Oidentifirerat program.

[Stoffes]

Hej

 

Jag har läst om problemen angående windows brandväggen som har ett oidentifierat program.

 

Själv stöt på det problemet på min dator, men det verkar inte likna dom andras problem, för att jag kommer åt brandväggs inställningarna efter ett par minuter och internet och nätverket fungerar bra.

 

Så att jag får då allså samma meddelanden som alla andra.

Skickar med en log i från Hijack this:

 

[log]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 20:20:03, on 2007-05-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\PowerKey.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\OSDCtrl.exe

C:\Program\Launch Manager\Wbutton.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program\Multimedia Card Reader\shwicon2k.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Huawei technologies\Huawei UMTS Data Card\HUAWEI 3G Data Card.exe

C:\Program\BitTorrent\bittorrent.exe

C:\Program\Alwil Software\Avast4\ashSimpl.exe

C:\Documents and Settings\Stoffe\Skrivbord\Nedladdat\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Program\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [tvjbmonitor] C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_11\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt135YYSE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Keep my net clean.org - {F12F48EE-7575-4a05-8957-E207557670C8} - C:\Program\Keep my Net Clean.org\kmnc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D63002-767F-4DDB-A13A-E80689133A38}: NameServer = 10.0.0.1 10.0.0.2

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

 

--

End of file - 9909 bytes

[/log]

 

Tacksam för svar.

 

[Cecilia]

Det är viktigt att programmet HiJackThis_v2 ligger i sin egen mapp så att dess säkerhetskopior inte kommer bort. Skapa en ny mapp, t ex C:\HjT, och flytta programfilen HiJackThis_v2.exe dit från Skrivbord\Nedladdat.

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt135YYSE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/Smiley

CentralFWBInitialSetup1.0.0.15.cab

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Hjälpte det mot ditt problem? Om inte så förklara bättre för jag förstod inte mycket.

 

[Stoffes]

Jag har gjort som du har skrivit, och dom objekten som du har skrivit här nu borta.

 

Ja det kanske blev lite hastig och lustigt. Så vi ska se om detta blir lite bättre.

 

Det är så att jag har kollat några forum angående de här, men som ja sa tidigare så verkar det inte stämma in på det jag har ett ex på detta forum är: //eforum.idg.se/viewmsg.asp?EntriesId=878058#878260.

 

Och det meddelande jag får av windows är att brandväggen är inte aktiv, men det sker endast under ett par sekunder eller en minut högst, detta sker i starten av datorn.

 

Är det mer information ni vill ha för att försöka lösa detta så säg gärna till.

 

[Cecilia]

Vad är det för Startmetod för tjänsten Windows Firewall/Internet Connection Sharing (ICS)?

 

Kommer det något fel i Loggboken i samtidigt som felmeddelandet om brandväggen kommer?

 

Installera ett bra antispionprogram http://www.superantispyware.com/

 

Skanna datorn online på dessa ställen:

http://www.ewido.net/en/onlinescan/ (antispionprogram)

http://www.kaspersky.com/virusscanner (antivirusprogram)

Spara loggar och klistra in i ditt svar.

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här, samt en ny HijackThis-logg. Hur länge har du haft detta problem med brandväggen?

 

 

[Stoffes]

Ja nu ska vi se... De här me ICS där är startmetoden automatisk.

 

Och hur länge jag har haft prolemet är lite svårt och säga men lite över en månad i alla fall, jag orkade inte göra nåt då, men nu är det bara irriterande.

 

 

Här kommer loggarna från dom olika programmen:

 

 

[log]

"Stoffe" - 2007-05-15 20:45:06 Service Pack 2

ComboFix 07-05.13.V - Running from: "C:\Program\Mozilla Firefox\"

 

 

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\autorun.inf

 

 

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\nm

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))

 

 

2007-05-10 21:56 <KAT> d-------- C:\Hijack this

2007-05-08 21:55 <KAT> d-------- C:\Program\Microsoft Windows Vista Upgrade Advisor

2007-05-08 20:49 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation

2007-04-29 22:25 <KAT> d-------- C:\Program\ReflexiveArcade

2007-04-29 22:25 <KAT> d-------- C:\Program\Gutterball 2

2007-04-28 13:01 <KAT> d-------- C:\Program\18 WoS Pedal to the Metal

2007-04-24 23:04 <KAT> d-------- C:\Program\Keep my Net Clean.org

2007-04-21 15:18 <KAT> d-------- C:\Program\mIRC

2007-04-19 22:23 <KAT> d-a------ C:\aircrack-ng-0.6.2-win

2007-04-15 20:23 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2007-04-15 12:53 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys

2007-04-15 12:53 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys

2007-04-15 12:52 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys

2007-04-15 12:51 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys

2007-04-15 12:49 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys

2007-04-15 12:49 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys

2007-04-15 12:49 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys

2007-04-15 12:49 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys

2007-04-15 12:48 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys

2007-04-15 12:48 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys

2007-04-15 12:48 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Ewh.sys

2007-04-15 12:42 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\Documents

2007-04-15 12:41 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-04-30 15:41:55 85,952 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-04-26 20:13:20 85,724 ----a-w C:\WINDOWS\system32\perfc01D.dat

2007-04-26 20:13:20 465,842 ----a-w C:\WINDOWS\system32\perfh01D.dat

2007-04-25 01:03:41 -------- d-----w C:\DOCUME~1\Stoffe\APPLIC~1\BitTorrent

2007-04-15 18:22:58 5,099 ----a-w C:\WINDOWS\mozver.dat

2007-04-15 10:42:33 -------- d-----w C:\Program\Delade filer\Teleca Shared

2007-04-15 10:41:56 -------- d-----w C:\Program\Sony Ericsson

2007-04-01 12:15:32 -------- d-----w C:\DOCUME~1\Stoffe\APPLIC~1\SecondLife

2007-03-29 20:41:54 -------- d-----w C:\Program\Ashampoo

2007-03-24 18:10:21 -------- d-----w C:\DOCUME~1\Stoffe\APPLIC~1\Sierra

2007-03-24 17:48:17 -------- d--h--w C:\Program\InstallShield Installation Information

2007-03-24 12:19:49 18,275 ----a-w C:\WINDOWS\War3Unin.dat

2007-03-24 12:19:46 2,829 ----a-w C:\WINDOWS\War3Unin.pif

2007-03-24 12:19:45 126,976 ----a-w C:\WINDOWS\War3Unin.exe

2007-03-21 21:52:00 -------- d-----w C:\Program\iTunes

2007-03-21 21:51:47 -------- d-----w C:\Program\iPod

2007-03-21 21:50:11 -------- d-----w C:\Program\QuickTime

2007-03-21 21:48:32 -------- d-----w C:\Program\Apple Software Update

2007-03-18 14:46:25 -------- d-----w C:\Program\Bonjour

2007-03-18 14:45:41 -------- d-----w C:\Program\Kodak

2007-03-18 14:44:22 -------- d-----w C:\Program\Delade filer\Kodak

2007-03-17 13:45:59 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-13 19:20:50 -------- d-----w C:\Program\BitTorrent

