Omöjligt spyware

[jhn]

Tjenare,

 

Jag har fått någon slags spyware på datorn. Nod32, Norton, AdAware, Spybot, Windows Defender och Webroot hittar ingenting men min brandvägg loggar dessa transaktioner

 

 

[log]2007-02-26 19:44:09 Allowed 10 Outgoing TCP www.4w4.ru [81.222.134.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1182 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP www.4w4.ru [81.222.134.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1181 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP www.that-new.info [84.252.148.70] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1178 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP www.that-new.info [84.252.148.70] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1176 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP content3.porkolt.com [85.17.36.46] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1196 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP content3.porkolt.com [85.17.36.46] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1194 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP js.redtram.com [213.186.114.173] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1167 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP n4p.ru.redtram.com [213.186.114.184] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1190 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP n4p.ru.redtram.com [213.186.114.184] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1169 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1218 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1216 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1214 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1202 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1198 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1192 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1188 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1186 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1173apps

2007-02-26 19:44:09 Allowed 10 Outgoing TCP img2.ru.redtram.com [213.186.114.189] 00-0F-CB-B5-F7-4E 80 192.168.1.2 00-11-11-38-C0-99 1171 C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

[/log]

 

Detta är bara ett axplock och jag är säker på att jag fått in någon skit i datorn. Jag kör svenskt Windows men hade nyss ochså en skapad katalog i startmenyn som hette Accessories med en Internet explorer ikon innuti. Denna fanns ej för 5 min sedan.

 

Min TeaTimer har även varnat för att något program vill göra dessa ändringar, ca 10 gånger i minuten:

 

2007-02-26 19:23:02 Denied value "{44692597-B1B1-4B30-AB2A-67CA528666D3}" (new data: "") added in Browser Helper Object!

2007-02-26 19:23:03 Denied value "qomkhhg" (new data: "") added in Winlogon Notifiers!

2007-02-26 19:23:03 Denied value "vturr" (new data: "") added in Winlogon Notifiers!

 

Snälla hjälp....

 

 

[inlägget ändrat 2007-02-26 20:03:19 av jhn]

 

[inlägget ändrat 2007-02-27 09:40:33 av Anders N]

[Zipp.]

 

Ser ut som Vundo enligt TeaTimer

 

Ladda ner HijackThis.exe och scanna datorn med det.

Skicka hit loggen sen så tar vi en titt hur den ser ut.

 

http://www.thespykiller.co.uk/files/HJTsetup.exe

 

Före du scannar med HijackThis.exe så byt namn på den till rensare.exe Sen scanna och skicka loggen.

 

[jhn]

Tusen tack för hjälpen, jag bytte namn på filen och körde en scan samt loggade resultatet, det följer nedan:

 

En helt OT fråga är: Har jag alldeles för mycket processer igång, tycker datorn börjar gå segt :-)

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:12:13, on 2007-02-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Rensare\rensare.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - C:\WINDOWS\system32\vturr.dll

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\qomkhhg.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: qomkhhg - C:\WINDOWS\SYSTEM32\qomkhhg.dll

O20 - Winlogon Notify: vturr - C:\WINDOWS\system32\vturr.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

[/log]

 

 

[inlägget ändrat 2007-02-26 20:14:40 av jhn]

[Zipp.]

 

Har du 2 antivirus igång Nod32 och Norton

Isåfall stäng av en av dom.

 

Surfa hit och följ anvisningar på sidan

 

http://www.atribune.org/content/view/24/2/

 

skicka sen C:\vundofix.txt

 

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the

Scan for Vundo button." when VundoFix appears at reboot.

 

 

[jhn]

Im on to it! Editerar in loggen så fort programmet körts!

 

Edit: Så lång tid scannern tar :-(

[inlägget ändrat 2007-02-26 21:12:19 av jhn]

[jhn]

Sådär, här är loggen från Vundofix.txt:

 

 

[log]VundoFix V6.3.9

 

Checking Java version...

 

Sun Java not detected

Scan started at 20:22:46 2007-02-26

 

Listing files found while scanning....

 

C:\WINDOWS\system32\rrutv.bak1

C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\vturr.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\rrutv.bak1

C:\WINDOWS\system32\rrutv.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rrutv.ini

C:\WINDOWS\system32\rrutv.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vturr.dll

C:\WINDOWS\system32\vturr.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\vturr.dll

C:\WINDOWS\system32\vturr.dll Has been deleted!

 

Performing Repairs to the registry.

Done![/log]

 

---------------------------------------------------------------------

 

Jag kollade även en HiJackThis log, tyvärr verkar en qomkhhg.dll ligga kvar, som refererades till i mitt första inlägg där TeaTimer varnade. HiJackThis loggen ser ut såhär:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:38:40, on 2007-02-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Rensare\rensare.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - C:\WINDOWS\system32\vturr.dll (file missing)

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\qomkhhg.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: qomkhhg - C:\WINDOWS\SYSTEM32\qomkhhg.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

[/log]

 

 

[inlägget ändrat 2007-02-26 21:41:41 av jhn]

 

[inlägget ändrat 2007-02-27 09:41:11 av Anders N]

[jhn]

Och nu varnar TeaTime igen för att något vill göra dessa ändringar i registerfilerna:

 

2007-02-26 21:45:35 Denied value "{56D032E2-ACC6-4B5B-8B04-24BC0EC92F3A}" (new data: "") added in Browser Helper Object!

2007-02-26 21:45:35 Denied value "awvtu" (new data: "") added in Winlogon Notifiers!

