Just nu i M3-nätverket
Gå till innehåll

__Josse

Medlem
  • Antal inlägg

    25
  • Gick med

  • Senaste besök

Allt postat av __Josse

  1. NU har jag lyckats lösa problemet. Tack för hjälpen!
  2. Kanske en jättedum fråga, men hur loggar jag in på routern?
  3. jag har kollat på den. under lan står det ipadresser och sånt men under internet står det bara 0.0.0 osv. Är det där felet ligger?
  4. det kommer upp en sida som man ska logga in på, vad gör jag när jag är inloggad där?
  5. En nätverkskabel in i internetporten på routern och en från lanport 1 till lanporten i datorn som det stod att man skulle göra. Jag vet inte om jag skriver in fel IP,DNA och sånt, hur får man reda på vilken man har?
  6. Jag har precis köpt en Dlink DIR 615 och följt deras installationsguide men det fungerar inte för att jag får upp en ruta om att mina ISP-isntällningar är fel. Är totalt nybörjare på sånt här så jag skulle uppskatta en guide till hur jag går tillväga för att installera den
  7. Tack för hjälpen! Tipsen fungerade och nu så har jag avinstallerat spelet
  8. Jag har ett spel som jag har försökt avinstallera. Första gången jag försökte så hängde sig avinstallationsprogrammet och nu kan jag inte avinstallera eller installera om det. Jag har försökt med CCleaner och med det vanliga "Lägg till eller ta bort program". Är det någon som har ett tips på vad jag ska göra?
  9. När jag går in på min hårddisk (C:) så finns det ett antal mappar där som jag tror är lite överflödiga och inte behöver vara där. Jag undrar om jag kan ta bort dessa eller blir det risk att jag förstör hela datorn då? Mapparna heter följande: [log]1.7ba5522c05e160ecacb02b3b Innehåller en till mapp som heter update och som jag inte har åtkomst till. 2.7853e48da8422c0f62 Som jag inte heller har åtkomst till 3.cf Innehåller två filer som heter CF20594 och ErrTrap1 4.ComboFix Och innehåller filen nircmd 5.QooBox Innehåller en massa textdokument samt två dat-filer och två mappar 6.sysprep Innehåller mappen i386 som i sin tur innehåller mappen $OEM$ som är tom 7.temp Som innehåller en massa dat-filer Vad är förresten en dat-fil? [/log] [inlägget ändrat 2008-08-27 00:13:28 av __Josse]
  10. Hej! Idag uppstod ett problem på min familjs gemensamma dator. När man växlar användare och sedan ska logga in på en annans användare så går det inte. Det bara blinkar till och så är man fortfarande kvar på välkomstskärmen... Vad kan det bero på?
  11. Datorn fungerar som vanligt men jag körde ComboFix och HijackThis en gång till som du sa. [log]ComboFix 08-05-29.1 - Josse 2008-06-02 18:20:00.9 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.783 [GMT 2:00] Running from: C:\Documents and Settings\Josse\Mina dokument\Program\ComboFix.exe Command switches used :: C:\Documents and Settings\Josse\Skrivbord\CFScript.txt FILE :: C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\Adobeo.exe C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\spywarewarning2.mht C:\WINDOWS\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe C:\WINDOWS\system32\404Fix.exe C:\WINDOWS\system32\Adobeo.exe C:\WINDOWS\system32\beep.sys C:\WINDOWS\system32\spywarewarning2.mht C:\WINDOWS\system32\tmp.reg . ((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))) . 2008-06-01 15:41 . 2008-06-01 15:47 <KAT> d-------- C:\cf 2008-05-31 13:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-31 13:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-31 13:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-31 13:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-31 13:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-31 13:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-31 13:04 . 2008-05-31 13:04 <KAT> d-------- C:\Program\uTorrent 2008-05-31 12:47 . 2008-05-31 12:47 <KAT> d-------- C:\Program\Trend Micro 2008-05-31 00:19 . 2008-05-31 00:19 <KAT> d-------- C:\Program\Windows Defender 2008-05-23 16:14 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\gtk-2.0 2008-05-23 16:13 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\avidemux 2008-05-20 19:07 . 2008-05-20 19:07 <KAT> d-------- C:\Program\iPod 2008-05-16 21:16 . 2008-05-16 21:39 <KAT> d-------- C:\Documents and Settings\Jennie\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 16:11 --------- d-----w C:\Documents and Settings\Josse\Application Data\Azureus 2008-06-01 17:40 --------- d-----w C:\Documents and Settings\Josse\Application Data\U3 2008-06-01 09:08 --------- d-----w C:\Documents and Settings\Jennie\Application Data\LimeWire 2008-05-31 15:11 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-05-30 20:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 21:33 --------- d-----w C:\Documents and Settings\Josse\Application Data\LimeWire 2008-05-23 14:02 --------- d-----w C:\Documents and Settings\Josse\Application Data\dvdcss 2008-05-21 19:27 --------- d-----w C:\Program\Norton Internet Security 2008-05-20 17:21 --------- d-----w C:\Program\Apple Software Update 2008-05-20 17:07 --------- d-----w C:\Program\iTunes 2008-05-20 17:05 --------- d-----w C:\Program\QuickTime 2008-05-09 13:30 --------- d-----w C:\Program\Combined Community Codec Pack 2008-05-06 17:53 --------- d-----w C:\Documents and Settings\Josse\Application Data\Vso 2008-04-16 16:48 --------- d-----w C:\Program\EA GAMES 2008-04-16 15:42 --------- d-----w C:\Program\Azureus 2008-04-13 10:27 --------- d-----w C:\Program\AGEIA Technologies 2008-04-13 10:26 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard 2008-04-13 10:14 --------- d--h--w C:\Program\InstallShield Installation Information 2008-04-13 10:14 --------- d-----w C:\Program\Ubisoft 2008-04-11 14:51 --------- d-----w C:\Program\Electronic Arts 2008-04-04 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-03 18:14 --------- d-----w C:\Program\Java 2008-04-02 20:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-29 21:31 47,360 ----a-w C:\Documents and Settings\Josse\Application Data\pcouffin.sys 2008-03-25 18:43 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe 2008-03-25 18:43 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-31_16.07.36.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 13:59:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-02 16:17:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-26 15:00:10 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-01 19:18:16 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-26 15:00:10 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat + 2008-06-01 19:18:16 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat - 2008-05-26 15:00:10 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-01 19:18:16 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-26 15:00:11 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat + 2008-06-01 19:18:16 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program\Windows Live\Family Safety\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:41 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] "Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-12-15 18:25 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Microsoft Windows Installer"="C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 06:55 155648] "HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 03:34 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 03:31 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440] "Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 18:22 106496] "WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 04:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 17:49 49152 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 05:54 253952] "WINCINEMAMGR"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "StatusClient"="C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "HPLJ Config"="C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 19:32 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "fssui"="C:\Program\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240] "NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2004-02-13 04:38 49152] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 18:33 58984] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2008-03-01 21:08 100056] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-03-19 19:19 185896] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE] "StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 14:54 57344] "CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344] C:\Documents and Settings\Josse\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 13:31:38 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program\\LimeWire\\LimeWire.exe"= "C:\\Program\\Internet Explorer\\iexplore.