobbiga rutan

Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c

visade sig igen 4 gånger :(

Det hände inget speciellt efter jag körde programmet och startade om datorn heller.

Så, mina problem kvarstår förutom att jag nu är fri från all spam och reklam osv..

Link to comment
Share on other sites

Guest Malou

Hej igen aksaru!

Ja, det är jag som lagt in http://killinstinct.co.nr/ eftersom det är min portfolio. ;D

Då låter vi den vara ;)

Jag använder gratisversionen av Ad-Aware med Ad-Watch.

Menar du att jag borde avinstallera dessa två program? smile.gif

Ja det menar jag.

Som jag nämnde i mitt tidigare inlägg gör dessa båda ingen som helst nytta speciellt inte Ad-Aware med Ad-Watch. Ställer bara till en massa förtret samt har inte den detekteringsförmågan som ett spywareprogram bör ha.

Mycket bättre att du kör med Malware Bytes som du nu har.

Det hände inget speciellt efter jag körde programmet och startade om datorn heller.

Så, mina problem kvarstår förutom att jag nu är fri från all spam och reklam osv..

Ok vi är inte riktigt klara ännu ;)

Meddelandet som du får ser ut att ha med någon disk att göra.

Har du flera hårddiskar i datorn?

Tror att vi skall ta och göra en scanning med verktyget Combofix också för säkerhets skull

ComboFix för Windows XP och Windows Vista:

Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna mycket noga

ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort.

Säg då till i stället för att köra ComboFix.

Hämta hem ComboFix från nedanstående länk

=> ComboFix.exe

# Spara ComboFix till skrivbordet "Mycket viktigt"

Du bör installera Microsoft Windows Recovery Console eftersom det gör det möjligt att starta datorn i ett särskild återställningsläge vilket kan vara bra om något händer med datorn under de kommande procedurerna.

Notera: Om Microsoft Windows Recovery Console redan finns installerat på datorn, kommer ComboFix att gå vidare med scanningen:

Windows Vista-Användare:

Windows Vista-användare kan använda sin Windows DVD för att starta upp i Vista återställningsmiljön.

=> Vista återställningsmiljön "Engelsk Text"

Windows XP-Användare:

Installera Microsoft Windows Recovery Console:

# Surfa till http://support.microsoft.com/kb/310994

# Se till att språket på sidan matchar språket i Windows (språk väljs i högerkolumnen) om du inte har XP Media Center Edition för då ska du ha engelska.

# Scrolla ner till rubriken Hämta programfilen för installationsdisketterna

# Välj rätt nedladdning utifrån vilken Service Pack du har installerat till XP. Om du har SP3 så välj SP2.

# Om du har XP Media Center Edition så välj XP Professional.

# Spara den nedladdade filen på Skrivbordet.

t_fOLxgetdU.gif

# Ta tag i filen du sparade ner till skrivbordet => Dra filen med musen över Skrivbordet och släpp den på ComboFix-ikonen. ComboFix kommer nu att installera Återställningskonsolen.

OBS: Denna procedur kan ta lång tid så det gäller att du har tålamod under installationen av Återställningskonsolen. Du bör även godkänna/tillåta allt via skyddsprogrammen (antivirus/brandväggen etc..) för ett lyckat resultat.

t_aVnVmdzdi.gif

# När det är klart så kommer ComboFix att fråga om du vill fortsätta med att scanna, där väljer du No/Nej.

Gå nu vidare med ComboFix-Scanningen:

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg.

1: Dubbelklicka på ComboFix för att starta den

2: Följ anvisningarna som visas på skärmen.

3: När den är färdig så skall en text-logg komma upp, kopiera och klistra in den hit till din tråd

Kan även hittas här => (C:\ComboFix.txt)

4: Gör en ny TM HJT-logg, kopiera även in den.

VIKTIGT! Klicka INTE på Combofix-fönstret med musen när ComboFix körs annars kan scanningen hänga upp sig.