 

Och HiJacThisLoggen har fått med något awvtu nu fast TeaTimer inte godkände registerförändringen...

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 21:49:14, on 2007-02-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Messenger\msmsgs.exe

C:\Program\Rensare\rensare.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {56D032E2-ACC6-4B5B-8B04-24BC0EC92F3A} - C:\WINDOWS\system32\awvtu.dll

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - C:\WINDOWS\system32\vturr.dll (file missing)

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\qomkhhg.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: awvtu - C:\WINDOWS\system32\awvtu.dll

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: qomkhhg - C:\WINDOWS\SYSTEM32\qomkhhg.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

 

[/log]

 

Är otroligt tacksam för hjälpen!

[inlägget ändrat 2007-02-26 21:59:50 av jhn]

[Cecilia]

Vi är tacksamma för om du när du har klistrat in en logg i ett svar markerar (målar) loggen och sedan trycker på LOG-knappen som finns på samma rad som i Besvara-fönstret.

 

[Zipp.]

 

Du har fortfarande 2 antivirus igång

 

Öppna Vundofix

Klicka på vita fältet och sen klicka Add more files?

Kopiera och klistra in dessa rader en i taget

 

C:\WINDOWS\system32\awvtu.dll

C:\WINDOWS\SYSTEM32\qomkhhg.dll

 

sen klicka på Add File(s)

klicka Close Window

klicka Remove Vundo

 

skicka sen loggen som kommer ut. = C:\vundofix.txt

 

 

[jhn]

Tack för ditt svar Zipp, jag sitter på kneget just nu men jag klipper in filen såfort jag är hemma. Detta blir ca kl 17.00!

 

[jhn]

Hej igen,

Då ska vi se, här är den nya Vundofix loggen, efter att jag adderat och kört bort de två sista filerna:

 

[log]VundoFix V6.3.9

 

Checking Java version...

 

Sun Java not detected

Scan started at 22:00:26 2007-02-26

 

Listing files found while scanning....

 

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\awvtu.dll

C:\WINDOWS\system32\awvtu.dll Could not be deleted.

 

Attempting to delete C:\WINDOWS\SYSTEM32\qomkhhg.dll

C:\WINDOWS\SYSTEM32\qomkhhg.dll Could not be deleted.

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\awvtu.dll

C:\WINDOWS\system32\awvtu.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\SYSTEM32\qomkhhg.dll

C:\WINDOWS\SYSTEM32\qomkhhg.dll Has been deleted!

 

Performing Repairs to the registry.

Done![/log]

 

[Zipp.]

 

Kanske finns mera filer man inte ser i Hijack loggen så:

 

Ladda ner Comboscan på Skrivbordet

 

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

 

Stäng alla öppna program och fönster.

Sen kör Comboscan och följ anvisningar.

Skicka loggar som kommer ut C:\ComboScan.txt och Supplementary.txt

 

Om din brandvägg varnar för sigcheck.exe så acceptera att den går ut på

 

[jhn]

ComboScan.txt:

 

[log]ComboScan v20070226.18 run by Johan & Sandra on 2007-02-27 at 17:42:02

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

Successfully created restore point.

Performed disk cleanup.

 

 

-- HijackThis (run as Johan & Sandra.exe) ---------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 17:42:16, on 2007-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Eset\nod32kui.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program\Messenger\msmsgs.exe

C:\Documents and Settings\Johan & Sandra\Skrivbord\comboscan.exe

C:\Program\Rensare\Johan & Sandra.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - C:\WINDOWS\system32\vturr.dll (file missing)

O2 - BHO: (no name) - {A00A84E3-58DD-4DCC-AB45-481984BA4BEF} - C:\WINDOWS\system32\awvtu.dll (file missing)

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\qomkhhg.dll (file missing)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

 

 

-- File Associations ------------------------------------------------------------

 

.bat - batfile - "%1" %*

.chm - chm.file - "C:\WINDOWS\hh.exe" %1

.cmd - cmdfile - "%1" %*

.com - comfile - "%1" %*

.exe - exefile - "%1" %*

.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1

.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1

.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1

.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*

.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}

.pif - piffile - "%1" %*

.reg - regfile - regedit.exe "%1"

.scr - scrfile - "%1" /S

.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1

.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

 

3R aeaudio - C:\WINDOWS\system32\drivers\aeaudio.sys

2R AMON - C:\WINDOWS\system32\drivers\amon.sys

3R Arp1394 (1394 ARP-klientprotokoll) - C:\WINDOWS\system32\drivers\arp1394.sys

3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys

1R AVG Anti-Spyware Driver - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.sys

1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys

3R b57w2k (Broadcom NetXtreme 57xx Gigabit Controller) - C:\WINDOWS\system32\drivers\b57xp32.sys

3R ctac32k (Creative AC3 Software Decoder) - C:\WINDOWS\system32\drivers\ctac32k.sys

3R ctaud2k (Creative Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\ctaud2k.sys

3S ctdvda2k (Creative DVD-Audio Device Driver) - C:\WINDOWS\system32\drivers\ctdvda2k.sys

3R ctprxy2k (Creative Proxy Driver) - C:\WINDOWS\system32\drivers\ctprxy2k.sys

3R ctsfm2k (Creative SoundFont Management Device Driver) - C:\WINDOWS\system32\drivers\ctsfm2k.sys

3R dot4 (MS IEEE-1284.4-drivrutin) - C:\WINDOWS\system32\drivers\Dot4.sys

3R Dot4Print (Utskriftsklassdrivrutin för IEEE-1284.4) - C:\WINDOWS\system32\drivers\Dot4Prt.sys