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Program\\iTunes\\iTunes.exe"= S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 19:08] S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53] S2 fsssvc;Windows Live OneCare Family Safety;"C:\Program\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13] S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-24 04:34] S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-28 02:49] S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-30 13:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe -a *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-26 19:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-06-02 16:02:01 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE "2008-06-02 16:20:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-05-30 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job" - C:\Program\NORTON~2\NORTON~1\Navw32.exeh/task: "2008-04-19 23:06:19 C:\WINDOWS\Tasks\WebReg 20080420010618.job" - C:\Program\HP\Digital Imaging\bin\hpqwrg.exe4/TaskName 20080420010618 /N . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-02 18:24:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VTTimer"="VTTimer.exe" . Completion time: 2008-06-02 18:26:08 ComboFix-quarantined-files.txt 2008-06-02 16:25:48 ComboFix2.txt 2008-06-01 16:46:34 ComboFix3.txt 2008-06-01 16:27:21 ComboFix4.txt 2008-06-01 15:22:09 ComboFix5.txt 2008-06-01 13:47:27 Pre-Run: 32,116,891,648 byte ledigt Post-Run: 32,197,365,760 byte ledigt 214 --- E O F --- 2008-05-31 14:11:28 [/log][log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:27:23, on 2008-06-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program\Windows Live\Family Safety\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [statusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1053 -sl 120000 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [fssui] "C:\Program\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [CMSRegOW.exe] "C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" /r (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe -- End of file - 12014 bytes [/log]
  12. Tack för all hjälp jag har fått! Jag tror att problemet nämligen är löst. Jag körde ComboFix på de andra användarna på datorn och sen så ändrade jag allas startsidor (något hade ändrat allas) tillbaka och nu så fungerar det. Bifogar loggarna för de andra användarna ifall ni hittar något fel. [log]ComboFix 08-05-29.1 - HP_Ägaren 2008-06-01 18:21:42.7 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\HP_Ägaren\Skrivbord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\spywarewarning.mht . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-01 15:41 . 2008-06-01 15:47 <KAT> d-------- C:\cf 2008-05-31 13:31 . 2008-05-31 13:31 6,406 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-31 13:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-31 13:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-31 13:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-31 13:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-31 13:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-31 13:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-31 13:04 . 2008-05-31 13:04 <KAT> d-------- C:\Program\uTorrent 2008-05-31 12:47 . 2008-05-31 12:47 <KAT> d-------- C:\Program\Trend Micro 2008-05-31 00:19 . 2008-05-31 00:19 <KAT> d-------- C:\Program\Windows Defender 2008-05-30 22:39 . 2008-05-30 22:39 97,792 -r-hs---- C:\WINDOWS\system32\Adobeo.exe 2008-05-30 22:39 . 2008-06-01 18:11 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht 2008-05-30 22:39 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-23 16:14 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\gtk-2.0 2008-05-23 16:13 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\avidemux 2008-05-20 19:07 . 2008-05-20 19:07 <KAT> d-------- C:\Program\iPod 2008-05-16 21:16 . 2008-05-16 21:39 <KAT> d-------- C:\Documents and Settings\Jennie\Application Data\U3 2008-05-01 12:27 . 2008-05-15 18:34 <KAT> d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 09:08 --------- d-----w C:\Documents and Settings\Jennie\Application Data\LimeWire 2008-05-31 15:11 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-05-31 12:43 --------- d-----w C:\Documents and Settings\Josse\Application Data\U3 2008-05-30 20:50 --------- d-----w C:\Documents and Settings\Josse\Application Data\Azureus 2008-05-30 20:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 21:33 --------- d-----w C:\Documents and Settings\Josse\Application Data\LimeWire 2008-05-23 14:02 --------- d-----w C:\Documents and Settings\Josse\Application Data\dvdcss 2008-05-21 19:27 --------- d-----w C:\Program\Norton Internet Security 2008-05-20 17:21 --------- d-----w C:\Program\Apple Software Update 2008-05-20 17:07 --------- d-----w C:\Program\iTunes 2008-05-20 17:05 --------- d-----w C:\Program\QuickTime 2008-05-09 13:30 --------- d-----w C:\Program\Combined Community Codec Pack 2008-05-06 17:53 --------- d-----w C:\Documents and Settings\Josse\Application Data\Vso 2008-04-16 16:48 --------- d-----w C:\Program\EA GAMES 2008-04-16 15:42 --------- d-----w C:\Program\Azureus 2008-04-13 10:27 --------- d-----w C:\Program\AGEIA Technologies 2008-04-13 10:26 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard 2008-04-13 10:14 --------- d--h--w C:\Program\InstallShield Installation Information 2008-04-13 10:14 --------- d-----w C:\Program\Ubisoft 2008-04-11 14:51 --------- d-----w C:\Program\Electronic Arts 2008-04-04 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-03 18:14 --------- d-----w C:\Program\Java 2008-04-02 20:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-01 19:42 --------- d-----w C:\Program\Lavasoft 2008-04-01 18:38 --------- d-----w C:\Program\CCleaner 2008-03-29 21:31 47,360 ----a-w C:\Documents and Settings\Josse\Application Data\pcouffin.sys 2008-03-25 18:43 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe 2008-03-25 18:43 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-31_16.07.36.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 13:59:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 16:17:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-26 15:00:10 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-01 08:43:20 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-26 15:00:10 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat + 2008-06-01 08:43:20 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat - 2008-05-26 15:00:10 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-01 08:43:20 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-26 15:00:11 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat + 2008-06-01 08:43:20 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program\Windows Live\Family Safety\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:41 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 06:55 155648] "HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 03:34 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 03:31 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440] "Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 18:22 106496] "WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 04:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 17:49 49152 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 05:54 253952] "WINCINEMAMGR"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "StatusClient"="C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "HPLJ Config"="C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 19:32 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "fssui"="C:\Program\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240] "NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2004-02-13 04:38 49152] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 18:33 58984] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2008-03-01 21:08 100056] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-03-19 19:19 185896] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE] "StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 14:54 57344] "CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344] C:\Documents and Settings\Josse\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 13:31:38 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program\\LimeWire\\LimeWire.exe"= "C:\\Program\\Internet Explorer\\iexplore.