OBS:

Kontrollera att antivirusprogram/antispionprogram mm är återaktiverade innan du ansluter till Internet.

OBSERVERA:

Verktyget/Programmet kan ge problem med uppkopplingen (tex trådlös).

Om problem uppstår prova då nedanstående.

Gå till => Kontrollpanelen => Nätverksanslutningar => högerklicka på din Internetanslutning => välj Reparera

Och/Eller

Starta om datorn.

Lycka till

MVH/Malou

Link to comment
Share on other sites

Guest Malou
Jag har ett trådlöst USB-nätverkskort till datorn

Ok då tar vi ett annat verktyg till vår hjälp då ;)

RSIT (random's system information tool)

Nedanstående verktyg åtgärdar inget gör enbart en genomsökning. Om där hittas något i loggan så får vi åtgärda manuellt.

Hämta hem RSIT från nedanstående länk

http://images.malwareremoval.com/random/RSIT.exe

1: Spara den till skrivbordet

2: Dubbelklicka på verktyget för att starta RSIT

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

3: Då den scannat klart produceras en textfil (log.txt) i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:\rsit => log.txt <=

4: Kopiera in den loggan hit till din tråd

MVH/Malou

Link to comment
Share on other sites

  • 3 weeks later...

Det här är loggen när jag valde "1 month" i listan. Kanske skulle tagit 2 eller 3 months?

Logfile of random's system information tool 1.06 (written by random/random)

Run by Killinstinct at 2009-06-20 12:13:00

Microsoft Windows XP Professional Service Pack 2

System drive C: has 16 GB (33%) free of 50 GB

Total RAM: 1535 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:01, on 2009-06-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\system32\acs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\CTSvcCDA.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\WINDOWS\ehome\ehtray.exe

C:\ATI-CPanel\atiptaxx.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

C:\Program Files\Personal\bin\Personal.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\windows\ehome\mcrdsvc.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\PROGRA~1\AVG\AVG8\avgam.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\WINDOWS\SYSTEM32\NOTEPAD.EXE

C:\Documents and Settings\Killinstinct\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Killinstinct.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\windows\system32\CTSvcCDA.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O24 - Desktop Component 1: KILLINSTINCT PORTFOLIO - http://killinstinct.co.nr/

--

End of file - 9025 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Länkhjälp till Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-04-30 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}]

PCTools Site Guard - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll [2006-08-01 825528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live inloggningshjälpen - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-27 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

"ATIPTA"=C:\ATI-CPanel\atiptaxx.exe [2003-08-12 335872]

"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-04-10 28672]

"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []

"SBDrvDet"=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]

"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

"CTDVDDet"=C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2002-09-30 45056]

"NWEReboot"= []

"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

"NoteBurner"=C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence []

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-11 1948440]

"jswtrayutil"=C:\Program Files\NETGEAR\WN111v2\jswtrayutil.exe []

"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\benodegiyi]

C:\WINDOWS\system32\lawimala.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMfbb3ede1]

c:\windows\system32\tedegeru.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]

C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2002-10-29 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f880de7d]

C:\WINDOWS\system32\mibewoja.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]

C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NPCTray]

C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prnet]

C:\WINDOWS\system32\prnet.tmp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]

C:\Program Files\Spyware Doctor\swdoctor.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-12-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]

C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2003-12-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MediaChecker.lnk]

C:\PROGRA~1\HOTALB~1\MEDIAC~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Killinstinct^Start Menu^Programs^Startup^CD-MENU.LNK]

F:\AutoMenu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Killinstinct^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"ehSched"=2

"ehRecvr"=2

"ose"=3

"Nero BackItUp Scheduler 3"=2

"avast!Antivirus"=2

"ATI Smart"=2

"Ati HotKey Poller"=2

"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

NETGEAR WN111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111v2\WN111V2.exe

Personal.lnk - C:\Program Files\Personal\bin\Personal.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2009-04-30 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