3R dot4usb (Dot4USB Filter Dot4USB Filter) - C:\WINDOWS\system32\drivers\Dot4usb.sys

3R dtscsi - C:\WINDOWS\system32\drivers\dtscsi.sys

3R emupia (E-mu Plug-in Architecture Driver) - C:\WINDOWS\system32\drivers\emupia2k.sys

1R ewido security suite driver - C:\Program\ewido\security suite\guard.sys

3R ha10kx2k (Creative Hardware Abstract Layer Driver) - C:\WINDOWS\system32\drivers\ha10kx2k.sys

3R hap16v2k (Creative P16V HAL Driver) - C:\WINDOWS\system32\drivers\hap16v2k.sys

3R hidusb (Microsoft HID-klassdrivrutin) - C:\WINDOWS\system32\drivers\hidusb.sys

3S i1 (eye-one monitor) - C:\WINDOWS\system32\drivers\i1.sys

0R iaStor (Intel RAID Controller) - C:\WINDOWS\system32\drivers\iaStor.sys

4S InCDFs (InCD File System) - C:\WINDOWS\system32\drivers\InCDFs.sys (not found)

1S InCDPass - C:\WINDOWS\system32\drivers\InCDPass.sys (not found)

1S InCDRm (InCD Reader) - C:\WINDOWS\system32\drivers\InCDRm.sys (not found)

1R intelppm (Intel-processordrivrutin) - C:\WINDOWS\system32\drivers\intelppm.sys

1R kbdhid (HID-drivrutin för tangentbord) - C:\WINDOWS\system32\drivers\kbdhid.sys

3R mouhid (HID-drivrutin för mus) - C:\WINDOWS\system32\drivers\mouhid.sys

3R NAVENG - C:\Program\Delade filer\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS

3R NAVEX15 - C:\Program\Delade filer\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS

3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys

1R nod32drv - C:\WINDOWS\system32\drivers\nod32drv.sys

3S Nokia USB Generic - C:\WINDOWS\system32\drivers\nmwcdc.sys

3S Nokia USB Modem - C:\WINDOWS\system32\drivers\nmwcdcm.sys

3S Nokia USB Phone Parent - C:\WINDOWS\system32\drivers\nmwcd.sys

0R ohci1394 (OHCI-kompatibel IEEE 1394-värdstyrenhet) - C:\WINDOWS\system32\drivers\ohci1394.sys

1R OMCI - C:\WINDOWS\system32\drivers\omci.sys

3R ossrv (Creative OS Services Driver) - C:\WINDOWS\system32\drivers\ctoss2k.sys

2R PfModNT - C:\WINDOWS\system32\drivers\pfmodnt.sys

0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys

3R ROOTMODEM (Microsoft Legacy Modem Driver) - C:\WINDOWS\system32\drivers\rootmdm.sys

3R SAVRT - C:\Program\Norton Internet Security\Norton AntiVirus\savrt.sys

1R SAVRTPEL - C:\Program\Norton Internet Security\Norton AntiVirus\savrtpel.sys

3R smwdm - C:\WINDOWS\system32\drivers\smwdm.sys

3S SONYPVU1 (Sony USB Filter Driver (SONYPVU1)) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS

0R sptd - C:\WINDOWS\system32\drivers\sptd.sys

0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys

0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys

0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys

3S SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys

3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys

3R SymEvent - C:\Program\Symantec\SYMEVENT.SYS

3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys

3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys

3R SYMIDSCO - C:\Program\Delade filer\Symantec Shared\SymcData\idsdefs\20070222.002\SymIDSco.sys

3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys

3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys

1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys

0R Teefer (Teefer for NT) - C:\WINDOWS\system32\drivers\Teefer.sys

3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys

3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys

3S USBSTOR (Drivrutin för USB-masslagringsenheter) - C:\WINDOWS\system32\drivers\USBSTOR.SYS

2R wg3n (SyGate for NT, wg3n) - C:\WINDOWS\system32\drivers\wg3n.sys

2R wg4n (SyGate for NT, wg4n) - C:\WINDOWS\system32\drivers\wg4n.sys

2R wg5n (SyGate for NT, wg5n) - C:\WINDOWS\system32\drivers\wg5n.sys

2R wg6n (SyGate for NT, wg6n) - C:\WINDOWS\system32\drivers\wg6n.sys

1R wpsdrvnt - C:\WINDOWS\system32\drivers\wpsdrvnt.sys

1R WS2IFSL (Stödmiljö för Windows Socket 2.0 Icke-IFS-tjänstprovider) - C:\WINDOWS\system32\drivers\ws2ifsl.sys

3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys

3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

3S Adobe LM Service - "C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe"

2R Adobe Version Cue CS2 - "C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service

2R Ati HotKey Poller - C:\WINDOWS\System32\Ati2evxx.exe

2S ATI Smart - C:\WINDOWS\system32\ati2sgag.exe

3S Autocomplete (AutoComplete Service) - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

2R AVG Anti-Spyware Guard - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

2R ccEvtMgr (Symantec Event Manager) - "C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe"

2R ccProxy (Symantec Network Proxy) - "C:\Program\Delade filer\Symantec Shared\ccProxy.exe"

3S ccPwdSvc (Symantec Password Validation) - "C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe"

2R ccSetMgr (Symantec Settings Manager) - "C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe"

2R Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe

2R ewido security suite control - C:\Program\ewido\security suite\ewidoctrl.exe

4S ewido security suite guard - C:\Program\ewido\security suite\ewidoguard.exe

3S FLEXnet Licensing Service - "C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"