2007-03-10 16:46:21 -------- d-----w C:\Program\Windows Media Connect 2

2007-03-08 20:25:40 -------- d-----w C:\DOCUME~1\Stoffe\APPLIC~1\AVSMedia

2007-03-08 20:25:25 -------- d-----w C:\Program\Delade filer\AVSMedia

2007-03-08 20:23:41 -------- d-----w C:\Program\AVSMedia

2007-03-08 15:39:13 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:39:13 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:39:13 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 15:38:05 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-02-05 20:20:15 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 04:23]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"preload"="C:\\Windows\\RUNXMLPL.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"SoundMan"="SOUNDMAN.EXE"

"SynTPLpr"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"

"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""

"LaunchAp"="\"C:\\Program\\Launch Manager\\LaunchAp.exe\""

"PowerKey"="\"C:\\Program\\Launch Manager\\PowerKey.exe\""

"LManager"="\"C:\\Program\\Launch Manager\\HotkeyApp.exe\""

"CtrlVol"="\"C:\\Program\\Launch Manager\\CtrlVol.exe\""

"LMgrOSD"="\"C:\\Program\\Launch Manager\\OSDCtrl.exe\""

"Wbutton"="\"C:\\Program\\Launch Manager\\Wbutton.exe\""

"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"

"Sunkist2k"="C:\\Program\\Multimedia Card Reader\\shwicon2k.exe"

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"tvjbmonitor"="C:\\Program\\MMEDIA\\TV Jukebox 3.0\\tvjbMonitor.exe"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_11\\bin\\jusched.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"preload"="C:\Windows\RUNXMLPL.exe" [2005-05-19 18:09]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-01-23 11:36]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-23 11:31]

"SoundMan"="SOUNDMAN.EXE" [])

"SynTPLpr"="C:\Program\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 12:12]

"SynTPEnh"="C:\Program\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 12:11]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 17:18]

"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-10-26 17:11]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:00]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00]

"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 19:59]

"LaunchAp"="C:\Program\Launch Manager\LaunchAp.exe" [2005-07-25 14:36]

"PowerKey"="C:\Program\Launch Manager\PowerKey.exe" [2002-08-30 16:02]

"LManager"="C:\Program\Launch Manager\HotkeyApp.exe" [2005-06-06 12:52]

"CtrlVol"="C:\Program\Launch Manager\CtrlVol.exe" [2003-09-16 15:28]

"LMgrOSD"="C:\Program\Launch Manager\OSDCtrl.exe" [2005-07-25 11:45]

"Wbutton"="C:\Program\Launch Manager\Wbutton.exe" [2005-07-25 14:34]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 20:05]

"Sunkist2k"="C:\Program\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 18:16]

"avast!"="C:\Program\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]

"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-09-14 22:09]

"tvjbmonitor"="C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe" [2006-08-08 11:54]

"SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-02-16 11:54]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-03-14 20:05]

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

"WMPNSCFG"="C:\Program\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:49]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"WMPNSCFG"="C:\\Program\\Windows Media Player\\WMPNSCFG.exe"

 

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages msv1_0\0\0

Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages scecli\0\0

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start-meny^program^autostart^kodak easyshare software.lnk

C:\Program\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr

"C:\Program\MSN Messenger\msnmsgr.exe" /background

 

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter HTTPFilter\0\0

LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService DnsCache\0\0

DcomLaunch DcomLaunch\0TermService\0\0

rpcss RpcSs\0\0

imgsvc StiSvc\0\0

termsvcs TermService\0\0

WudfServiceGroup WUDFSvc\0\0

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]

Shell\AutoRun\command F:\launcher.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]

Shell\AutoRun\command G:\autorun.exe

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070510-220555-249

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab

backup-20070510-220555-958

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

backup-20070510-220555-469

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxpt135YYSE

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

********************************************************************

 

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-15 20:51:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

********************************************************************

 

Completion time: 2007-05-15 20:53:15 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-05-15 20:53

[/log]

 

[log]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/15/2007 at 09:54 PM

 

Application Version : 3.7.1018

 

Core Rules Database Version : 3238

Trace Rules Database Version: 1249

 

Scan type : Quick Scan

Total Scan Time : 00:27:56

 

Memory items scanned : 604

Memory threats detected : 0

Registry items scanned : 1187

Registry threats detected : 40

File items scanned : 20736

File threats detected : 3

 

Unclassified.Oreans32

HKLM\System\ControlSet001\Services\oreans32

C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS

HKLM\System\ControlSet002\Services\oreans32

HKLM\System\CurrentControlSet\Services\oreans32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath

HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count

HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

 

Adware.Tracking Cookie

C:\Documents and Settings\Stoffe\Cookies\stoffe@imrworldwide[1].txt

C:\Documents and Settings\Stoffe\Cookies\stoffe@atdmt[2].txt

 

Trojan.IEObject/Win

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}#AppID

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\Control

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\InprocServer32

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\InprocServer32#ThreadingModel

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\MiscStatus

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\MiscStatus\1

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\ProgID

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\ToolboxBitmap32

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\TypeLib

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\Version

HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\VersionIndependentProgID

[/log]

 

 

[log]

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, May 16, 2007 6:12:21 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 15/05/2007

Kaspersky Anti-Virus database records: 301408

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: standard

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - Folders:

C: D:

Scan Statistics:

Total number of scanned objects: 97627

Number of viruses found: 1

Number of infected objects: 4 / 0

Number of suspicious objects: 0

Duration of the scan process: 01:53:46

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Stoffe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-768b7f6-1779db3e.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\Stoffe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-768b7f6-1779db3e.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\Stoffe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-768b7f6-1779db3e.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\Stoffe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-768b7f6-1779db3e.zip ZIP: infected - 3 skipped

C:\Documents and Settings\Stoffe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Stoffe\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped

C:\Documents and Settings\Stoffe\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Stoffe\Lokala inställningar\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped

C:\Documents and Settings\Stoffe\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Stoffe\Lokala inställningar\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Stoffe\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Stoffe\Lokala inställningar\Tidigare\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Stoffe\ntuser.dat Object is locked skipped

C:\Documents and Settings\Stoffe\ntuser.dat.LOG Object is locked skipped

C:\Program\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program\Huawei technologies\Huawei UMTS Data Card\Data\AddressBookRec.DTC Object is locked skipped

C:\Program\Huawei technologies\Huawei UMTS Data Card\Data\CallRecord.DTC Object is locked skipped

C:\Program\Huawei technologies\Huawei UMTS Data Card\Data\GroupInfo.DTC Object is locked skipped

C:\Program\Huawei technologies\Huawei UMTS Data Card\Data\TrafficInfo.DTC Object is locked skipped

C:\Program\Huawei technologies\Huawei UMTS Data Card\Log\trace_3.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B5645957-700C-4BB8-9F9B-0D47998845F0}\RP292\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt Object is locked skipped

C:\WINDOWS\pfirewall.log Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DA62B411-D599-4516-BFB6-3F6E391D065F}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptddrv1.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_698.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

Scan process completed.