:\WINDOWS\syste

C:\WINDOWS\system32\bufozupu.dll

scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"

"C:\Program Files\Midway Games\Happy Feet\EngineImplementation_Retail.exe"="C:\Program Files\Midway Games\Happy Feet\EngineImplementation_Retail.exe:*:Enabled:A2M Game Engine"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"

"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"

"C:\Documents and Settings\Killinstinct\Local Settings\Temp\OnlineUpdate8\SetupXu.exe"="C:\Documents and Settings\Killinstinct\Local Settings\Temp\OnlineUpdate8\SetupXu.exe:*:Enabled:Nero ControlCenter"

"C:\Documents and Settings\Killinstinct\Desktop\winmx354b4.exe"="C:\Documents and Settings\Killinstinct\Desktop\winmx354b4.exe:*:Enabled:WinMX Application"

"C:\Documents and Settings\Killinstinct\Local Settings\Temp\Rar$EX00.328\WinMX.exe"="C:\Documents and Settings\Killinstinct\Local Settings\Temp\Rar$EX00.328\WinMX.exe:*:Enabled:WinMX Application"

"C:\Program Files\Octoshape Streaming Services\Killinstinct\OctoshapeClient.exe"="C:\Program Files\Octoshape Streaming Services\Killinstinct\OctoshapeClient.exe:*:Enabled:OctoshapeClient"

"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"

"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"

"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"

"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Disabled:Opera Internet Browser"

"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"

"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{783ff88e-a72a-11dd-aef0-0030055ae07b}]

shell\AutoRun\command - I:\LaunchU3.exe -a

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-06-20 12:12:00 ----D---- C:\rsit

2009-06-12 11:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-06-12 11:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$

2009-06-12 11:35:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$

2009-06-12 11:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-06-12 11:24:54 ----A---- C:\WINDOWS\imsins.BAK

2009-06-12 11:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

2009-06-11 18:57:08 ----D---- C:\Program Files\SimBin

2009-06-11 18:57:06 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2009-06-11 18:57:06 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2009-06-11 18:57:06 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2009-06-11 18:57:05 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2009-06-11 18:57:05 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2009-06-11 18:57:04 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2009-06-11 18:57:04 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2009-06-11 18:57:03 ----A---- C:\WINDOWS\system32\d3dx10_40.dll