2R HP Status Print - C:\WINDOWS\system32\hpbhksrv.exe

2R HP Status - C:\WINDOWS\system32\hpb2ksrv.exe

3S IDriverT (InstallDriver Table Manager) - "C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe"

2R navapsvc (Norton AntiVirus Auto Protect-tjänst) - "C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe"

2R NOD32krn (NOD32 Kernel Service) - "C:\Program\Eset\nod32krn.exe"

3S ose (Office Source Engine) - "C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE"

3R SAVScan - "C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe"

2S SBService (ScriptBlocking Service) - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

2R SmcService (Sygate Personal Firewall) - C:\Program\Sygate\SPF\smc.exe

2R SNDSrvc (Symantec Network Drivers Service) - "C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe"

2R spkrmon - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

2R SymWSC (SymWMI Service) - "C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe"

2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

2R WinDefend (Windows Defender) - "C:\Program\Windows Defender\MsMpEng.exe"

2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe

 

 

-- Scheduled Tasks --------------------------------------------------------------

 

2007-02-27 17:32:54 318 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>

2007-02-27 17:18:08 406 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>

2007-02-12 16:42:09 1910 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job<WRSPYS~1.JOB>

2007-02-09 20:00:00 576 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn.job<NORTON~1.JOB>

 

 

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

 

2007-02-26 21:44:07 476434 ---hs---- C:\WINDOWS\system32\utvwa.bak1<UTVWA~1.BAK>

2007-02-26 20:22:46 0 d-------- C:\VundoFix Backups<VUNDOF~1>

2007-02-26 20:11:19 0 d-------- C:\Program\Rensare

2007-02-20 20:03:55 298104 --a------ C:\WINDOWS\system32\imon.dll

2007-02-20 20:03:55 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-02-20 20:03:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-02-15 20:37:49 0 d-------- C:\Program\Windows Defender<WINDOW~4>

2007-02-15 19:45:23 0 d-------- C:\WINDOWS\pss

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

 

 

-- Find3M Report ----------------------------------------------------------------

 

2007-02-27 17:29:55 0 d-------- C:\Program\Delade filer<DELADE~1>

2007-02-27 17:28:27 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-10031102}.dat<DVCSTA~2.DAT>

2007-02-27 17:28:27 288 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000000-00001102-00000004-10031102}.dat<DVCSTA~1.DAT>

2007-02-27 17:17:14 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\Skype

2007-02-26 20:17:26 0 d-------- C:\Program\Delade filer\Symantec Shared<SYMANT~1>

2007-02-26 18:48:47 0 d-------- C:\Program\Mozilla Firefox<MOZILL~1>

2007-02-21 19:20:49 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\Azureus

2007-02-17 14:55:21 0 d-------- C:\Program\Delade filer\Microsoft Shared<MICROS~1>

2007-01-16 21:35:50 0 d-------- C:\Program\Joost

2007-01-16 21:33:39 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\The Venice Project (Baaima N.V.)<THEVEN~1.)>

2007-01-14 20:34:34 0 d-------- C:\Program\Grisoft

2007-01-14 20:29:54 0 d-------- C:\Program\a-squared Free<A-SQUA~1>

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll

2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-12-29 18:10:28 533 --a------ C:\WINDOWS\eReg.dat

2006-12-29 18:06:32 0 d--h----- C:\Program\InstallShield Installation Information<INSTAL~1>

2006-12-29 12:25:57 0 d-------- C:\Program\MusicForMasses<MUSICF~1>

2006-12-28 19:16:47 0 d-------- C:\Program\TPTEST5

2006-12-28 14:06:08 0 d-------- C:\Program\Symantec

2006-12-27 14:42:06 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\dvdcss

2006-12-19 22:51:09 134656 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:38 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

2006-11-27 15:55:51 433152 --a------ C:\WINDOWS\system32\riched20.dll

2006-11-27 15:55:51 539136 --a------ C:\WINDOWS\system32\msftedit.dll

 

 

-- Registry Dump ----------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Skype"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

"SpybotSD TeaTimer"="\"C:\\Program\\Spybot - Search & Destroy\\TeaTimer.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"CTSysVol"="\"C:\\Program\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe\""

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"MICROSFT ANTIVIRUS UPDATE SUPPORT"="MSGUPDATED.EXE"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"URLLSTCK.exe"="\"C:\\Program\\Norton Internet Security\\UrlLstCk.exe\""

"Symantec NetDriver Monitor"="\"C:\\Program\\SYMNET~1\\SNDMon.exe\" /Consumer"

"SmcService"="\"C:\\Program\\Sygate\\SPF\\smc.exe\" -startgui"

"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"AsioReg"="\"REGSVR32.EXE\" /S CTASIO.DLL"

"Adobe Version Cue CS2"="C:\\Program\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe"

"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"MICROSFT ANTIVIRUS UPDATE SUPPORT"="MSGUPDATED.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Acrobat Speed Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-7760-000000000003}\\_SC_Acrobat.exe "

"item"="Adobe Acrobat Speed Launcher"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Synchronizer.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Acrobat Synchronizer.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Synchronizer.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~2.0\\Acrobat\\ADOBEC~1.EXE "

"item"="Adobe Acrobat Synchronizer"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logo Calibration loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Logo Calibration loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Logo Calibration loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\GRETAG~1\\i1\\CALIBR~1\\CALIBR~1.EXE -DoSilentCalibration"

"item"="Logo Calibration loader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acrotray"