[/log]

 

 

 

[log]

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: TrackingCookie.Netflame

Path: C:\Documents and Settings\Stoffe\Cookies\stoffe@ssl-hints.netflame[1].txt

Risk: Medium

 

Name: Adware.WebDir

Path: HKU\S-1-5-21-1390570283-3332796590-3896541955-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}

Risk: Medium

 

Name: TrackingCookie.Netflame

Path: :mozilla.30:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Toplist

Path: :mozilla.37:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Com

Path: :mozilla.40:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: :mozilla.80:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.102:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.103:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.104:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.105:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.106:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: :mozilla.114:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: :mozilla.143:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Hitslink

Path: :mozilla.152:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Googleadservices

Path: :mozilla.180:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Googleadservices

Path: :mozilla.184:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Emerite

Path: :mozilla.225:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Emerite

Path: :mozilla.226:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: :mozilla.242:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: :mozilla.243:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: :mozilla.262:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.290:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Hotlog

Path: :mozilla.306:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Spylog

Path: :mozilla.307:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Sitestat

Path: :mozilla.317:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Paypal

Path: :mozilla.325:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Webtrendslive

Path: :mozilla.336:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: :mozilla.340:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: :mozilla.341:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Information

Path: :mozilla.354:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Hitbox

Path: :mozilla.394:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\tkkaaxlk.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Googleadservices

Path: :mozilla.6:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.10:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.11:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.12:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.13:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.14:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.15:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.16:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.17:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Casalemedia

Path: :mozilla.18:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.20:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.21:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.22:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Advertising

Path: :mozilla.23:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: :mozilla.24:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: :mozilla.25:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: :mozilla.26:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: :mozilla.30:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fastclick

Path: :mozilla.32:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Com

Path: :mozilla.35:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tribalfusion

Path: :mozilla.36:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tribalfusion

Path: :mozilla.37:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tribalfusion

Path: :mozilla.39:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: :mozilla.42:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: :mozilla.43:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: :mozilla.44:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: :mozilla.45:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Zedo

Path: :mozilla.46:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: :mozilla.52:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: :mozilla.54:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: :mozilla.55:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Overture

Path: :mozilla.56:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Atdmt

Path: :mozilla.57:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: :mozilla.61:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: :mozilla.62:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Tradedoubler

Path: :mozilla.63:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Hotlog

Path: :mozilla.69:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Spylog

Path: :mozilla.70:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.92:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Revsci

Path: :mozilla.93:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Imrworldwide

Path: :mozilla.102:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Imrworldwide

Path: :mozilla.103:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statistik-gallup

Path: :mozilla.125:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fortunecity

Path: :mozilla.143:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Fortunecity

Path: :mozilla.144:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.149:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.150:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.151:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.152:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Statcounter

Path: :mozilla.153:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Reliablestats

Path: :mozilla.156:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Reliablestats

Path: :mozilla.157:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Reliablestats

Path: :mozilla.158:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Reliablestats

Path: :mozilla.159:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Reliablestats

Path: :mozilla.160:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.163:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.164:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.165:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.2o7

Path: :mozilla.166:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Doubleclick

Path: :mozilla.182:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: :mozilla.184:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Adtech

Path: :mozilla.185:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: :mozilla.196:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Webtrends

Path: :mozilla.198:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Adobe

Path: :mozilla.203:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Googleadservices

Path: :mozilla.228:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Connextra

Path: :mozilla.252:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: :mozilla.253:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Yieldmanager

Path: :mozilla.254:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Toplist

Path: :mozilla.258:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Googleadservices

Path: :mozilla.259:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

Name: TrackingCookie.Information

Path: :mozilla.272:C:\Documents and Settings\Stoffe\Application Data\Mozilla\Firefox\Profiles\uwqwvjzj.default\cookies.txt

Risk: Medium

 

[/log]

 

[log]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 21:44:00, on 2007-05-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\PowerKey.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\OSDCtrl.exe

C:\Program\Launch Manager\Wbutton.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program\Multimedia Card Reader\shwicon2k.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program\Huawei technologies\Huawei UMTS Data Card\HUAWEI 3G Data Card.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Hijack this\HiJackThis_v2.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Program\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tvjbmonitor] C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_11\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Keep my net clean.org - {F12F48EE-7575-4a05-8957-E207557670C8} - C:\Program\Keep my Net Clean.org\kmnc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{F2D63002-767F-4DDB-A13A-E80689133A38}: NameServer = 10.0.0.1 10.0.0.2

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

 

--

End of file - 9675 bytes

[/log]

 

[Cecilia]

Vet du vad som finns i dessa mappar och litar du på de programmen?

2007-04-29 22:25 <KAT> d-------- C:\Program\ReflexiveArcade

2007-04-29 22:25 <KAT> d-------- C:\Program\Gutterball 2

2007-04-28 13:01 <KAT> d-------- C:\Program\18 WoS Pedal to the Metal

2007-04-19 22:23 <KAT> d-a------ C:\aircrack-ng-0.6.2-win

Om de t ex är crackade så kan de vara infekterade.

 

Gå till http://www.virustotal.com/ klistra in ett av följande filnamn i rutan, tryck på Send och vänta tills resultatet är klart (Status blir Finished). Klistra in resultatet (inkl. filstorlek) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\drivers\sptddrv1.sys

C:\WINDOWS\system32\drivers\sptd.sys

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filen:

C:\Documents and Settings\Stoffe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar

 

Kommer det något fel i Loggboken (Kontrollpanelen - Administrationsverktyg) i samtidigt som felmeddelandet om brandväggen kommer?

 

 

[Stoffes]

Hej igen, o tack för all hjälp så här långt.

 

Vet du vad som finns i dessa mappar och litar du på de programmen?

2007-04-29 22:25 <KAT> d-------- C:\Program\ReflexiveArcade

2007-04-29 22:25 <KAT> d-------- C:\Program\Gutterball 2

2007-04-28 13:01 <KAT> d-------- C:\Program\18 WoS Pedal to the Metal

2007-04-19 22:23 <KAT> d-a------ C:\aircrack-ng-0.6.2-win

Om de t ex är crackade så kan de vara infekterade.

 

Ja jag vet vad det är för filer och dom är crackade för att kunna köras pga att ett av dom har ingen skiva osv. Men C:\Program\ReflexiveArcade den vet jag inget om alls, hitta den oxså på min andra dator, men inget är fel på den. och air crack.ng ska jag ta bort i alla fall...

 

Här är resultatet av en av filerna:

 

File size: 96256 bytes

MD5: d7fd0ff761e28ac0ea35ad71e0cd67e9

SHA1: 40f88d937ceba8cf73ffa1110e84191ef20dad6f

Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=d7fd0ff761e28ac0ea35ad71e0cd67e9

 

den andre filen gick inte att söka på försökt 3 ggr

 

Och jag har kollat i loggen, men jag kan inte hitta något fel eller något annat.

 

[Cecilia]

Här är resultatet av en av filerna:

Vilken? Hittades något virus eller liknande i den och i så fall vad?

 

Ladda ner Deckard's System Scanner till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

Avsluta alla program.

Kör programmet och följ anvisningarna som visas.

När det är klart så skapas två loggfiler, main.txt och extra.txt i samma mapp som skannern ligger i. Klistra in dem här.

 

[Stoffes]

Ja det glömde jag att skriva det gällde filen sptddrv1.sys och det är inga virus i filen.

 

Här nedan har du loggarna från sökningen.

 

[log]

Deckard's System Scanner v20070426.43

Run by Stoffe on 2007-05-25 at 18:14:33

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

33: 2007-05-25 16:14:46 UTC - RP299 - Deckard's System Scanner Restore Point

32: 2007-05-25 15:49:16 UTC - RP298 - Software Distribution Service 2.0

31: 2007-05-22 18:32:21 UTC - RP297 - Systemkontrollpunkt

30: 2007-05-20 08:49:07 UTC - RP296 - Systemkontrollpunkt

29: 2007-05-19 02:49:05 UTC - RP295 - Systemkontrollpunkt

 

 

-- First Restore Point --

1: 2007-04-15 10:59:09 UTC - RP267 - Installation av osignerad drivrutin

 

 

Backed up registry hives.