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Program\\iTunes\\iTunes.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd9f1fb8-a711-11dc-83ae-0012bf0315d8}] \Shell\AutoRun\command - K:\start.bat . Contents of the 'Scheduled Tasks' folder "2008-05-26 19:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-06-01 16:02:01 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE "2008-06-01 16:21:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-05-30 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job" - C:\Program\NORTON~2\NORTON~1\Navw32.exeh/task: "2008-04-19 23:06:19 C:\WINDOWS\Tasks\WebReg 20080420010618.job" - C:\Program\HP\Digital Imaging\bin\hpqwrg.exe4/TaskName 20080420010618 /N . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net Rootkit scan 2008-06-01 18:26:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VTTimer"="VTTimer.exe" . Completion time: 2008-06-01 18:27:20 ComboFix-quarantined-files.txt 2008-06-01 16:27:09 ComboFix2.txt 2008-06-01 15:22:09 ComboFix3.txt 2008-06-01 13:47:27 Pre-Run: 32,105,508,864 byte ledigt Post-Run: 32,100,601,856 byte ledigt 199 --- E O F --- 2008-05-31 14:11:28 ComboFix 08-05-29.1 - Jennie 2008-06-01 18:40:31.8 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Jennie\Skrivbord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\spywarewarning.mht . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-01 15:41 . 2008-06-01 15:47 <KAT> d-------- C:\cf 2008-05-31 13:31 . 2008-05-31 13:31 6,406 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-31 13:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-31 13:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-31 13:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-31 13:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-31 13:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-31 13:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-31 13:04 . 2008-05-31 13:04 <KAT> d-------- C:\Program\uTorrent 2008-05-31 12:47 . 2008-05-31 12:47 <KAT> d-------- C:\Program\Trend Micro 2008-05-31 00:19 . 2008-05-31 00:19 <KAT> d-------- C:\Program\Windows Defender 2008-05-30 22:39 . 2008-05-30 22:39 97,792 -r-hs---- C:\WINDOWS\system32\Adobeo.exe 2008-05-30 22:39 . 2008-06-01 18:32 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht 2008-05-30 22:39 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-23 16:14 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\gtk-2.0 2008-05-23 16:13 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\avidemux 2008-05-20 19:07 . 2008-05-20 19:07 <KAT> d-------- C:\Program\iPod 2008-05-16 21:16 . 2008-05-16 21:39 <KAT> d-------- C:\Documents and Settings\Jennie\Application Data\U3 2008-05-01 12:27 . 2008-05-15 18:34 <KAT> d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 09:08 --------- d-----w C:\Documents and Settings\Jennie\Application Data\LimeWire 2008-05-31 15:11 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-05-31 12:43 --------- d-----w C:\Documents and Settings\Josse\Application Data\U3 2008-05-30 20:50 --------- d-----w C:\Documents and Settings\Josse\Application Data\Azureus 2008-05-30 20:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 21:33 --------- d-----w C:\Documents and Settings\Josse\Application Data\LimeWire 2008-05-23 14:02 --------- d-----w C:\Documents and Settings\Josse\Application Data\dvdcss 2008-05-21 19:27 --------- d-----w C:\Program\Norton Internet Security 2008-05-20 17:21 --------- d-----w C:\Program\Apple Software Update 2008-05-20 17:07 --------- d-----w C:\Program\iTunes 2008-05-20 17:05 --------- d-----w C:\Program\QuickTime 2008-05-09 13:30 --------- d-----w C:\Program\Combined Community Codec Pack 2008-05-06 17:53 --------- d-----w C:\Documents and Settings\Josse\Application Data\Vso 2008-04-16 16:48 --------- d-----w C:\Program\EA GAMES 2008-04-16 15:42 --------- d-----w C:\Program\Azureus 2008-04-13 10:27 --------- d-----w C:\Program\AGEIA Technologies 2008-04-13 10:26 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard 2008-04-13 10:14 --------- d--h--w C:\Program\InstallShield Installation Information 2008-04-13 10:14 --------- d-----w C:\Program\Ubisoft 2008-04-11 14:51 --------- d-----w C:\Program\Electronic Arts 2008-04-04 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-03 18:14 --------- d-----w C:\Program\Java 2008-04-02 20:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-01 19:42 --------- d-----w C:\Program\Lavasoft 2008-04-01 18:38 --------- d-----w C:\Program\CCleaner 2008-03-29 21:31 47,360 ----a-w C:\Documents and Settings\Josse\Application Data\pcouffin.sys 2008-03-25 18:43 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe 2008-03-25 18:43 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-31_16.07.36.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 13:59:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 16:36:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-26 15:00:10 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-01 08:43:20 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-26 15:00:10 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat + 2008-06-01 08:43:20 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat - 2008-05-26 15:00:10 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-01 08:43:20 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-26 15:00:11 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat + 2008-06-01 08:43:20 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program\Windows Live\Family Safety\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:41 68856] "MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "AdobeUpdater"="C:\Program\Delade filer\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 06:55 155648] "HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 03:34 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 03:31 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440] "Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 18:22 106496] "WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 04:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 17:49 49152 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 05:54 253952] "WINCINEMAMGR"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "StatusClient"="C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "HPLJ Config"="C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 19:32 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "fssui"="C:\Program\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240] "NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2004-02-13 04:38 49152] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 18:33 58984] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2008-03-01 21:08 100056] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-03-19 19:19 185896] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE] "StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 14:54 57344] "CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344] C:\Documents and Settings\Josse\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 13:31:38 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program\\LimeWire\\LimeWire.exe"= "C:\\Program\\Internet Explorer\\iexplore.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Program\\iTunes\\iTunes.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-26 19:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-06-01 16:02:01 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE "2008-06-01 16:40:23 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-05-30 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job" - C:\Program\NORTON~2\NORTON~1\Navw32.exeh/task: "2008-04-19 23:06:19 C:\WINDOWS\Tasks\WebReg 20080420010618.job" - C:\Program\HP\Digital Imaging\bin\hpqwrg.exe4/TaskName 20080420010618 /N . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 18:44:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VTTimer"="VTTimer.exe" . Completion time: 2008-06-01 18:46:32 ComboFix-quarantined-files.txt 2008-06-01 16:45:38 ComboFix2.txt 2008-06-01 16:27:21 ComboFix3.txt 2008-06-01 15:22:09 ComboFix4.txt 2008-06-01 13:47:27 Pre-Run: 32,107,847,680 byte ledigt Post-Run: 32,095,477,760 byte ledigt 199 --- E O F --- 2008-05-31 14:11:28 [/log]