2009-06-11 18:57:03 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll

2009-06-11 18:57:02 ----A---- C:\WINDOWS\system32\XAudio2_3.dll

2009-06-11 18:57:02 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll

2009-06-11 18:57:02 ----A---- C:\WINDOWS\system32\D3DX9_40.dll

2009-06-11 18:57:01 ----A---- C:\WINDOWS\system32\xactengine3_3.dll

2009-06-11 18:57:00 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll

2009-06-11 18:56:59 ----A---- C:\WINDOWS\system32\XAudio2_2.dll

2009-06-11 18:56:59 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll

2009-06-11 18:56:59 ----A---- C:\WINDOWS\system32\xactengine3_2.dll

2009-06-11 18:56:58 ----A---- C:\WINDOWS\system32\d3dx10_39.dll

2009-06-11 18:56:58 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll

2009-06-11 18:56:57 ----A---- C:\WINDOWS\system32\D3DX9_39.dll

2009-06-11 18:56:56 ----A---- C:\WINDOWS\system32\XAudio2_1.dll

2009-06-11 18:56:56 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll

2009-06-11 18:56:55 ----A---- C:\WINDOWS\system32\xactengine3_1.dll

2009-06-11 18:56:55 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll

2009-06-11 18:56:55 ----A---- C:\WINDOWS\system32\d3dx10_38.dll

2009-06-11 18:56:55 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll

2009-06-11 18:56:54 ----A---- C:\WINDOWS\system32\D3DX9_38.dll

2009-06-11 18:56:53 ----A---- C:\WINDOWS\system32\XAudio2_0.dll

2009-06-11 18:56:53 ----A---- C:\WINDOWS\system32\xactengine3_0.dll

2009-06-11 18:56:52 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll

2009-06-11 18:56:52 ----A---- C:\WINDOWS\system32\d3dx10_37.dll

2009-06-11 18:56:52 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll

2009-06-11 18:56:51 ----A---- C:\WINDOWS\system32\D3DX9_37.dll

2009-06-11 18:56:50 ----A---- C:\WINDOWS\system32\xactengine2_10.dll

2009-06-11 18:56:50 ----A---- C:\WINDOWS\system32\d3dx10_36.dll

2009-06-11 18:56:50 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll

2009-06-11 18:56:49 ----A---- C:\WINDOWS\system32\d3dx9_36.dll

2009-06-11 18:56:48 ----A---- C:\WINDOWS\system32\xactengine2_9.dll

2009-06-11 18:56:48 ----A---- C:\WINDOWS\system32\d3dx10_35.dll

2009-06-11 18:56:48 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll

2009-06-11 18:56:09 ----A---- C:\WINDOWS\system32\xactengine2_5.dll

2009-06-11 18:56:08 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-06-11 18:56:07 ----A---- C:\WINDOWS\system32\xactengine2_4.dll

2009-06-11 18:56:05 ----A---- C:\WINDOWS\system32\xactengine2_3.dll

2009-06-11 18:56:05 ----A---- C:\WINDOWS\system32\d3dx9_31.dll

2009-06-11 18:56:04 ----A---- C:\WINDOWS\system32\xinput1_2.dll

2009-06-11 18:55:39 ----D---- C:\WINDOWS\Logs

2009-06-08 00:13:24 ----D---- C:\Program Files\iPod

2009-06-04 23:50:47 ----RASHD---- C:\autorun.inf

2009-06-04 13:20:49 ----D---- C:\Program Files\CCleaner

2009-06-02 12:43:18 ----D---- C:\MSNCleaner

2009-06-02 12:36:19 ----D---- C:\SDFix

2009-06-02 00:01:52 ----D---- C:\Documents and Settings\Killinstinct\Application Data\Malwarebytes

2009-06-02 00:01:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-06-02 00:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-05-28 20:15:51 ----A---- C:\tj.vbs

2009-05-23 01:43:27 ----D---- C:\Program Files\Common Files\PC Tools

2009-05-23 01:43:21 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools

2009-05-22 23:26:32 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}

2009-05-22 23:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec

2009-05-22 23:24:40 ----D---- C:\Documents and Settings\All Users\Application Data\Norton

2009-05-22 23:23:58 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller

======List of files/folders modified in the last 1 months======

2009-06-20 12:12:35 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-06-20 12:03:47 ----D---- C:\Program Files\Mozilla Firefox

2009-06-20 12:03:13 ----SD---- C:\WINDOWS\Tasks

2009-06-20 12:00:51 ----D---- C:\WINDOWS\Temp

2009-06-20 12:00:44 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-20 12:00:34 ----D---- C:\WINDOWS\system32\drivers

2009-06-20 02:15:41 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-19 12:16:44 ----D---- C:\WINDOWS\Prefetch

2009-06-19 00:48:41 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-17 16:59:27 ----D---- C:\Documents and Settings\Killinstinct\Application Data\dvdcss

2009-06-17 12:20:42 ----HD---- C:\$AVG8.VAULT$

2009-06-15 18:38:56 ----D---- C:\Documents and Settings\Killinstinct\Application Data\Azureus

2009-06-13 12:03:09 ----HD---- C:\WINDOWS\inf

2009-06-12 12:10:35 ----D---- C:\WINDOWS

2009-06-12 12:09:54 ----D---- C:\WINDOWS\system32

2009-06-12 11:38:12 ----D---- C:\Config.Msi

2009-06-12 11:38:10 ----SHD---- C:\WINDOWS\Installer

2009-06-12 11:36:45 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-12 11:36:20 ----D---- C:\Program Files\Internet Explorer