 

Performed disk cleanup.

 

 

-- HijackThis (run as Stoffe.exe) ----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 18:40:11, on 2007-05-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\PowerKey.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\OSDCtrl.exe

C:\Program\Launch Manager\Wbutton.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program\Multimedia Card Reader\shwicon2k.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\WINDOWS\System32\dpl1npwm.exe

C:\Documents and Settings\Stoffe\Skrivbord\Nedladdat\dss.exe

C:\Program\HIJACK~1\Stoffe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Program\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tvjbmonitor] C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_11\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [crslc.exe] C:\WINDOWS\crslc.exe -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Keep my net clean.org - {F12F48EE-7575-4a05-8957-E207557670C8} - C:\Program\Keep my Net Clean.org\kmnc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: certmsje.dll flw334.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: dpl1npwm - C:\WINDOWS\system32\dpl1npwm.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - DefaultIcon - C:\Program\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2

.js - JSFile - shell\open\command - "C:\Program\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 UBHelper - c:\windows\system32\drivers\ubhelper.sys

R1 Hotkey - c:\windows\system32\drivers\hotkey.sys

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys

R1 SASDIFSV - c:\program\superantispyware\sasdifsv.sys

R1 SASKUTIL - c:\program\superantispyware\saskutil.sys

R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>

R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>

R2 int15.sys - c:\acer\empowering technology\erecovery\int15.sys

R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows ® Server 2003 DDK driver>

R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver>

R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

R3 POWERKEY - c:\program\launch manager\powerkey.sys

R3 SASENUM - c:\program\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

 

S1 Wbutton - c:\windows\system32\drivers\wbutton.sys (file missing)

S3 ASFWHide - c:\docume~1\stoffe\lokala~1\temp\asfwhide (file missing)

S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>

S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>

S3 PEEK5 (PEEK5 Protocol Driver) - c:\aircra~1.2-w\bin\peek5.sys (file missing)

S3 SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - c:\windows\system32\drivers\se2ebus.sys <Not Verified; MCCI; Sony Ericsson Device 046 Driver>

S3 SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - c:\windows\system32\drivers\se2emdfl.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Modem Filter Driver>

S3 SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - c:\windows\system32\drivers\se2emdm.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Data Modem>

S3 SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se2emgmt.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC Device Management>

S3 SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - c:\windows\system32\drivers\se2eobex.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB WMC OBEX Interface>

S3 se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - c:\windows\system32\drivers\se2eunic.sys <Not Verified; MCCI; Sony Ericsson Device 046 USB Ethernet Emulation>

S3 SIWIO - c:\windows\temp\siwio.sys (file missing)

S3 SunkFilt6 (Alcor Micro Corp - 6360) - c:\windows\system32\drivers\sunkfilt6.sys (file missing)

S3 SunkFilt62 (Alcor Micro Corp - 6362) - c:\windows\system32\drivers\sunkfilt62.sys <Not Verified; Alcor Micro, Corp.; SunkFilt62>

S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)

S3 SYMIDSCO - c:\program\delade~1\symant~1\symcdata\ids-di~1\20040813.178\symidsco.sys (file missing)

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>

R2 Bonjour Service (Bonjour-tjänst) - c:\program\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-03-21 23:48:33 272 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

 

 

-- Files created between 2007-04-25 and 2007-05-25 -----------------------------

 

2007-05-25 18:02:30 89789 --a------ C:\WINDOWS\system32\dpl1npwm.exe

2007-05-22 20:41:37 0 d-------- C:\Documents and Settings\Stoffe\Application Data\dvdcss

2007-05-19 20:04:09 57344 --ah----- C:\WINDOWS\system32\kqvom22dv9.dll

2007-05-19 20:04:09 57344 --ah----- C:\WINDOWS\system32\flw334.dll

2007-05-19 20:04:09 45056 --ah----- C:\WINDOWS\system32\cetk5w3.exe

2007-05-19 19:55:17 190976 --a------ C:\WINDOWS\crslc.exe

2007-05-19 19:54:08 4 --a------ C:\WINDOWS\system32\dpl1npwm.dat

2007-05-19 19:54:03 24576 --a------ C:\WINDOWS\system32\psnppack.dll

2007-05-19 19:54:03 16384 --a------ C:\WINDOWS\system32\psapuman.exe

2007-05-19 19:54:03 28672 --a------ C:\WINDOWS\system32\certmsje.dll

2007-05-19 19:54:01 114688 --a------ C:\WINDOWS\system32\dpl1npwm.dll

2007-05-15 21:15:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-15 21:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-05-15 21:15:12 0 d-------- C:\Program\SUPERAntiSpyware

2007-05-15 21:15:12 0 d-------- C:\Documents and Settings\Stoffe\Application Data\SUPERAntiSpyware.com

2007-05-10 21:56:45 0 d-------- C:\Hijack this

2007-05-08 21:55:27 0 d-------- C:\Program\Microsoft Windows Vista Upgrade Advisor

2007-05-08 20:49:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2007-04-29 22:25:55 0 d-------- C:\Program\Gutterball 2

2007-04-29 22:25:31 0 d-------- C:\Program\ReflexiveArcade

2007-04-28 13:01:17 0 d-------- C:\Program\18 WoS Pedal to the Metal

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-05-25 17:51:01 465842 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-05-25 17:51:01 85724 --a------ C:\WINDOWS\system32\perfc01D.dat

2007-05-15 21:14:47 0 d-------- C:\Program\Delade filer\Wise Installation Wizard

2007-04-25 03:03:41 0 d-------- C:\Documents and Settings\Stoffe\Application Data\BitTorrent

2007-04-24 23:04:02 0 d-------- C:\Program\Keep my Net Clean.org

2007-04-21 15:47:46 0 d-------- C:\Program\mIRC

2007-04-15 20:22:58 5099 --a------ C:\WINDOWS\mozver.dat

2007-04-15 12:42:33 0 d-------- C:\Program\Delade filer\Teleca Shared

2007-04-15 12:41:56 0 d-------- C:\Program\Sony Ericsson

2007-04-07 20:23:45 0 d-------- C:\Documents and Settings\Stoffe\Application Data\Macromedia

2007-04-01 14:15:32 0 d-------- C:\Documents and Settings\Stoffe\Application Data\SecondLife

2007-03-29 22:41:54 0 d-------- C:\Program\Ashampoo

2007-03-24 14:19:49 18275 --a------ C:\WINDOWS\War3Unin.dat

2007-03-24 14:19:46 2829 --a------ C:\WINDOWS\War3Unin.pif

2007-03-24 14:19:45 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>

 

 

-- Registry Dump ---------------------------------------------------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"preload"="C:\\Windows\\RUNXMLPL.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"SoundMan"="SOUNDMAN.EXE"

"SynTPLpr"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"

"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""

"LaunchAp"="\"C:\\Program\\Launch Manager\\LaunchAp.exe\""

"PowerKey"="\"C:\\Program\\Launch Manager\\PowerKey.exe\""

"LManager"="\"C:\\Program\\Launch Manager\\HotkeyApp.exe\""

"CtrlVol"="\"C:\\Program\\Launch Manager\\CtrlVol.exe\""

"LMgrOSD"="\"C:\\Program\\Launch Manager\\OSDCtrl.exe\""