"hkey"="HKLM"

"command"="\"C:\\Program\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="VersionCueCS2Tray"

"hkey"="HKLM"

"command"="C:\\Program\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NMBgMonitor"

"hkey"="HKCU"

"command"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTDVDDet"

"hkey"="HKLM"

"command"="C:\\Program\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTHELPER"

"hkey"="HKLM"

"command"="CTHELPER.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="daemon"

"hkey"="HKLM"

"command"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DataLayer"

"hkey"="HKLM"

"command"="\"C:\\Program\\Delade filer\\PCSuite\\DataLayer\\DataLayer.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LaunchApplication"

"hkey"="HKLM"

"command"="\"C:\\Program\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -onlytray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PcSync2"

"hkey"="HKCU"

"command"="\"C:\\Program\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" /NoDialog"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="/L:ENG"

"hkey"="HKCU"

"command"="/L:ENG"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SpySweeperUI"

"hkey"="HKLM"

"command"="\"C:\\Program\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="spftray"

"hkey"="HKLM"

"command"="C:\\Program\\SPYWAREfighter\\spftray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

"{C47A9554-195A-4769-9B13-04F15B450A39}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Controls Folder

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

-- End of ComboScan: finished at 2007-02-27 at 17:42:41 -------------------------

 

[/log]

 

Sedan har vi Supplementary.txt:

 

[log]ComboScan v20070226.18 run by Johan & Sandra on 2007-02-27 at 17:42:02

Supplementary logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information -----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Swedish

 

CPU 0: Intel® Pentium® 4 CPU 3.40GHz

Percentage of Memory in Use: 55%

Physical Memory (total/avail): 1022.09 MiB / 453.18 MiB

Pagefile Memory (total/avail): 2971.63 MiB / 2423.36 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1989.4 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 232.82 GiB total, 88.05 GiB free.

D: is CDROM (No Media)

E: is CDROM (No Media)

F: is CDROM (No Media)

 

 

-- Security Center --------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

AntiVirusDisableNotify is set.

FirewallDisableNotify is set.

 

FW: Norton Internet Security v2004 (Symantec Corporation)

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)

AV: Norton AntiVirus v2004 (Symantec Corporation)

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

 

 

-- Environment Variables --------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Johan & Sandra\Application Data

CLASSPATH=C:\Program\Java\jre1.5.0_05\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=JOHANSANDRA

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Johan & Sandra

LOGONSERVER=\\JOHANSANDRA

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\ATI Technologies\ATI Control Panel;C:\Program\QuickTime\QTSystem\;C:\Program\Delade filer\Adobe\AGL

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0304

ProgramFiles=C:\Program

PROMPT=$P$G

QTJAVA=C:\Program\Java\jre1.5.0_05\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\JOHAN&~1\LOKALA~1\Temp

TMP=C:\DOCUME~1\JOHAN&~1\LOKALA~1\Temp

USERDOMAIN=JOHANSANDRA

USERNAME=Johan & Sandra

USERPROFILE=C:\Documents and Settings\Johan & Sandra

windir=C:\WINDOWS

 

 

-- User Profiles ----------------------------------------------------------------

 

Johan & Sandra (admin)

Administratör (admin)

 

 

-- Add/Remove Programs ----------------------------------------------------------

 

 

 

-- End of ComboScan: finished at 2007-02-27 at 17:42:41 -------------------------

 

[/log]

 

Sorry för dubbla antivirus, tog in nod32 precis och det autostartar varje gång och jag glömer stänga ner

 

[Zipp.]

Du kan avinstallera Ewido

Stäng av = Spybot - Search & Destroy\TeaTimer.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - C:\WINDOWS\system32\vturr.dll (file missing)

O2 - BHO: (no name) - {A00A84E3-58DD-4DCC-AB45-481984BA4BEF} - C:\WINDOWS\system32\awvtu.dll (file missing)

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - C:\WINDOWS\system32\qomkhhg.dll (file missing)

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

 

starta sen i felsäkert läge och ta bort

 

MSGUPDATED.EXE < kanske inte hittas

C:\WINDOWS\system32\utvwa.bak1

 

starta sen normalt och skicka en ny logg.[/log]

 

[jhn]

Dessvärre hittade jag varken MSGUPDATED.exe eller utvwa.bakl i felsäkert läge alltså raderaes ingen av dessa :-(

 

Här har vi ComboScanloggen, den andra loggen visades ej:

 

[log]ComboScan v20070226.18 run by Johan & Sandra on 2007-02-27 at 18:34:16

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Johan & Sandra.exe) ---------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 18:34:27, on 2007-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Johan & Sandra\Skrivbord\comboscan.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Rensare\JOHAN&~1.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - (no file)

O2 - BHO: (no name) - {A00A84E3-58DD-4DCC-AB45-481984BA4BEF} - (no file)

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

 

 

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

 

2007-02-26 21:44:07 476434 ---hs---- C:\WINDOWS\system32\utvwa.bak1<UTVWA~1.BAK>

2007-02-26 20:22:46 0 d-------- C:\VundoFix Backups<VUNDOF~1>

2007-02-26 20:11:19 0 d-------- C:\Program\Rensare

2007-02-20 20:03:55 298104 --a------ C:\WINDOWS\system32\imon.dll

2007-02-20 20:03:55 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-02-20 20:03:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-02-15 20:37:49 0 d-------- C:\Program\Windows Defender<WINDOW~4>

2007-02-15 19:45:23 0 d-------- C:\WINDOWS\pss

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

 

 