  13. Här kommer loggarna då: [log]ComboFix 08-05-29.1 - Josse 2008-06-01 17:16:35.6 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1053.18.784 [GMT 2:00] Running from: C:\Documents and Settings\Josse\Skrivbord\ComboFix.exe Command switches used :: C:\Documents and Settings\Josse\Skrivbord\CFScript.txt . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-01 15:41 . 2008-06-01 15:47 <KAT> d-------- C:\cf 2008-05-31 13:31 . 2008-05-31 13:31 6,406 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-31 13:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-31 13:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-31 13:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-31 13:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-31 13:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-31 13:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-31 13:04 . 2008-05-31 13:04 <KAT> d-------- C:\Program\uTorrent 2008-05-31 12:47 . 2008-05-31 12:47 <KAT> d-------- C:\Program\Trend Micro 2008-05-31 00:19 . 2008-05-31 00:19 <KAT> d-------- C:\Program\Windows Defender 2008-05-30 22:39 . 2008-05-30 22:39 97,792 -r-hs---- C:\WINDOWS\system32\Adobeo.exe 2008-05-30 22:39 . 2008-06-01 15:34 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht 2008-05-30 22:39 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-23 16:14 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\gtk-2.0 2008-05-23 16:13 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\avidemux 2008-05-20 19:07 . 2008-05-20 19:07 <KAT> d-------- C:\Program\iPod 2008-05-16 21:16 . 2008-05-16 21:39 <KAT> d-------- C:\Documents and Settings\Jennie\Application Data\U3 2008-05-01 12:27 . 2008-05-15 18:34 <KAT> d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 09:08 --------- d-----w C:\Documents and Settings\Jennie\Application Data\LimeWire 2008-05-31 15:11 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-05-31 12:43 --------- d-----w C:\Documents and Settings\Josse\Application Data\U3 2008-05-30 20:50 --------- d-----w C:\Documents and Settings\Josse\Application Data\Azureus 2008-05-30 20:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 21:33 --------- d-----w C:\Documents and Settings\Josse\Application Data\LimeWire 2008-05-23 14:02 --------- d-----w C:\Documents and Settings\Josse\Application Data\dvdcss 2008-05-21 19:27 --------- d-----w C:\Program\Norton Internet Security 2008-05-20 17:21 --------- d-----w C:\Program\Apple Software Update 2008-05-20 17:07 --------- d-----w C:\Program\iTunes 2008-05-20 17:05 --------- d-----w C:\Program\QuickTime 2008-05-09 13:30 --------- d-----w C:\Program\Combined Community Codec Pack 2008-05-06 17:53 --------- d-----w C:\Documents and Settings\Josse\Application Data\Vso 2008-04-16 16:48 --------- d-----w C:\Program\EA GAMES 2008-04-16 15:42 --------- d-----w C:\Program\Azureus 2008-04-13 10:27 --------- d-----w C:\Program\AGEIA Technologies 2008-04-13 10:26 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard 2008-04-13 10:14 --------- d--h--w C:\Program\InstallShield Installation Information 2008-04-13 10:14 --------- d-----w C:\Program\Ubisoft 2008-04-11 14:51 --------- d-----w C:\Program\Electronic Arts 2008-04-04 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-03 18:14 --------- d-----w C:\Program\Java 2008-04-02 20:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-01 19:42 --------- d-----w C:\Program\Lavasoft 2008-04-01 18:38 --------- d-----w C:\Program\CCleaner 2008-03-29 21:31 47,360 ----a-w C:\Documents and Settings\Josse\Application Data\pcouffin.sys 2008-03-25 18:43 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe 2008-03-25 18:43 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-31_16.07.36.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 13:59:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 15:13:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-26 15:00:10 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-01 08:43:20 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-26 15:00:10 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat + 2008-06-01 08:43:20 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat - 2008-05-26 15:00:10 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-01 08:43:20 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-26 15:00:11 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat + 2008-06-01 08:43:20 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program\Windows Live\Family Safety\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:41 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] "Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-12-15 18:25 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Microsoft Windows Installer"="C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe" [2008-05-30 22:43 129024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 06:55 155648] "HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 03:34 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 03:31 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440] "Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 18:22 106496] "WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 04:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 17:49 49152 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 05:54 253952] "WINCINEMAMGR"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "StatusClient"="C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "HPLJ Config"="C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 19:32 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "fssui"="C:\Program\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240] "NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2004-02-13 04:38 49152] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 18:33 58984] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2008-03-01 21:08 100056] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-03-19 19:19 185896] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE] "StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 14:54 57344] "CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344] C:\Documents and Settings\Josse\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 13:31:38 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program\\LimeWire\\LimeWire.exe"= "C:\\Program\\Internet Explorer\\iexplore.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Program\\iTunes\\iTunes.exe"= S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 19:08] S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53] S2 fsssvc;Windows Live OneCare Family Safety;"C:\Program\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13] S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-24 04:34] S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-28 02:49] S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-30 13:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed6e6aec-0655-11dd-8567-0012bf0315d8}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-26 19:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-06-01 15:02:01 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE "2008-06-01 15:17:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-05-30 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job" - C:\Program\NORTON~2\NORTON~1\Navw32.exeh/task: "2008-04-19 23:06:19 C:\WINDOWS\Tasks\WebReg 20080420010618.job" - C:\Program\HP\Digital Imaging\bin\hpqwrg.exe4/TaskName 20080420010618 /N . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 17:20:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VTTimer"="VTTimer.exe" . Completion time: 2008-06-01 17:22:08 ComboFix-quarantined-files.txt 2008-06-01 15:21:47 ComboFix2.txt 2008-06-01 13:47:27 Pre-Run: 32,114,429,952 byte ledigt Post-Run: 32,101,814,272 byte ledigt 205 --- E O F --- 2008-05-31 14:11:28 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:27:03, on 2008-06-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccProxy.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Norton Internet Security\ISSVC.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE c:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe C:\Program\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\AGRSMMSG.exe C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Windows Live\Family Safety\fssui.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program\QuickTime\QTTask.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Messenger\msmsgs.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\HPBPRO.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program\Windows Live\Family Safety\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [statusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1053 -sl 120000 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [fssui] "C:\Program\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe -- End of file - 14341 bytes [/log]
  14. Datorn fungerar mkt bättre nu, inga varningar som ploppar upp. däremot får jag en varning när jag trycker på internet att en fil saknas, men det går att skriva in en adress och komma vidare till en sida (Min startsida kommer dock inte upp). [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:22:30, on 2008-06-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccProxy.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Norton Internet Security\ISSVC.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE c:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe C:\Program\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Windows Live\Family Safety\fssui.exe C:\Program\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\QTTask.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe C:\Program\iPod\bin\iPodService.exe C:\Program\internet explorer\iexplore.exe C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program\Messenger\msmsgs.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program\Windows Live\Family Safety\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [statusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1053 -sl 120000 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [fssui] "C:\Program\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe -- End of file - 14391 bytes [/log]
  15. [log]ComboFix 08-05-29.1 - Josse 2008-06-01 15:41:27.4 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Josse\Skrivbord\cf.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\spywarewarning.mht . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-05-31 13:31 . 2008-05-31 13:31 6,406 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-31 13:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-31 13:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-31 13:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-31 13:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-31 13:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-31 13:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-31 13:04 . 2008-05-31 13:04 <KAT> d-------- C:\Program\uTorrent 2008-05-31 12:47 . 2008-05-31 12:47 <KAT> d-------- C:\Program\Trend Micro 2008-05-31 00:19 . 2008-05-31 00:19 <KAT> d-------- C:\Program\Windows Defender 2008-05-30 22:39 . 2008-05-30 22:39 97,792 -r-hs---- C:\WINDOWS\system32\Adobeo.exe 2008-05-30 22:39 . 2008-06-01 15:34 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht 2008-05-30 22:39 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-23 16:14 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\gtk-2.0 2008-05-23 16:13 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\avidemux 2008-05-20 19:07 . 2008-05-20 19:07 <KAT> d-------- C:\Program\iPod 2008-05-16 21:16 . 2008-05-16 21:39 <KAT> d-------- C:\Documents and Settings\Jennie\Application Data\U3 2008-05-01 12:27 . 2008-05-15 18:34 <KAT> d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 09:08 --------- d-----w C:\Documents and Settings\Jennie\Application Data\LimeWire 2008-05-31 15:11 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-05-31 12:43 --------- d-----w C:\Documents and Settings\Josse\Application Data\U3 2008-05-30 20:50 --------- d-----w C:\Documents and Settings\Josse\Application Data\Azureus 2008-05-30 20:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-24 21:33 --------- d-----w C:\Documents and Settings\Josse\Application Data\LimeWire 2008-05-23 14:02 --------- d-----w C:\Documents and Settings\Josse\Application Data\dvdcss 2008-05-21 19:27 --------- d-----w C:\Program\Norton Internet Security 2008-05-20 17:21 --------- d-----w C:\Program\Apple Software Update 2008-05-20 17:07 --------- d-----w C:\Program\iTunes 2008-05-20 17:05 --------- d-----w C:\Program\QuickTime 2008-05-09 13:30 --------- d-----w C:\Program\Combined Community Codec Pack 2008-05-06 17:53 --------- d-----w C:\Documents and Settings\Josse\Application Data\Vso 2008-04-16 16:48 --------- d-----w C:\Program\EA GAMES 2008-04-16 15:42 --------- d-----w C:\Program\Azureus 2008-04-13 10:27 --------- d-----w C:\Program\AGEIA Technologies 2008-04-13 10:26 --------- d-----w C:\Program\Delade filer\Wise Installation Wizard 2008-04-13 10:14 --------- d--h--w C:\Program\InstallShield Installation Information 2008-04-13 10:14 --------- d-----w C:\Program\Ubisoft 2008-04-11 14:51 --------- d-----w C:\Program\Electronic Arts 2008-04-04 12:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-03 18:14 --------- d-----w C:\Program\Java 2008-04-02 20:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-04-01 19:42 --------- d-----w C:\Program\Lavasoft 2008-04-01 18:38 --------- d-----w C:\Program\CCleaner 2008-03-29 21:31 47,360 ----a-w C:\Documents and Settings\Josse\Application Data\pcouffin.sys 2008-03-25 18:43 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe 2008-03-25 18:43 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-05-31_16.07.36.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 13:59:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-01 13:39:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat - 2008-05-26 15:00:10 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-01 08:43:20 65,304 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-26 15:00:10 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat + 2008-06-01 08:43:20 77,506 ----a-w C:\WINDOWS\system32\perfc01D.dat - 2008-05-26 15:00:10 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-01 08:43:20 410,834 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-26 15:00:11 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat + 2008-06-01 08:43:20 413,372 ----a-w C:\WINDOWS\system32\perfh01D.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program\Windows Live\Family Safety\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:41 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] "Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-12-15 18:25 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Microsoft Windows Installer"="C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe" [2008-05-30 22:43 129024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 06:55 155648] "HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 03:34 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 03:31 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440] "Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 18:22 106496] "WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 04:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 17:49 49152 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 05:54 253952] "WINCINEMAMGR"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "StatusClient"="C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "HPLJ Config"="C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 19:32 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "fssui"="C:\Program\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240] "NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2004-02-13 04:38 49152] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 18:33 58984] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2008-03-01 21:08 100056] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-03-19 19:19 185896] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE] "StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 14:54 57344] "CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344] C:\Documents and Settings\Josse\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 13:31:38 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program\\LimeWire\\LimeWire.exe"= "C:\\Program\\Internet Explorer\\iexplore.