"Wbutton"="\"C:\\Program\\Launch Manager\\Wbutton.exe\""

"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"

"Sunkist2k"="C:\\Program\\Multimedia Card Reader\\shwicon2k.exe"

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"tvjbmonitor"="C:\\Program\\MMEDIA\\TV Jukebox 3.0\\tvjbMonitor.exe"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_11\\bin\\jusched.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"crslc.exe"="C:\\WINDOWS\\crslc.exe -s"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"WMPNSCFG"="C:\\Program\\Windows Media Player\\WMPNSCFG.exe"

"BitTorrent"="\"C:\\Program\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpl1npwm

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"appinit_dlls"="certmsje.dll flw334.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Kodak EasyShare software.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Kodak EasyShare software.lnk"

"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"

"item"="Kodak EasyShare software"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]

Shell\AutoRun\command F:\launcher.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]

Shell\AutoRun\command G:\autorun.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801ccd82-6c38-11db-ad37-0014a4640386}]

Shell\AutoRun\command F:\launcher.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801ccd83-6c38-11db-ad37-0014a4640386}]

Shell\AutoRun\command G:\autorun.exe

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS

 

 

-- End of Deckard's System Scanner: finished at 2007-05-25 at 18:40:46 ---------

 

[/log]

 

[log]

Deckard's System Scanner v20070426.43

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Swedish

 

CPU 0: Intel® Celeron® M processor 1.50GHz

Percentage of Memory in Use: 47%

Physical Memory (total/avail): 1014.42 MiB / 531 MiB

Pagefile Memory (total/avail): 2439.28 MiB / 1989.2 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1956.8 MiB

 

C: is Fixed (NTFS) - 35.48 GiB total, 9.97 GiB free.

D: is Fixed (NTFS) - 35.96 GiB total, 11.42 GiB free.

E: is CDROM (No Media)

F: is CDROM (CDFS)

G: is CDROM (CDFS)

H: is CDROM (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FirstRunDisabled is set.

 

AV: avast! antivirus 4.7.1001 [VPS 000742-1] v4.7.1001 (ALWIL Software)

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Stoffe\Application Data

CLASSPATH=.;C:\Program\Java\jre1.5.0_11\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=CHRISTOFFER

ComSpec=C:\WINDOWS\system32\cmd.exe

DEFAULT_CA_NR=CA6

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Stoffe

LOGONSERVER=\\CHRISTOFFER

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program\Mozilla Firefox;C:\Program\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\Delade filer\Adobe\AGL;C:\Program\QuickTime\QTSystem\;C:\Program\Delade filer\Teleca Shared

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0d08

ProgramFiles=C:\Program

PROMPT=$P$G

QTJAVA=C:\Program\Java\jre1.5.0_11\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Stoffe\LOKALA~1\Temp

TMP=C:\DOCUME~1\Stoffe\LOKALA~1\Temp

USERDOMAIN=CHRISTOFFER

USERNAME=Stoffe

USERPROFILE=C:\Documents and Settings\Stoffe

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Stoffe (admin)

Administratör (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\WINDOWS\IsUninst.exe -f"C:\Program\Acer Inc.\Acer English Online Help Creator\Uninst.isu"

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

18 Wheels of Steel Pedal to the Metal --> C:\Program\18 WoS Pedal to the Metal\uninst.exe

Acer eManager for Notebook --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}

Acer ePowerManagement --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x1d

Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI

Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Reader 7.0.9 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70900000002}

Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Ahead Nero Burning ROM --> D:\Program\Nero\nero\uninstall\UNNERO.exe /UNINSTALL

Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}

Arcade 3.0 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall

avast! Antivirus --> rundll32 C:\Program\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup

AVI DivX MPEG to DVD Converter & Burner Pro 2.9 --> "D:\AVI DivX MPEG to DVD Converter & Burner Pro\unins000.exe"

AVI Movie Player --> C:\Program\AVI Movie Player\uninstall.exe

AVS Audio Tools version 4.2 --> "D:\Program\AVSMedia\AudioTools\unins000.exe"

AVS DVDMenu Editor 1.0.0.5 --> "C:\Program\Delade filer\AVSMedia\AVS DVDMenu Editor\unins000.exe"

AVS Video Editor 3.4 --> "C:\Program\AVSMedia\AVSVideoEditor\unins000.exe"

BitTorrent 5.0.7 --> "C:\Program\BitTorrent\uninstall.exe"

Bonjour --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1053

Bus Driver 1.0 --> D:\Program\Bus Driver\uninst.exe

CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}

CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}

Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}

Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.4.6 --> "D:\Program\Easy MPEG AVI DIVX WMV RM to DVD\unins000.exe"

Empire Earth II --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{DF315348-721C-40B8-BAE2-58C6C7D935A2}\setup.exe" -l0x9 -removeonly

ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}

ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}

ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}

ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}

First Class version 8 --> MsiExec.exe /X{1EC80A2B-FED0-4E9E-AA0C-AE59D4BEDDFD}

Google Earth --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

Gutterball 2 --> "C:\Program\Gutterball 2\unins000.exe"

HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HUAWEI 3G Data Card Management --> C:\PROGRAM\HUAWEI~1\HUAWEI~1\Uninstall.exe

Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592

iPod for Windows 2006-06-28 --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1053

iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

Keep my Net Clean.org 2005 --> C:\Program\Keep my Net Clean.org\uninst.exe

kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}

Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_4f215fb\Setup.exe /APR-REMOVE

KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}

Launch Manager V1.0.8.8 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\Setup.exe" -l0x9

LimeWire PRO 4.9.28 --> "D:\Program\LimeWire\uninstall.exe"

Macromedia Dreamweaver MX 2004 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall

Macromedia Extension Manager --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall

Macromedia Flash MX 2004 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL

Mad Truckers --> "D:\Program\GameTop.com\Mad Truckers\unins000.exe"

Maxdox Publisher Personal 2.1 --> "D:\Program\Maxdox_Publisher\Uninstall_Maxdox Publisher Personal 2.1\Uninstall Maxdox Publisher Personal 2.1.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

mIRC --> "C:\Program\mIRC\mirc.exe" -uninstall

Movie DVD Maker 1.7.2 --> "D:\Program\Movie DVD Maker\unins000.exe"

Mozilla Firefox (2.0.0.3) --> C:\Program\Mozilla Firefox\uninstall\helper.exe

mtp-target --> D:\Program\mtp-target\uninstall.exe

Multimedia Card Reader --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}

My DSC --> C:\Program\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe

Network Stumbler 0.4.0 (remove only) --> "D:\Program\Network Stumbler\uninst.exe"

Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}

NTI Backup NOW! 4 --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{ED79C7E1-386E-4C12-81C7-8FEFB6D396B5} /l1033 BUN4

NTI CD & DVD-Maker Gold --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{65C39C99-F2C0-4286-A37A-23182E9A5E8E} /l1033 CDM7

OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}

OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}

PowerProducer --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}

Realtek AC'97 Audio --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

SecondLife (remove only) --> "d:\Program\SecondLife\uninst.exe" /P="SecondLife"

SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}

SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

SoftV90 Data Fax Modem with SmartCP --> C:\Program\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE -U -IVEN_8086&DEV_266D&SUBSYS_006A1025

Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}

Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat

staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Time Adjuster STANDARD 3.1 --> "D:\Program\TimeAdjuster\Uninstall.exe"