-- Find3M Report ----------------------------------------------------------------

 

2007-02-27 18:31:49 0 d-------- C:\Program\Delade filer<DELADE~1>

2007-02-27 18:21:55 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-10031102}.dat<DVCSTA~2.DAT>

2007-02-27 18:21:55 288 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000000-00001102-00000004-10031102}.dat<DVCSTA~1.DAT>

2007-02-27 18:12:26 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\Azureus

2007-02-27 17:52:06 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\Skype

2007-02-26 20:17:26 0 d-------- C:\Program\Delade filer\Symantec Shared<SYMANT~1>

2007-02-26 18:48:47 0 d-------- C:\Program\Mozilla Firefox<MOZILL~1>

2007-02-17 14:55:21 0 d-------- C:\Program\Delade filer\Microsoft Shared<MICROS~1>

2007-01-16 21:35:50 0 d-------- C:\Program\Joost

2007-01-16 21:33:39 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\The Venice Project (Baaima N.V.)<THEVEN~1.)>

2007-01-14 20:34:34 0 d-------- C:\Program\Grisoft

2007-01-14 20:29:54 0 d-------- C:\Program\a-squared Free<A-SQUA~1>

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll

2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-12-29 18:10:28 533 --a------ C:\WINDOWS\eReg.dat

2006-12-29 18:06:32 0 d--h----- C:\Program\InstallShield Installation Information<INSTAL~1>

2006-12-29 12:25:57 0 d-------- C:\Program\MusicForMasses<MUSICF~1>

2006-12-28 19:16:47 0 d-------- C:\Program\TPTEST5

2006-12-28 14:06:08 0 d-------- C:\Program\Symantec

2006-12-27 14:42:06 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\dvdcss

2006-12-19 22:51:09 134656 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:38 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

2006-11-27 15:55:51 433152 --a------ C:\WINDOWS\system32\riched20.dll

2006-11-27 15:55:51 539136 --a------ C:\WINDOWS\system32\msftedit.dll

 

 

-- Registry Dump ----------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Skype"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

"SpybotSD TeaTimer"="\"C:\\Program\\Spybot - Search & Destroy\\TeaTimer.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"CTSysVol"="\"C:\\Program\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe\""

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"URLLSTCK.exe"="\"C:\\Program\\Norton Internet Security\\UrlLstCk.exe\""

"Symantec NetDriver Monitor"="\"C:\\Program\\SYMNET~1\\SNDMon.exe\" /Consumer"

"SmcService"="\"C:\\Program\\Sygate\\SPF\\smc.exe\" -startgui"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"AsioReg"="\"REGSVR32.EXE\" /S CTASIO.DLL"

"Adobe Version Cue CS2"="C:\\Program\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe"

"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"

"MICROSFT ANTIVIRUS UPDATE SUPPORT"="MSGUPDATED.EXE"

"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]

"MICROSFT ANTIVIRUS UPDATE SUPPORT"="MSGUPDATED.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Acrobat Speed Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-7760-000000000003}\\_SC_Acrobat.exe "

"item"="Adobe Acrobat Speed Launcher"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Synchronizer.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Acrobat Synchronizer.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Synchronizer.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~2.0\\Acrobat\\ADOBEC~1.EXE "

"item"="Adobe Acrobat Synchronizer"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logo Calibration loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Logo Calibration loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Logo Calibration loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\GRETAG~1\\i1\\CALIBR~1\\CALIBR~1.EXE -DoSilentCalibration"

"item"="Logo Calibration loader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acrotray"

"hkey"="HKLM"

"command"="\"C:\\Program\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="VersionCueCS2Tray"

"hkey"="HKLM"

"command"="C:\\Program\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NMBgMonitor"

"hkey"="HKCU"

"command"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTDVDDet"

"hkey"="HKLM"

"command"="C:\\Program\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTHELPER"

"hkey"="HKLM"

"command"="CTHELPER.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="daemon"

"hkey"="HKLM"

"command"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DataLayer"

"hkey"="HKLM"

"command"="\"C:\\Program\\Delade filer\\PCSuite\\DataLayer\\DataLayer.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LaunchApplication"

"hkey"="HKLM"

"command"="\"C:\\Program\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -onlytray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PcSync2"

"hkey"="HKCU"

"command"="\"C:\\Program\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" /NoDialog"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="/L:ENG"

"hkey"="HKCU"

"command"="/L:ENG"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SpySweeperUI"

"hkey"="HKLM"

"command"="\"C:\\Program\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="spftray"

"hkey"="HKLM"

"command"="C:\\Program\\SPYWAREfighter\\spftray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

"{C47A9554-195A-4769-9B13-04F15B450A39}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Controls Folder

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

-- End of ComboScan: finished at 2007-02-27 at 18:34:49 -------------------------

 

[/log]

 

[Zipp.]

 

Du måste stänga av Spybot - Search & Destroy\TeaTimer.exe

före du fixar rader från loggen,annars hindrar den och rader försvinner inte

Stäng av Spy Sweeper också

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - (no file)

O2 - BHO: (no name) - {A00A84E3-58DD-4DCC-AB45-481984BA4BEF} - (no file)

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)

O4 - HKLM\..\Run: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunServices: [MICROSFT ANTIVIRUS UPDATE SUPPORT] MSGUPDATED.EXE

 

sen i Hijack

Open the Misc Tools section

Delete a file on reboot

 

sen kopiera hela raden nedan

 

C:\WINDOWS\system32\utvwa.bak1

 

och klistra in i Filnamnfältet...öppna den och svara ja och starta om datorn.

