cpvfeed

[tankado]

Hej!

 

Jag får hela tiden pop up:en "http:// url.cpvfeed.com/cpv.jsp?p=110830&ip=83.254.142.255&url=http%3A%2F%2Fwww.ugms.se%2Findex.php%3Fphpsessid%3Dc4cae2ffb9119d3fa365993266302f58%3Bwww&selectedKeyword=ron&selectedListingId=6448559"

 

Någon som vet hur man fixar detta?

 

 

Har editerat så att länken inte blir klickbar.

Cecilia - Moderator för Virus - Antivirus

 

[inlägget ändrat 2007-06-17 08:58:41 av Cecilia]

[lizzy_lini]

Börja med att se om HijackThis visar något:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Installera, kör, skanna och spara loggen (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

 

[tankado]

Detta var vad HJT gav mig:

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 20:46:29, on 2007-06-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\XoftSpySE\xoftspy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\BitTorrent_DNA\dna.exe

C:\Program\BitTorrent\bittorrent.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"

O4 - HKLM\..\Run: [XoftSpySE] C:\Program\XoftSpySE\xoftspy.exe -s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DNA] "C:\Program\BitTorrent_DNA\dna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: ubisoft register.lnk = C:\Program\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180715641734

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

[/log]

 

[Cecilia]

Kör inte fildelningsprogram som BitTorrent på infekterade datorer eftersom det då är så stor risk för att otrevligheter sprids den vägen.

 

Har CA Internet Security, Windows Defender eller Xoftspy hittat något? Vad i så fall? Det vore bra att veta både vilka filer de har hittat och vad för otrevlighet som finns i filerna.

 

Hur länge har detta problem funnits?

 

Ladda ner ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Kör den och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på Combofix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här.

 

[tankado]

Xoftsoy hittar hela tiden saker som jag tar bort när jag sedan startar och söker igen kommer det nya. Windows defender har hittat lite men det är borttaget, CA IS hittar också men kan inte ta bort det.

 

ComboFix låser min dator nästan omedelbart och det händer inget mer.

Men jag ska fortsätta försöka och återkommer snart.

 

//Mattias

 

[tankado]

Combofix loggen.

 

[log]ComboFix 07-06-17 - C:\Documents and Settings\Mattias\Skrivbord\ComboFix.exe

"Mattias" - 2007-06-17 16:40:45 - Service Pack 2 NTFS

 

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\Program\inetget2

C:\Program\video activex access

C:\WINDOWS\b136.exe

C:\WINDOWS\system32\drivers\core.cache.dsk

C:\WINDOWS\system32\drivers\core.sys

 

 

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

-------\LEGACY_CORE

-------\core

 

 

((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))

 

 

2007-06-17 10:59 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-17 00:07 <KAT> d-------- C:\Program\DAEMON Tools

2007-06-17 00:02 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-06-16 08:14 <KAT> d-------- C:\Program\XoftSpySE

2007-06-16 08:12 <KAT> d-------- C:\Program\Riva

2007-06-15 22:57 <KAT> d-------- C:\DOCUME~1\Mattias\Shared

2007-06-15 22:57 <KAT> d-------- C:\DOCUME~1\Mattias\Incomplete

2007-06-15 22:57 <KAT> d-------- C:\DOCUME~1\Mattias\APPLIC~1\LimeWire

2007-06-15 22:56 <KAT> d-------- C:\Program\LimeWire

2007-06-15 21:44 <KAT> d-------- C:\Fraps

2007-06-15 21:31 <KAT> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-06-14 22:26 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