Total Commander (Remove or Repair) --> c:\totalcmd\tcuninst.exe

TV Jukebox 3.0 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F3F1D08D-ABEF-4528-8383-54C46369EBB6}\SETUP.exe" -l0x1d -removeonly

Uniblue Registry Booster --> "D:\Program\Uniblue\Registry Booster\unins000.exe"

Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

Warcraft III --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat

Webbanslutning till fjärrskrivbord --> rundll32 advpack.dll,LaunchINFSection C:\InetPub\wwwroot\TSWeb\setup.inf,DefaultUninstall,,

Westwood Shared Internet Components --> C:\Westwood\Internet\UnstllAP.EXE

VideoLAN VLC media player 0.8.6a --> D:\Program\VideoLAN\VLC\uninstall.exe

Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}

Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}

Windows Media Encoder 7.1 --> C:\Program\Windows Media Components\Encoder\_instENC.exe /U

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Vista Upgrade Advisor --> MsiExec.exe /I{892160E2-AF74-494C-A475-C34CB31EBDFF}

WinRAR archiver --> C:\Program\WinRAR\uninstall.exe

WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

Wireless WEP Key Password Spy --> D:\Program\WIRELE~1\UNWISE.EXE D:\Program\WIRELE~1\INSTALL.LOG

Worms 3D --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{8874FD36-7C9D-4573-8956-E368D6753D90}\setup.exe" -l0x9

VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

 

 

-- End of Deckard's System Scanner: finished at 2007-05-25 at 18:40:46 ---------

[/log]

 

[Cecilia]

Du har hemskt mycket program installerade. Använder du alla? Se om du inte kan avinstallera en del som du inte använder längre.

 

En drivrutin installerades för ungefär 1 månad sedan.

1: 2007-04-15 10:59:09 UTC - RP267 - Installation av osignerad drivrutin

Kommer du ihåg vad det var utifall att det är den som stör?

 

Hmm, men nu har det dykt upp nya saker i HijackThis-loggen som inte ser bra ut, kom in den 19 maj. Det är en mask som skickar spam-mejl. Håll internetanslutningen urdragen så mycket som möjligt.

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger.zip

Kopiera in följande i Anteckningar:

Drivers to unload:

 

Files to delete:

C:\WINDOWS\system32\kqvom22dv9.dll

C:\WINDOWS\system32\cetk5w3.exe

C:\WINDOWS\system32\dpl1npwm.dll

C:\WINDOWS\system32\certmsje.dll

C:\WINDOWS\system32\flw334.dll

C:\WINDOWS\system32\dpl1npwm.dat

C:\WINDOWS\system32\dpl1npwm.exe

C:\WINDOWS\system32\psapuman.exe

C:\WINDOWS\system32\psnppack.dll

C:\WINDOWS\crslc.exe

 

Starta Avenger

Bocka i "Input Script Manually"

Klicka på förstoringsglaset och i "View/edit script" så klistrar du in texten som finns i Anteckningar.

Klicka på Done

Klicka på det gröna ljuset och svara Ja på frågorna.

Datorn startar nu om (kanske två gånger).

Ett DOS-fönster ska komma fram och sedan ska loggen komma upp.

Klistra in den här liksom en ny logg från Deckard's System Scanner, det räcker med main.txt.

 

[Stoffes]

Jo tack jag vet, gjorde en rensning nu bland allt...

 

En drivrutin installerades för ungefär 1 månad sedan.

1: 2007-04-15 10:59:09 UTC - RP267 - Installation av osignerad drivrutin

Kommer du ihåg vad det var utifall att det är den som stör?

 

Nej det gör jag inte, om det är den som stör hur ska jag då hitta den filen?

Eller är det omöjligt att göra det?

 

Det enda jag kan tänka mej vad det kan vara för drivrutin så var det till det program jag tog bort här om dan, Aircrack. och jag återställde drivutinen för mitt trådlösa nätverkort, för den hade en osignerad drivrutin.

 

Angående den mask som jag har fått in så, hitta jag något i nedladdat mappen som jag har, det var en msn kompis som skickade en länk till ett foto, men det var inget foto utan en msdos fil som heter photo. och den fick jag ner den 19 maj. För jag kunde nämligen inte radera den då, men nu kunde jag det.

 

Här kommer det lite loggar som vanligt.

 

 

[log]

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\keslkfbx

 

*******************

 

Script file located at: \??\C:\WINDOWS\system32\tjfsauif.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\WINDOWS\system32\kqvom22dv9.dll deleted successfully.

File C:\WINDOWS\system32\cetk5w3.exe deleted successfully.

File C:\WINDOWS\system32\dpl1npwm.dll deleted successfully.

File C:\WINDOWS\system32\certmsje.dll deleted successfully.

File C:\WINDOWS\system32\flw334.dll deleted successfully.

File C:\WINDOWS\system32\dpl1npwm.dat deleted successfully.

File C:\WINDOWS\system32\dpl1npwm.exe deleted successfully.

File C:\WINDOWS\system32\psapuman.exe deleted successfully.

File C:\WINDOWS\system32\psnppack.dll deleted successfully.

File C:\WINDOWS\crslc.exe deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.[/log]

 

[log]

Deckard's System Scanner v20070426.43

Run by Stoffe on 2007-05-25 at 22:52:50

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Stoffe.exe) ----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 22:52:58, on 2007-05-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Launch Manager\PowerKey.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\OSDCtrl.exe

C:\Program\Launch Manager\Wbutton.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program\Multimedia Card Reader\shwicon2k.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\BitTorrent\bittorrent.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\Stoffe\Skrivbord\Nedladdat\dss.exe

C:\Program\HIJACK~1\Stoffe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Program\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tvjbmonitor] C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_11\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [crslc.exe] C:\WINDOWS\crslc.exe -s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Keep my net clean.org - {F12F48EE-7575-4a05-8957-E207557670C8} - C:\Program\Keep my Net Clean.org\kmnc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - AppInit_DLLs: certmsje.dll flw334.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: dpl1npwm - C:\WINDOWS\system32\dpl1npwm.dll (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

-- Files created between 2007-04-25 and 2007-05-25 -----------------------------

 

2007-05-25 22:43:33 0 d-------- C:\avenger

2007-05-25 22:34:44 0 d-------- C:\Avenger1

2007-05-22 20:41:37 0 d-------- C:\Documents and Settings\Stoffe\Application Data\dvdcss

2007-05-15 21:15:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-15 21:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-05-15 21:15:12 0 d-------- C:\Program\SUPERAntiSpyware

2007-05-15 21:15:12 0 d-------- C:\Documents and Settings\Stoffe\Application Data\SUPERAntiSpyware.com

2007-05-10 21:56:45 0 d-------- C:\Hijack this

2007-05-08 21:55:27 0 d-------- C:\Program\Microsoft Windows Vista Upgrade Advisor

2007-05-08 20:49:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2007-04-29 22:25:55 0 d-------- C:\Program\Gutterball 2

2007-04-29 22:25:31 0 d-------- C:\Program\ReflexiveArcade

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-05-25 22:25:17 0 d-------- C:\Program\Delade filer\AVSMedia

2007-05-25 17:51:01 465842 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-05-25 17:51:01 85724 --a------ C:\WINDOWS\system32\perfc01D.dat

2007-05-15 21:14:47 0 d-------- C:\Program\Delade filer\Wise Installation Wizard

2007-04-25 03:03:41 0 d-------- C:\Documents and Settings\Stoffe\Application Data\BitTorrent