Skicka en ny logg efter det.[/log]

 

[jhn]

Aha, det var nog TeaTimer när jag bootade om som var problemet, det var jag som deniade förändringarna :-) Dock trodde jag att det var filerna som försökte reparera sig själva :-)

 

Här är ComboScanloggen igen:

 

[log]ComboScan v20070226.18 run by Johan & Sandra on 2007-02-27 at 18:58:15

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Johan & Sandra.exe) ---------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 18:58:43, on 2007-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Documents and Settings\Johan & Sandra\Skrivbord\comboscan.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Rensare\JOHAN&~1.EXE

C:\Program\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - (no file)

O2 - BHO: (no name) - {A00A84E3-58DD-4DCC-AB45-481984BA4BEF} - (no file)

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [spySweeper] "C:\Program\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

 

 

-- Files created between 2007-01-27 and 2007-02-27 ------------------------------

 

2007-02-26 20:22:46 0 d-------- C:\VundoFix Backups<VUNDOF~1>

2007-02-26 20:11:19 0 d-------- C:\Program\Rensare

2007-02-20 20:03:55 298104 --a------ C:\WINDOWS\system32\imon.dll

2007-02-20 20:03:55 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys

2007-02-20 20:03:54 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys

2007-02-15 20:37:49 0 d-------- C:\Program\Windows Defender<WINDOW~4>

2007-02-15 19:45:23 0 d-------- C:\WINDOWS\pss

2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe

 

 

-- Find3M Report ----------------------------------------------------------------

 

2007-02-27 18:57:08 0 d-------- C:\Program\Delade filer<DELADE~1>

2007-02-27 18:55:41 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000000-00001102-00000004-10031102}.dat<DVCSTA~2.DAT>

2007-02-27 18:55:41 288 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000000-00001102-00000004-10031102}.dat<DVCSTA~1.DAT>

2007-02-27 18:55:11 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\Skype

2007-02-27 18:12:26 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\Azureus

2007-02-26 20:17:26 0 d-------- C:\Program\Delade filer\Symantec Shared<SYMANT~1>

2007-02-26 18:48:47 0 d-------- C:\Program\Mozilla Firefox<MOZILL~1>

2007-02-17 14:55:21 0 d-------- C:\Program\Delade filer\Microsoft Shared<MICROS~1>

2007-01-16 21:35:50 0 d-------- C:\Program\Joost

2007-01-16 21:33:39 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\The Venice Project (Baaima N.V.)<THEVEN~1.)>

2007-01-14 20:34:34 0 d-------- C:\Program\Grisoft

2007-01-14 20:29:54 0 d-------- C:\Program\a-squared Free<A-SQUA~1>

2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll

2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>

2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll

2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll

2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll

2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll

2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll

2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll

2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll

2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll

2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll

2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll

2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll

2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll

2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll

2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe

2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe

2006-12-29 18:10:28 533 --a------ C:\WINDOWS\eReg.dat

2006-12-29 18:06:32 0 d--h----- C:\Program\InstallShield Installation Information<INSTAL~1>

2006-12-29 12:25:57 0 d-------- C:\Program\MusicForMasses<MUSICF~1>

2006-12-28 19:16:47 0 d-------- C:\Program\TPTEST5

2006-12-28 14:06:08 0 d-------- C:\Program\Symantec

2006-12-27 14:42:06 0 d-------- C:\Documents and Settings\Johan & Sandra\Application Data\dvdcss

2006-12-19 22:51:09 134656 --a------ C:\WINDOWS\system32\shsvcs.dll

2006-12-19 19:18:38 333824 --a------ C:\WINDOWS\system32\wiaservc.dll

2006-11-27 15:55:51 433152 --a------ C:\WINDOWS\system32\riched20.dll

2006-11-27 15:55:51 539136 --a------ C:\WINDOWS\system32\msftedit.dll

 

 

-- Registry Dump ----------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Skype"="\"C:\\Program\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

"SpybotSD TeaTimer"="\"C:\\Program\\Spybot - Search & Destroy\\TeaTimer.exe\""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ATIPTA"="\"C:\\Program\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

"CTSysVol"="\"C:\\Program\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe\""

"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"

"ccApp"="\"C:\\Program\\Delade filer\\Symantec Shared\\ccApp.exe\""

"URLLSTCK.exe"="\"C:\\Program\\Norton Internet Security\\UrlLstCk.exe\""

"Symantec NetDriver Monitor"="\"C:\\Program\\SYMNET~1\\SNDMon.exe\" /Consumer"

"SmcService"="\"C:\\Program\\Sygate\\SPF\\smc.exe\" -startgui"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"AsioReg"="\"REGSVR32.EXE\" /S CTASIO.DLL"

"Adobe Version Cue CS2"="\"C:\\Program\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""

"nod32kui"="\"C:\\Program\\Eset\\nod32kui.exe\" /WAITSERVICE"

"SpySweeper"="\"C:\\Program\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Speed Launcher.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Acrobat Speed Launcher.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-F400-7760-000000000003}\\_SC_Acrobat.exe "

"item"="Adobe Acrobat Speed Launcher"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Acrobat Synchronizer.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Acrobat Synchronizer.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Synchronizer.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~2.0\\Acrobat\\ADOBEC~1.EXE "

"item"="Adobe Acrobat Synchronizer"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Gamma.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Gamma.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\DELADE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "

"item"="Adobe Gamma"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Adobe Reader Speed Launch.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Adobe Reader Speed Launch.lnk"