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Program\\iTunes\\iTunes.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed6e6aec-0655-11dd-8567-0012bf0315d8}] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-26 19:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-06-01 11:02:00 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE "2008-06-01 13:43:22 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-05-30 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job" - C:\Program\NORTON~2\NORTON~1\Navw32.exeh/task: "2008-04-19 23:06:19 C:\WINDOWS\Tasks\WebReg 20080420010618.job" - C:\Program\HP\Digital Imaging\bin\hpqwrg.exe4/TaskName 20080420010618 /N . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 15:45:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VTTimer"="VTTimer.exe" . Completion time: 2008-06-01 15:47:26 ComboFix-quarantined-files.txt 2008-06-01 13:46:59 Pre-Run: 32,132,198,400 byte ledigt Post-Run: 32,140,496,896 byte ledigt 199 --- E O F --- 2008-05-31 14:11:28 [/log]
  16. Det fungerade inte datorn hägnde sig. Jag har använt en annan dator för att gå ut på nätet hela tiden. Edit:Nu fungerade plötsligt internet vilket det inte har gjort på hela helgen. [log] C:\WINDOWS\system32\tmp.reg Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.31 - BitDefender 7.2 2008.06.01 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.01 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.05.29 - eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.06.01 - Fortinet 3.14.0.0 2008.06.01 - GData 2.0.7306.1023 2008.06.01 - Ikarus T3.1.1.26.0 2008.06.01 - Kaspersky 7.0.0.125 2008.06.01 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.01 - NOD32v2 3149 2008.05.31 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 - Prevx1 V2 2008.06.01 - Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.01 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.01 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.05.31 - Webwasher-Gateway 6.6.2 2008.06.01 - Övrig information File size: 6406 bytes C:\WINDOWS\system32\Adobeo.exe Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 TR/Crypt.XPACK.Gen Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.31 - BitDefender 7.2 2008.06.01 Trojan.Crypt.DR CAT-QuickHeal 9.50 2008.05.31 (Suspicious) - DNAScan ClamAV 0.92.1 2008.06.01 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.05.29 Suspicious File eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.06.01 - Fortinet 3.14.0.0 2008.06.01 - GData 2.0.7306.1023 2008.06.01 - Ikarus T3.1.1.26.0 2008.06.01 - Kaspersky 7.0.0.125 2008.06.01 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.01 Trojan:Win32/Tibs.gen!H NOD32v2 3149 2008.05.31 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 Suspicious file Prevx1 V2 2008.06.01 Malicious Software Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.01 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.01 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.05.31 - Webwasher-Gateway 6.6.2 2008.06.01 Trojan.Crypt.XPACK.Gen Övrig information File size: 97792 bytes C:\WINDOWS\system32\spywarewarning2.mht Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.31 - BitDefender 7.2 2008.06.01 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.01 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.05.29 - eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.06.01 - Fortinet 3.14.0.0 2008.06.01 - GData 2.0.7306.1023 2008.06.01 - Ikarus T3.1.1.26.0 2008.06.01 - Kaspersky 7.0.0.125 2008.06.01 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.01 - NOD32v2 3149 2008.05.31 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 - Prevx1 V2 2008.06.01 - Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.01 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.01 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.05.31 - Webwasher-Gateway 6.6.2 2008.06.01 Exploit.HTML.Hostile-URL.gen (suspicious) Övrig information File size: 78378 bytes C:\WINDOWS\system32\beep.sys Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.31 - BitDefender 7.2 2008.06.01 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.01 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.05.29 - eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.06.01 - Fortinet 3.14.0.0 2008.06.01 - GData 2.0.7306.1023 2008.06.01 - Ikarus T3.1.1.26.0 2008.06.01 - Kaspersky 7.0.0.125 2008.06.01 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.01 - NOD32v2 3149 2008.05.31 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 - Prevx1 V2 2008.06.01 - Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.01 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.01 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.05.31 - Webwasher-Gateway 6.6.2 2008.06.01 - Övrig information File size: 4224 bytes C:\WINDOWS\system32\404Fix.exe Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.31 - BitDefender 7.2 2008.06.01 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.01 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.05.29 Win32.Womble eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.06.01 - Fortinet 3.14.0.0 2008.06.01 - GData 2.0.7306.1023 2008.06.01 - Ikarus T3.1.1.26.0 2008.06.01 - Kaspersky 7.0.0.125 2008.06.01 - McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.01 - NOD32v2 3149 2008.05.31 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 - Prevx1 V2 2008.06.01 Malicious Software Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.01 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.01 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.05.31 - Webwasher-Gateway 6.6.2 2008.06.01 - Övrig information File size: 82944 bytes C:\Documents and Settings\Josse\Application Data\gtk-2.0 Gick inte att skicka C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe Antivirus Version Senaste Uppdatering Resultat AhnLab-V3 2008.5.30.1 2008.05.30 - AntiVir 7.8.0.26 2008.06.01 - Authentium 5.1.0.4 2008.06.01 - Avast 4.8.1195.0 2008.05.31 - AVG 7.5.0.516 2008.05.31 - BitDefender 7.2 2008.06.01 - CAT-QuickHeal 9.50 2008.05.31 - ClamAV 0.92.1 2008.06.01 - DrWeb 4.44.0.09170 2008.06.01 - eSafe 7.0.15.0 2008.05.29 Suspicious File eTrust-Vet 31.4.5837 2008.05.30 - Ewido 4.0 2008.06.01 - F-Prot 4.4.4.56 2008.05.31 - F-Secure 6.70.13260.0 2008.06.01 Trojan-Dropper.Win32.Agent.seh Fortinet 3.14.0.0 2008.06.01 - GData 2.0.7306.1023 2008.06.01 Trojan-Dropper.Win32.Agent.seh Ikarus T3.1.1.26.0 2008.06.01 - Kaspersky 7.0.0.125 2008.06.01 Trojan-Dropper.Win32.Agent.seh McAfee 5307 2008.05.30 - Microsoft 1.3520 2008.06.01 - NOD32v2 3149 2008.05.31 - Norman 5.80.02 2008.05.30 - Panda 9.0.0.4 2008.05.31 - Prevx1 V2 2008.06.01 Fraudulent Security Program Rising 20.46.62.00 2008.06.01 - Sophos 4.29.0 2008.06.01 - Sunbelt 3.0.1139.1 2008.05.29 - Symantec 10 2008.06.01 - VBA32 3.12.6.6 2008.06.01 - VirusBuster 4.3.26:9 2008.05.31 - Webwasher-Gateway 6.6.2 2008.06.01 - Övrig information File size: 129024 bytes [/log] [inlägget ändrat 2008-06-01 13:34:52 av __Josse]
  17. Den raden finns inte i loggen, den har försvunnit