2009-06-12 11:35:42 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-12 11:35:05 ----A---- C:\WINDOWS\system32\MRT.INI

2009-06-12 11:31:46 ----D---- C:\WINDOWS\Debug

2009-06-11 18:57:08 ----D---- C:\WINDOWS\system32\DirectX

2009-06-11 18:57:08 ----D---- C:\Program Files

2009-06-08 22:43:45 ----D---- C:\Program Files\Safari

2009-06-08 21:30:53 ----D---- C:\Documents and Settings\Killinstinct\Application Data\Spotify

2009-06-08 00:13:43 ----D---- C:\Program Files\iTunes

2009-06-08 00:13:22 ----D---- C:\Program Files\Common Files\Apple

2009-06-08 00:10:12 ----D---- C:\Program Files\QuickTime

2009-06-08 00:06:41 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-05 00:07:53 ----D---- C:\Program Files\Lavasoft

2009-06-04 13:33:34 ----D---- C:\WINDOWS\Minidump

2009-06-04 13:18:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2009-06-03 22:25:10 ----D---- C:\WINDOWS\system32\config

2009-06-03 21:52:34 ----D---- C:\$CTJTMP

2009-06-03 21:36:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-06-03 21:36:01 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-02 13:02:14 ----ASH---- C:\boot.ini

2009-06-02 13:02:14 ----A---- C:\WINDOWS\win.ini

2009-06-02 13:02:14 ----A---- C:\WINDOWS\system.ini

2009-06-01 18:51:12 ----A---- C:\WINDOWS\system32\MRT.exe

2009-05-30 22:51:03 ----D---- C:\Program Files\iDVDsoft

2009-05-23 15:04:45 ----HD---- C:\Program Files\InstallShield Installation Information

2009-05-23 14:41:53 ----D---- C:\Program Files\HOTALBUMMyBOX

2009-05-23 14:38:55 ----D---- C:\Program Files\CASIO

2009-05-23 14:30:40 ----D---- C:\Program Files\URUSoft

2009-05-23 01:50:38 ----D---- C:\Program Files\Spyware Doctor

2009-05-23 01:43:27 ----D---- C:\Program Files\Common Files

2009-05-23 01:04:19 ----D---- C:\Program Files\Common Files\Symantec Shared

2009-05-23 00:56:36 ----D---- C:\Program Files\Norton Security Scan

2009-05-23 00:32:35 ----D---- C:\Temp

2009-05-21 00:16:17 ----D---- C:\Documents and Settings\Killinstinct\Application Data\Move Networks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-11 327688]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-17 27784]

R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-04-30 108552]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]

R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-03-25 134656]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-04-11 502160]

R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 12160]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-03-25 6144]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-03-25 135696]

R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-03-25 144736]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]

R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-04-03 850880]

R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2003-04-01 142752]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]

R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 57440]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-03-25 190176]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-28 47360]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2008-05-31 434688]

R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408]

S1 STYLEXPHELPER;STYLEXPHELPER; \??\C:\Program Files\TGTSoft\StyleXP\STYLEXPHELPER.EXE []

S3 ap7k33fl;ap7k33fl; C:\WINDOWS\system32\drivers\ap7k33fl.sys []

S3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2009-02-04 170496]

S3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2004-08-04 104960]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-03-27 287920]

S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation); C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2004-08-04 13824]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

S3 OM518P;TwinkleCam Pro USB Camera; C:\WINDOWS\System32\Drivers\om518vid.sys [2002-01-31 185256]

S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 TdsNordecr;Nordea NCR1 SmartCard Reader; C:\WINDOWS\system32\DRIVERS\nordecr.sys [2007-10-30 23040]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-02-22 223128]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]

S4 WS2IFSL;Stödmiljö för Windows Socket 2.0 Icke-IFS-tjänstprovider; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2008-05-04 467029]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-17 906520]

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-19 298776]

R2 Bonjour Service;Bonjour-tjänst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\windows\system32\CTSvcCDA.EXE [1999-12-13 44032]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984]

R2 McrdSvc;Media Center Extender Service; C:\windows\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-03 72704]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547]

S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-02-03 68096]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-25 602112]

S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]

S4 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]

S4 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]

S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]

S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]

S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Link to comment
Share on other sites

Guest Malou

Hej aksaru!