2007-04-24 23:04:02 0 d-------- C:\Program\Keep my Net Clean.org

2007-04-21 15:47:46 0 d-------- C:\Program\mIRC

2007-04-15 20:22:58 5099 --a------ C:\WINDOWS\mozver.dat

2007-04-15 12:42:33 0 d-------- C:\Program\Delade filer\Teleca Shared

2007-04-15 12:41:56 0 d-------- C:\Program\Sony Ericsson

2007-04-07 20:23:45 0 d-------- C:\Documents and Settings\Stoffe\Application Data\Macromedia

2007-04-01 14:15:32 0 d-------- C:\Documents and Settings\Stoffe\Application Data\SecondLife

2007-03-29 22:41:54 0 d-------- C:\Program\Ashampoo

 

 

-- Registry Dump ---------------------------------------------------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"preload"="C:\\Windows\\RUNXMLPL.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"SoundMan"="SOUNDMAN.EXE"

"SynTPLpr"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"

"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""

"LaunchAp"="\"C:\\Program\\Launch Manager\\LaunchAp.exe\""

"PowerKey"="\"C:\\Program\\Launch Manager\\PowerKey.exe\""

"LManager"="\"C:\\Program\\Launch Manager\\HotkeyApp.exe\""

"CtrlVol"="\"C:\\Program\\Launch Manager\\CtrlVol.exe\""

"LMgrOSD"="\"C:\\Program\\Launch Manager\\OSDCtrl.exe\""

"Wbutton"="\"C:\\Program\\Launch Manager\\Wbutton.exe\""

"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"

"Sunkist2k"="C:\\Program\\Multimedia Card Reader\\shwicon2k.exe"

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"tvjbmonitor"="C:\\Program\\MMEDIA\\TV Jukebox 3.0\\tvjbMonitor.exe"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_11\\bin\\jusched.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"crslc.exe"="C:\\WINDOWS\\crslc.exe -s"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"WMPNSCFG"="C:\\Program\\Windows Media Player\\WMPNSCFG.exe"

"BitTorrent"="\"C:\\Program\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpl1npwm

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"appinit_dlls"="certmsje.dll flw334.dll"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Kodak EasyShare software.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Kodak EasyShare software.lnk"

"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"

"item"="Kodak EasyShare software"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]

Shell\AutoRun\command F:\launcher.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]

Shell\AutoRun\command G:\autorun.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801ccd82-6c38-11db-ad37-0014a4640386}]

Shell\AutoRun\command F:\launcher.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{801ccd83-6c38-11db-ad37-0014a4640386}]

Shell\AutoRun\command G:\autorun.exe

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS

 

 

-- End of Deckard's System Scanner: finished at 2007-05-25 at 22:53:25 ---------

[/log]

 

[Cecilia]

Kan inte se något uppenbart i loggarna som skulle påverka brandväggen under uppstarten. Men det är många rester av drivrutiner som syns i main.txt från 19:29, dvs många rader som det står file missing på under rubriken Drivers. Jag vet dock inte om de verkligen påverkar något och det är alltid lite riskabelt att vara inne och peta i registret.

 

Vet inte, men det går kanske att hitta drivrutinen om du söker i datorn efter filer som är skapade den 15 april. 15 april är ett program från Sony Ericsson installerat.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

[log]Skanna med HijackThis och bocka för:

 

O4 - HKLM\..\Run: [crslc.exe] C:\WINDOWS\crslc.exe -s

O20 - AppInit_DLLs: certmsje.dll flw334.dll

O20 - Winlogon Notify: dpl1npwm - C:\WINDOWS\system32\dpl1npwm.dll (file missing)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\system32\kqvom22dv9.dll

C:\WINDOWS\system32\cetk5w3.exe

C:\WINDOWS\system32\dpl1npwm.dll

C:\WINDOWS\system32\certmsje.dll

C:\WINDOWS\system32\flw334.dll

C:\WINDOWS\system32\dpl1npwm.dat

C:\WINDOWS\system32\dpl1npwm.exe

C:\WINDOWS\system32\psapuman.exe

C:\WINDOWS\system32\psnppack.dll

C:\WINDOWS\crslc.exe

 

Starta om i normalt läge och så en ny DSS-logg. [/log]

 

[Stoffes]

Okej, detta verkar ju skumt det här, varje gång jag gör något tar bort något som du säger så hoppas jag att det inte ska dyka upp igen, (felmeddelandet) men det gör det.....

 

Jo det kan nog tänkas det, vet inte senast jag gjorde en ominstallation av windows.

 

Angående programmet från Sony Ericsson så är det ju ett säkert program, för det är ju för att jag ska kunna föra över filer och synkronisera med datorn.

 

Här kommer loggen från DSS

 

 

[log]

Deckard's System Scanner v20070426.43

Run by Stoffe on 2007-05-26 at 00:35:32

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

 

 

-- HijackThis (run as Stoffe.exe) ----------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 00:35:39, on 2007-05-26

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Alwil Software\Avast4\aswUpdSv.exe

C:\Program\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program\Launch Manager\LaunchAp.exe

C:\Program\Launch Manager\PowerKey.exe

C:\Program\Launch Manager\HotkeyApp.exe

C:\Program\Launch Manager\OSDCtrl.exe

C:\Program\Launch Manager\Wbutton.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\Program\Multimedia Card Reader\shwicon2k.exe

C:\Program\ALWILS~1\Avast4\ashDisp.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

C:\Program\Java\jre1.5.0_11\bin\jusched.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Acer\eManager\anbmServ.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\BitTorrent\bittorrent.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Alwil Software\Avast4\ashMaiSv.exe

C:\Program\Alwil Software\Avast4\ashWebSv.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

C:\Documents and Settings\Stoffe\Skrivbord\Nedladdat\dss.exe

C:\Program\HIJACK~1\Stoffe.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [LaunchAp] "C:\Program\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [PowerKey] "C:\Program\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] "C:\Program\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program\Launch Manager\OSDCtrl.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [tvjbmonitor] C:\Program\MMEDIA\TV Jukebox 3.0\tvjbMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_11\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: KODAK Software Updater.lnk = C:\Program\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Keep my net clean.org - {F12F48EE-7575-4a05-8957-E207557670C8} - C:\Program\Keep my Net Clean.org\kmnc.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by24fd.bay24.hotmail.msn.com/activex/HMAtchmt.ocx

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

 

 

-- Files created between 2007-04-26 and 2007-05-26 -----------------------------

 

2007-05-26 00:17:13 0 d-------- C:\Hijack this2

2007-05-25 22:43:33 0 d-------- C:\avenger

2007-05-25 22:34:44 0 d-------- C:\Avenger1

2007-05-22 20:41:37 0 d-------- C:\Documents and Settings\Stoffe\Application Data\dvdcss

2007-05-15 21:15:45 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-15 21:15:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2007-05-15 21:15:12 0 d-------- C:\Program\SUPERAntiSpyware

2007-05-15 21:15:12 0 d-------- C:\Documents and Settings\Stoffe\Application Data\SUPERAntiSpyware.com

2007-05-10 21:56:45 0 d-------- C:\Hijack this

2007-05-08 21:55:27 0 d-------- C:\Program\Microsoft Windows Vista Upgrade Advisor

2007-05-08 20:49:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation

2007-04-29 22:25:55 0 d-------- C:\Program\Gutterball 2

2007-04-29 22:25:31 0 d-------- C:\Program\ReflexiveArcade

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-05-25 22:25:17 0 d-------- C:\Program\Delade filer\AVSMedia