"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logo Calibration loader.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Logo Calibration loader.lnk"

"backup"="C:\\WINDOWS\\pss\\Logo Calibration loader.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\GRETAG~1\\i1\\CALIBR~1\\CALIBR~1.EXE -DoSilentCalibration"

"item"="Logo Calibration loader"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"=""

"hkey"="HKLM"

"command"=""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Acrotray"

"hkey"="HKLM"

"command"="\"C:\\Program\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="VersionCueCS2Tray"

"hkey"="HKLM"

"command"="C:\\Program\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NMBgMonitor"

"hkey"="HKCU"

"command"="\"C:\\Program\\Delade filer\\Ahead\\lib\\NMBgMonitor.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTDVDDet"

"hkey"="HKLM"

"command"="C:\\Program\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTHELPER"

"hkey"="HKLM"

"command"="CTHELPER.EXE"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="daemon"

"hkey"="HKLM"

"command"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DataLayer"

"hkey"="HKLM"

"command"="\"C:\\Program\\Delade filer\\PCSuite\\DataLayer\\DataLayer.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="LaunchApplication"

"hkey"="HKLM"

"command"="\"C:\\Program\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -onlytray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="PcSync2"

"hkey"="HKCU"

"command"="\"C:\\Program\\Nokia\\Nokia PC Suite 6\\PcSync2.exe\" /NoDialog"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="/L:ENG"

"hkey"="HKCU"

"command"="/L:ENG"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SpySweeperUI"

"hkey"="HKLM"

"command"="\"C:\\Program\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarefighterguard]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="spftray"

"hkey"="HKLM"

"command"="C:\\Program\\SPYWAREfighter\\spftray.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="jusched"

"hkey"="HKLM"

"command"="C:\\Program\\Java\\jre1.5.0_05\\bin\\jusched.exe"

"inimapping"="0"

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

"{C47A9554-195A-4769-9B13-04F15B450A39}"=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

"ALUAlert"="C:\\Program\\Symantec\\LiveUpdate\\ALUNotify.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableRegistryTools"=dword:00000000

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Controls Folder

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

 

-- End of ComboScan: finished at 2007-02-27 at 18:59:27 -------------------------

 

[/log]

 

[Zipp.]

Stäng av dessa program och aktivera dom inte före loggen är ok.

 

TeaTimer.exe

Spy Sweeper

Windows Defender

AVG Anti-Spyware 7.5\guard.exe

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

[log]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

O2 - BHO: (no name) - {95C1C594-F35B-4970-BE57-6C66D45E4D0A} - (no file)

O2 - BHO: (no name) - {A00A84E3-58DD-4DCC-AB45-481984BA4BEF} - (no file)

O2 - BHO: (no name) - {C47A9554-195A-4769-9B13-04F15B450A39} - (no file)

 

starta om datorn efter det och skicka en ny Hijack logg inte comboscan logg.[/log]

 

[inlägget ändrat 2007-02-27 19:12:27 av Zipp.]

[jhn]

Vad jag vet har jag inte defender, avg och spy sweeper igång? Hur kan jag stänga av dem om jag inte ser dem?

 

[Zipp.]

 

Testa att starta datorn i felsäkert läge och sen bocka i och fixa rader jag nämde.

Starta normalt efter det och skicka en ny Hijack logg.

 

[jhn]

Tack för hjälpen, nu ser HiJackThisloggen lite bättre ut!

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 19:31:21, on 2007-02-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Sygate\SPF\smc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\Program\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\hpb2ksrv.exe

C:\WINDOWS\system32\hpbhksrv.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Eset\nod32krn.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Analog Devices\SoundMAX\spkrmon.exe

C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

C:\Program\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Rensare\rensare.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CTSysVol] "C:\Program\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] "C:\Program\Norton Internet Security\UrlLstCk.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] "C:\Program\SYMNET~1\SNDMon.exe" /Consumer

O4 - HKLM\..\Run: [smcService] "C:\Program\Sygate\SPF\smc.exe" -startgui

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program\Spybot - Search & Destroy\TeaTimer.exe"

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program\Internet Explorer\Plugins\Drowse\MouseGestures.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://t2fleming.tele2.se/iNotes6W.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20060104/qtinstall.info.apple.com/snape/us/win/QuickTimeInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1131660066171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131660464578

O20 - Winlogon Notify: Controls Folder - C:\WINDOWSO20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program\Acesoft\Tracks Eraser Pro\autocomp.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\system32\hpb2ksrv.exe

O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\system32\hpbhksrv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program\Sygate\SPF\smc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: spkrmon - Unknown owner - C:\Program\Analog Devices\SoundMAX\spkrmon.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\SpySweeper.exe

 

[/log]

 

Återigen, tack för din tid och hjälp!

 

[Zipp.]

 

Nu är loggen ok men du har forfarande bägge igång

Nod32 och Norton

 

[jhn]

Asg, jag ska se till att nod32 inte startar vid uppstart.

menar du alltså att allt är klappat och klart nu? Inga andra suspekta saker ditt tränade öga kan se i loggarna? :-)

 

[Zipp.]

 

> menar du alltså att allt är klappat och klart nu? <

 

Ja... och dessa kan du ta bort i registret följ sökvägar och ta bort

 

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversi

on\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversi

on\run]

"Windows Update 32"="IEXPLORE.exe"

"krwk"="C:\\Program\\DELADE~1\\krwk\\krwkm.exe"

 

 

[jhn]

Underbart! Ett otroligt stort tack för hjälpen Zipp. En sten lossnade från mina axlar! Tack!