Det här är loggen när jag valde "1 month" i listan. Kanske skulle tagit 2 eller 3 months?

Blev din dator infekterad för mer än en månad sedan?

Återkommer om en stund då jag gått igenom loggan du kopierat in hit. Tar en stund innan jag är klar ;)

//Malou

Link to comment
Share on other sites

Guest Malou

Hej aksaru!

Är Windows Defender något du vill ha kvar?

Om inte så avinstallera via kontrollpenelen lägg till/ta bort.

Ser att Ad-Aware ligger under Task. Var inte den avinstallerad?

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

*************************************************

Skulle vilja be dig om att söka/leta upp nedanstående fil: Gör enligt nedanstående.

För att hitta det du nu skall leta upp gör nedanstående:

Ställ in Utforskaren så du kan se alla filer:

1: Högerklicka på Start-knappen

2: Välj Utforska

3: I verktygsfältet klicka på => Verktyg => Mappalternativ

4: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar

5: Avbocka Dölj filnamnstillägg för kända filtyper

6: Avbocka Dölj skyddade operativsystemfiler

Sök/Leta reda på och ladda upp filen:

C:\tj.vbs

Då du hittat den så gå in på nedanstående sida (skickafilen)

Ladda upp filen => skriv in din mailadress

http://skickafilen.se/

Då du gjort så så kommer du att få en länk tillsänt dig. Den länken kopierar du och klistrar in här i ditt inlägg.

Jag kommer i min tur att ladda upp filen till mig för en närmare titt/undersökning av den.

OBS: Klicka inte på länken du får tillsänt dig. Den gäller enbart en enda gång. Skulle du mot förmodan klicka på den så får du göra om proceduren :wink:

MVH/Malou

Link to comment
Share on other sites

Guest Malou

Hej aksaru!

Har avinstallerat programmen nu, de var tydligen kvar :S

Jättebra att du nu har avinstallerat programmet.

Tack för filen.

Resultatet ser inte så roligt ut (VBScript.Vulnerable.gen!High (suspicious) )

http://www.virustotal.com/sv/analisis/6836...1071-1244543700

*******************************************************************************

Visa dolda filer och mappar Windows XP och Windows Vista och Windows7:

Windows XP-Användare:

1: Högerklicka på Start-knappen

2: Välj Utforska

3: I verktygsfältet klicka på => Verktyg => Mappalternativ

4: Välj fliken => Visning

5: Bocka i => Visa dolda filer, mappar & enheter

5: Avbocka Dölj filnamnstillägg för kända filtyper

6: Avbocka Dölj skyddade operativsystemfiler

7: Klicka på knappen => Verkställ

8: Klicka på knappen => Ok

Sök/Leta reda på:

Navigera dig fram enligt nedanstående sökväg och deleta filen

C:\tj.vbs <=Deleta filen

Töm papperskorgen

Starta om datorn

Om ovanstående inte fungerar i normalläge så gå in i felsäkert läge och gör proceduren.

Gör en ny scanning med RSIT

1: Dubbelklicka på verktyget för att starta RSIT

(För Vista => Högerklicka på verktyget och välj => Kör som Admin)

2: Då den scannat klart produceras en textfil (log.txt) i Anteckningar automatiskt. Om där mot förmodan inte dyker upp en textfil finns den att hitta här => I mappen C:\rsit => log.txt <=

3: Kopiera in den loggan hit till din tråd

4: Berätta/tala om hur datornmår

MVH/Malou

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...