2007-05-25 17:51:01 465842 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-05-25 17:51:01 85724 --a------ C:\WINDOWS\system32\perfc01D.dat

2007-05-15 21:14:47 0 d-------- C:\Program\Delade filer\Wise Installation Wizard

2007-04-25 03:03:41 0 d-------- C:\Documents and Settings\Stoffe\Application Data\BitTorrent

2007-04-24 23:04:02 0 d-------- C:\Program\Keep my Net Clean.org

2007-04-21 15:47:46 0 d-------- C:\Program\mIRC

2007-04-15 20:22:58 5099 --a------ C:\WINDOWS\mozver.dat

2007-04-15 12:42:33 0 d-------- C:\Program\Delade filer\Teleca Shared

2007-04-15 12:41:56 0 d-------- C:\Program\Sony Ericsson

2007-04-07 20:23:45 0 d-------- C:\Documents and Settings\Stoffe\Application Data\Macromedia

2007-04-01 14:15:32 0 d-------- C:\Documents and Settings\Stoffe\Application Data\SecondLife

2007-03-29 22:41:54 0 d-------- C:\Program\Ashampoo

 

 

-- Registry Dump ---------------------------------------------------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program\Java\jre1.5.0_11\bin\ssv.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"preload"="C:\\Windows\\RUNXMLPL.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"SoundMan"="SOUNDMAN.EXE"

"SynTPLpr"="C:\\Program\\Synaptics\\SynTP\\SynTPLpr.exe"

"SynTPEnh"="C:\\Program\\Synaptics\\SynTP\\SynTPEnh.exe"

"EPM-DM"="c:\\acer\\epm\\epm-dm.exe"

"ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"

"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"

"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"

"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"

"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""

"LaunchAp"="\"C:\\Program\\Launch Manager\\LaunchAp.exe\""

"PowerKey"="\"C:\\Program\\Launch Manager\\PowerKey.exe\""

"LManager"="\"C:\\Program\\Launch Manager\\HotkeyApp.exe\""

"CtrlVol"="\"C:\\Program\\Launch Manager\\CtrlVol.exe\""

"LMgrOSD"="\"C:\\Program\\Launch Manager\\OSDCtrl.exe\""

"Wbutton"="\"C:\\Program\\Launch Manager\\Wbutton.exe\""

"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"

"Sunkist2k"="C:\\Program\\Multimedia Card Reader\\shwicon2k.exe"

"avast!"="C:\\Program\\ALWILS~1\\Avast4\\ashDisp.exe"

"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

"tvjbmonitor"="C:\\Program\\MMEDIA\\TV Jukebox 3.0\\tvjbMonitor.exe"

"SunJavaUpdateSched"="C:\\Program\\Java\\jre1.5.0_11\\bin\\jusched.exe"

"QuickTime Task"="\"C:\\Program\\QuickTime\\qttask.exe\" -atboottime"

"iTunesHelper"="\"C:\\Program\\iTunes\\iTunesHelper.exe\""

"Sony Ericsson PC Suite"="\"C:\\Program\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"SUPERAntiSpyware"="C:\\Program\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

"msnmsgr"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"WMPNSCFG"="C:\\Program\\Windows Media Player\\WMPNSCFG.exe"

"BitTorrent"="\"C:\\Program\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Kodak EasyShare software.lnk]

"path"="C:\\Documents and Settings\\All Users\\Start-meny\\Program\\Autostart\\Kodak EasyShare software.lnk"

"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"

"location"="Common Startup"

"command"="C:\\Program\\Kodak\\KODAKE~1\\bin\\EASYSH~1.EXE -hx"

"item"="Kodak EasyShare software"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program\\MSN Messenger\\msnmsgr.exe\" /background"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]

Shell\AutoRun\command F:\launcher.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]

Shell\AutoRun\command G:\autorun.exe

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS

 

 

-- End of Deckard's System Scanner: finished at 2007-05-26 at 00:36:07 ---------

[/log]

 

[Cecilia]

Det är klart att programmet från Sony Ericsson är säkert, men det kanske kan ha råkat i någon konflikt med något.

 

Loggen ser bra ut nu.

 

Jag brukar alltid rekommendera att man har en bättre brandvägg än den inbyggda i Windows, så det kan ju vara ett alternativ också.

 

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Använd en brandvägg (bättre än den inbyggda i XP), det finns gratis t ex Comodo och ZoneAlarm.

http://www.personalfirewall.comodo.com/

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "I only want basic ZoneAlarm protection" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Allt gratis för hemanvändare/personligt bruk.

 

[Stoffes]

Jo det är mycket klart att det kan ha någon konflikt med något, men inget jag har märkt av i alla fall.

 

 

Tackar så mycket för tipsen som du har gett för att få det säkrare.

 

Men en lustig sak är att när jag installerade brandväggen från comodo så slog den ut väldigt mycket bla min internetanslutning och mitt virusprogram Avast antivirus, allså inte helt men vissa tjänster slogs ut.

 

Så jag avinstallerade den, och när datorn startade om efter det så var windows brandväggen tillbaka utan att säga ett ljud i början, felmeddelandet är borta, mycket märkligt.....

 

Angående min internetanslutning så använder jag mobiltbredband och trådlös nätverk/internet som finns tillgänligt, så jag vet inte om jag ska installera någon annan brandvägg än den inbyggda i xp.....

 

 

Tackar så mycket för all hjälp ännu en gång ska lyda tipset att använda sunt förnuft o söka genom datorn ofta.

 

Tack

 

[Cecilia]

efter det så var windows brandväggen tillbaka utan att säga ett ljud i början, felmeddelandet är borta, mycket märkligt.....

Instämmer, det är mycket som är underligt med datorer.

 

Angående min internetanslutning så använder jag mobiltbredband och trådlös nätverk/internet som finns tillgänligt, så jag vet inte om jag ska installera någon annan brandvägg än den inbyggda i xp.....

Det borde väl gå bra ändå. Det måste ha varit någon konfiguration av Comodo som saknades. Fick du upp frågor om Avast och Internet Explorer etc?

 

[Stoffes]

Jo det tycker man.

 

Angående brandväggen då, kollade på inställningar och upptäckte att den var inakativerad så jag antar att felet kvarstår....

 

Nej jag fick inte upp något om Avast, fick bara felmeddelanden från avast att brandväggen blockerar vissa tjänster, brandväggen blockerade 3 - 4 tjänster.

 

Är det så att avast har något inbyggd brandvägg, för vad jag förstår så ska avast endast vara antivirusprogram...

 

Angående internetläsare så använder jag Firefox. och där fick jag upp frågor om men jag kunde dock inte ansluta varken med mitt mobila bredband för koppla upp knappen var grå. och det verkar som comondo inte öppnar någon port för mitt trådlösa nätverk/internet eller.

 

 

 

[inlägget ändrat 2007-05-26 18:28:46 av Stoffes]

[Cecilia]

Är det så att avast har något inbyggd brandvägg, för vad jag förstår så ska avast endast vara antivirusprogram...

Är vad jag förstår också.

 

Jag hade inga problem när jag började använda Comodo, men kanske jag gick igenom inställningar och wizards i den först.

 

[Stoffes]

Okej men när jag hade startat om datorn så dök frågorna på mej och där satt jag....

 

Ska kanske testa det igen eller den andre brandväggen som du rekomenderade.