  18. De filerna finns inte kvar i loggen och jag kan inte gå ut på internet. [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:45, on 2008-06-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccProxy.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Norton Internet Security\ISSVC.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE c:\Program\Delade filer\LightScribe\LSSrvc.exe C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\hphmon06.exe C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe C:\Program\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\rundll32.exe C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Windows Live\Family Safety\fssui.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program\QuickTime\QTTask.exe C:\Program\iTunes\iTunesHelper.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe C:\WINDOWS\NCLAUNCH.EXe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Messenger\msmsgs.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program\Windows Live\Family Safety\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [statusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1053 -sl 120000 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [fssui] "C:\Program\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe O4 - HKLM\..\RunServices: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4080640445-3461483917-3889797617-1007\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'HP_Ägaren') O4 - HKUS\S-1-5-21-4080640445-3461483917-3889797617-1007\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background (User 'HP_Ägaren') O4 - HKUS\S-1-5-21-4080640445-3461483917-3889797617-1007\..\Run: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe (User 'HP_Ägaren') O4 - HKUS\S-1-5-21-4080640445-3461483917-3889797617-1007\..\RunServices: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe (User 'HP_Ägaren') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe -- End of file - 14980 bytes [/log]
  19. [log]ComboFix 08-05-29.1 - Josse 2008-05-31 16:42:40.3 - NTFSx86 MINIMAL Running from: C:\Documents and Settings\Josse\Skrivbord\cf.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Jennie\Lokala inställningar\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Josse\Application Data\inst.exe C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\clbdll.dll C:\WINDOWS\system32\clbinit.dll C:\WINDOWS\system32\drivers\clbdriver.sys C:\WINDOWS\system32\spywarewarning.mht D:\Autorun.inf M:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CLBDRIVER ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))) . 2008-05-31 13:31 . 2008-05-31 13:31 6,406 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-31 13:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-31 13:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-31 13:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-31 13:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-31 13:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-31 13:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-31 13:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-31 13:04 . 2008-05-31 13:04 <KAT> d-------- C:\Program\uTorrent 2008-05-31 12:47 . 2008-05-31 12:47 <KAT> d-------- C:\Program\Trend Micro 2008-05-31 00:19 . 2008-05-31 00:19 <KAT> d-------- C:\Program\Windows Defender 2008-05-30 22:39 . 2008-05-30 22:39 97,792 -r-hs---- C:\WINDOWS\system32\Adobeo.exe 2008-05-30 22:39 . 2008-05-31 14:50 78,378 --a------ C:\WINDOWS\system32\spywarewarning2.mht 2008-05-30 22:39 . 2004-08-04 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-05-23 16:14 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\gtk-2.0 2008-05-23 16:13 . 2008-05-23 16:15 <KAT> d-------- C:\Documents and Settings\Josse\avidemux 2008-05-20 19:07 . 2008-05-20 19:07 <KAT> d-------- C:\Program\iPod 2008-05-16 21:16 . 2008-05-16 21:39 <KAT> d-------- C:\Documents and Settings\Jennie\Application Data\U3 2008-05-01 12:27 . 2008-05-15 18:34 <KAT> d-------- C:\WINDOWS\system32\Adobe 2008-04-21 17:50 . 2008-04-21 17:50 <KAT> d-------- C:\Documents and Settings\Josse\.ov4n 2008-04-13 12:26 . 2008-04-13 12:26 <KAT> d-------- C:\WINDOWS\system32\AGEIA 2008-04-13 12:26 . 2008-04-13 12:27 <KAT> d-------- C:\Program\AGEIA Technologies 2008-04-13 12:14 . 2008-04-13 12:14 <KAT> d-------- C:\Program\Ubisoft 2008-04-09 19:31 . 2008-05-31 14:43 <KAT> d-------- C:\Documents and Settings\Josse\Application Data\U3 2008-04-05 15:27 . 2008-04-05 15:29 <KAT> d-------- C:\Documents and Settings\Josse\cbt 2008-04-02 19:58 . 2008-04-02 19:58 99,835 --a------ C:\WINDOWS\Run32A60.mch 2008-04-02 19:33 . 2008-04-02 19:33 <KAT> d-------- C:\WINDOWS\A6W_DATA 2008-04-02 19:33 . 2008-04-02 19:33 35 --a------ C:\WINDOWS\A6W.INI 2008-04-01 21:42 . 2008-04-01 21:42 <KAT> d-------- C:\Program\Lavasoft 2008-04-01 21:42 . 2008-04-04 14:40 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-01 21:41 . 2008-04-13 12:26 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard 2008-04-01 20:38 . 2008-04-01 20:38 <KAT> d-------- C:\Program\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-31 14:06 --------- d-----w C:\Program\Delade filer\Symantec Shared 2008-05-30 20:50 --------- d-----w C:\Documents and Settings\Josse\Application Data\Azureus 2008-05-30 20:37 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-29 12:12 --------- d-----w C:\Documents and Settings\Jennie\Application Data\LimeWire 2008-05-24 21:33 --------- d-----w C:\Documents and Settings\Josse\Application Data\LimeWire 2008-05-23 14:02 --------- d-----w C:\Documents and Settings\Josse\Application Data\dvdcss 2008-05-21 19:27 --------- d-----w C:\Program\Norton Internet Security 2008-05-20 17:21 --------- d-----w C:\Program\Apple Software Update 2008-05-20 17:07 --------- d-----w C:\Program\iTunes 2008-05-20 17:05 --------- d-----w C:\Program\QuickTime 2008-05-09 13:30 --------- d-----w C:\Program\Combined Community Codec Pack 2008-05-06 17:53 --------- d-----w C:\Documents and Settings\Josse\Application Data\Vso 2008-04-16 16:48 --------- d-----w C:\Program\EA GAMES 2008-04-16 15:42 --------- d-----w C:\Program\Azureus 2008-04-13 10:14 --------- d--h--w C:\Program\InstallShield Installation Information 2008-04-11 14:51 --------- d-----w C:\Program\Electronic Arts 2008-04-03 18:14 --------- d-----w C:\Program\Java 2008-04-02 20:56 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-03-29 21:31 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-03-29 21:31 47,360 ----a-w C:\Documents and Settings\Josse\Application Data\pcouffin.sys 2008-03-29 21:31 --------- d-----w C:\Program\VSO 2008-03-25 18:43 59,488 ----a-w C:\WINDOWS\system32\GenSvcInst.exe 2008-03-25 18:43 145,504 ----a-w C:\WINDOWS\system32\bgsvcgen.exe 2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:52 162,592 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-20 08:10 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-26 12:01 294,912 ----a-w C:\WINDOWS\system32\msctf.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-06 20:11 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-02-05 10:34 400,088 ----a-w C:\WINDOWS\system32\syswcc32.exe 2008-02-01 10:17 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((( snapshot@2008-05-31_16.07.36.64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-31 13:59:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-31 14:40:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}] 2007-12-17 12:12 56360 --a------ C:\Program\Windows Live\Family Safety\fssbho.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-16 15:41 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024] "msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:35 5724184] "Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-11-20 16:29 356352] "NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-12-15 18:25 65536] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360] "Microsoft Windows Installer"="C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe" [2008-05-30 22:43 129024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-21 06:55 155648] "HPHUPD06"="c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 03:34 49152] "HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-08 03:31 659456] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440] "Home Theater SchSvr"="C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" [2004-09-23 18:22 106496] "WINREMOTE"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-15 04:43 233472] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776] "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe] "VTTimer"="VTTimer.exe" [] "SiSPower"="SiSPower.dll" [2004-09-24 17:49 49152 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 09:18 24576 C:\WINDOWS\system32\CTHELPER.EXE] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 01:06 88363 C:\WINDOWS\AGRSMMSG.exe] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920] "CTDVDDET"="C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 02:00 45056] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 05:54 253952] "WINCINEMAMGR"="C:\Program\InterVideo\Common\Bin\WinRemote.exe" [2004-10-19 19:28 192512] "StatusClient"="C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 17:51 36864] "TomcatStartup"="C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 20:28 155648] "HPLJ Config"="C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 19:32 28672] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] "fssui"="C:\Program\Windows Live\Family Safety\fssui.exe" [2007-12-17 12:12 243240] "NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328] "DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920] "HP Software Update"="C:\Program\HP\HP Software Update\HPWuSchd2.exe" [2004-02-13 04:38 49152] "HP Component Manager"="C:\Program\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664] "Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2007-02-21 18:33 58984] "Symantec NetDriver Monitor"="C:\Program\SYMNET~1\SNDMon.exe" [2008-03-01 21:08 100056] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920] "TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-03-19 19:19 185896] "QuickTime Task"="C:\Program\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 10:13 49152 C:\WINDOWS\MIDIDEF.EXE] "StartMS"="C:\Program\Creative\Shared Files\Media Sniffer\StartMS.exe" [2003-03-26 14:54 57344] "CMSRegOW.exe"="C:\Program\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344] C:\Documents and Settings\Josse\Start-meny\Program\AutostartAdobe Gamma.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Program\AutostartHP Digital Imaging Monitor.lnk - C:\Program\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 13:31:38 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program\\LimeWire\\LimeWire.exe"= "C:\\Program\\Internet Explorer\\iexplore.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\Yeti_Final_Win32.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\gu.exe"= "C:\\Program\\Ubisoft\\Lost Via Domus\\detection\\Launcher.exe"= "C:\\Program\\iTunes\\iTunes.exe"= S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 19:08] S2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53] S2 fsssvc;Windows Live OneCare Family Safety;"C:\Program\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13] S3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-06-24 04:34] S3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-05-28 02:49] S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;C:\WINDOWS\system32\DRIVERS\PCTELSAP.SYS [2004-01-30 13:29] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K] \Shell\AutoRun\command - K:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-05-26 19:48:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program\Apple Software Update\SoftwareUpdate.exe "2008-05-31 14:02:05 C:\WINDOWS\Tasks\Kontrollera uppdateringar för Windows Live Toolbar.job" - C:\Program\Windows Live Toolbar\MSNTBUP.EXE "2008-05-31 14:44:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program\Windows Defender\MpCmdRun.exe "2008-05-30 18:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn - HP_Ägaren.job" - C:\Program\NORTON~2\NORTON~1\Navw32.exeh/task: "2008-04-19 23:06:19 C:\WINDOWS\Tasks\WebReg 20080420010618.job" - C:\Program\HP\Digital Imaging\bin\hpqwrg.exe4/TaskName 20080420010618 /N . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-31 16:47:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] "VTTimer"="VTTimer.exe" . Completion time: 2008-05-31 16:48:25 ComboFix-quarantined-files.txt 2008-05-31 14:48:03 Pre-Run: 32,229,724,160 byte ledigt Post-Run: 32,216,281,088 byte ledigt 223 --- E O F --- 2008-05-31 14:11:28 [/log]
  20. Det går inte att starta Combofix, varken i felsäket läge eller när jag har stängt alla program...
  21. Här kommer den då: [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:02:16, on 2008-05-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe C:\Program\Norton Internet Security\ISSVC.exe C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\CTSvcCDA.EXE c:\Program\Delade filer\LightScribe\LSSrvc.exe C:\WINDOWS\Explorer.EXE C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe C:\Program\InterVideo\Common\Bin\WinRemote.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\WINDOWS\system32\rundll32.exe C:\Program\Windows Live\Family Safety\fssui.exe C:\Program\DAEMON Tools\daemon.exe C:\Program\HP\HP Software Update\HPWuSchd2.exe C:\Program\HP\hpcoretech\hpcmpmgr.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program\Delade filer\Real\Update_OB\realsched.exe C:\Program\QuickTime\QTTask.exe C:\Program\iTunes\iTunesHelper.exe C:\WINDOWS\system32\Adobeo.exe C:\Program\Windows Defender\MSASCui.exe C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe C:\Program\Windows Live\Messenger\msnmsgr.exe C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\WINDOWS\NCLAUNCH.EXe C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe C:\Program\HP\Digital Imaging\bin\hpqtra08.exe C:\Program\iPod\bin\iPodService.exe C:\Program\Trend Micro\HijackThis\HijackThis.exe C:\Program\Messenger\msmsgs.exe C:\Program\Windows Live Toolbar\MSNTBUP.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\spywarewarning.mht R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program\Windows Live\Family Safety\fssbho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program\Delade filer\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [WINREMOTE] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [CTDVDDET] C:\Program\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WINCINEMAMGR] C:\Program\InterVideo\Common\Bin\WinRemote.exe O4 - HKLM\..\Run: [statusClient] C:\Program\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [HPLJ Config] C:\Program\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1053 -sl 120000 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [fssui] "C:\Program\Windows Live\Family Safety\fssui.exe" -autorun O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HP Software Update] "C:\Program\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunServices: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe O4 - HKCU\..\Run: [Microsoft Windows Installer] C:\Documents and Settings\Josse\Application Data\Microsoft\dtsc\16438.exe O4 - HKCU\..\RunServices: [iEUpdate] C:\WINDOWS\system32\Adobeo.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [setDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program\webhancer\programs\webhdll.dll' missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program\Delade filer\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program\Delade filer\Symantec Shared\Support Controls\ssrc.exe -- End of file - 14612 bytes [/log]
  22. Det går inte att starta installationsprogrammet till Hijackthis, det händer inget är jag dubbelklickar. Edit: NU kunde jag installera Hijackthis, men jag fick använda filen HJTSetup istället. Fast nu när jag kör scanningen så får jag ett meddelande om att Notepad måste avlsutas för att skydda datorn [inlägget ändrat 2008-05-31 12:50:20 av __Josse] Edit2: Här kommer loggen som bilder istället http://img144.imageshack.us/my.php?image=25524136pq6.png http://img71.imageshack.us/my.php?image=70049135dz8.png http://img71.imageshack.us/my.php?image=79559618ix4.png [inlägget ändrat 2008-05-31 13:18:03 av __Josse]
  23. Igår när jag skulle starta ett program så kom en massa varningar från Norton upp. Tex att program 123456.exe (alla med siffror)ville ha åtkomst det kom bara upp mer och mer. Och till sist kom en ruta upp som sa att min dator var infekterad med Spyware.Cyberlog-X. Jag körde både Windows Defender och Ad-Aware, men utan resultat. Idag så sökte jag lite på nätet och har nu laddat hem AVG Antivirus, Smitfraud och Hijackthis och tänkte kör med det lite senare (jag kör för tillfället Ad-Aware och Windows defender scan). Internet funkar inte på den datorn och det står att det är nåt fel på nätverket och att Symantec inte kan virussöka min e-post. Kan någon hjälpa mig?
×
×
  • Skapa nytt...