2007-06-14 21:59 <KAT> d-------- C:\Program\Nokia

2007-06-14 07:29 <KAT> d-------- C:\Program\Microsoft CAPICOM 2.1.0.2

2007-06-13 17:44 <KAT> d-------- C:\DOCUME~1\SKENHE~1\Lokala instllningar

2007-06-13 13:02 <KAT> d-------- C:\Program\Delade filer\LogiShrd

2007-06-13 13:02 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech

2007-06-13 13:01 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd

2007-06-13 12:38 <KAT> d-------- C:\DOCUME~1\Mattias\Lokala instllningar

2007-06-13 12:05 <KAT> d-------- C:\Program\Delade filer\Adobe Systems Shared

2007-06-13 12:05 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

2007-06-12 15:00 <KAT> d-------- C:\Program\WinPop

2007-06-10 22:02 <KAT> d-------- C:\Program\Xilisoft

2007-06-10 22:02 <KAT> d-------- C:\Program\QuickTime

2007-06-10 21:13 <KAT> d-------- C:\WINDOWS\nview

2007-06-10 21:12 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2007-06-10 21:12 <KAT> d-------- C:\NVIDIA

2007-06-10 20:51 <KAT> d-------- C:\WINDOWS\system32\ReinstallBackups

2007-06-10 20:26 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll

2007-06-10 20:26 7,700,480 --a------ C:\WINDOWS\system32\nvcpl.dll

2007-06-10 20:26 5,644,288 --a------ C:\WINDOWS\system32\nvoglnt.dll

2007-06-10 20:26 4,543,616 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-06-10 20:26 35,840 --a------ C:\WINDOWS\system32\nvcodins.dll

2007-06-10 20:26 35,840 --a------ C:\WINDOWS\system32\nvcod.dll

2007-06-10 20:26 327,680 --a------ C:\WINDOWS\system32\nvwrses.dll

2007-06-10 20:26 319,488 --a------ C:\WINDOWS\system32\nvwrsit.dll

2007-06-10 20:26 319,488 --a------ C:\WINDOWS\system32\nvwrsfr.dll

2007-06-10 20:26 311,296 --a------ C:\WINDOWS\system32\nvwrsptb.dll

2007-06-10 20:26 311,296 --a------ C:\WINDOWS\system32\nvwrsnl.dll

2007-06-10 20:26 303,104 --a------ C:\WINDOWS\system32\nvwrsde.dll

2007-06-10 20:26 3,988,384 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-06-10 20:26 294,912 --a------ C:\WINDOWS\system32\nvwrsno.dll

2007-06-10 20:26 294,912 --a------ C:\WINDOWS\system32\nvwrsfi.dll

2007-06-10 20:26 290,816 --a------ C:\WINDOWS\system32\nvwrssv.dll

2007-06-10 20:26 290,816 --a------ C:\WINDOWS\system32\nvwrsda.dll

2007-06-10 20:26 266,240 --a------ C:\WINDOWS\system32\nvrsfr.dll

2007-06-10 20:26 262,144 --a------ C:\WINDOWS\system32\nvrsit.dll

2007-06-10 20:26 262,144 --a------ C:\WINDOWS\system32\nvrses.dll

2007-06-10 20:26 258,048 --a------ C:\WINDOWS\system32\nvrsnl.dll

2007-06-10 20:26 258,048 --a------ C:\WINDOWS\system32\nvrsde.dll

2007-06-10 20:26 249,856 --a------ C:\WINDOWS\system32\nvrsptb.dll

2007-06-10 20:26 249,856 --a------ C:\WINDOWS\system32\nvrsja.dll

2007-06-10 20:26 245,760 --a------ C:\WINDOWS\system32\nvrsko.dll

2007-06-10 20:26 237,568 --a------ C:\WINDOWS\system32\nvrssv.dll

2007-06-10 20:26 237,568 --a------ C:\WINDOWS\system32\nvrsno.dll

2007-06-10 20:26 237,568 --a------ C:\WINDOWS\system32\nvrsda.dll

2007-06-10 20:26 229,376 --a------ C:\WINDOWS\system32\nvrsfi.dll

2007-06-10 20:26 208,896 --a------ C:\WINDOWS\system32\nvwrsja.dll

2007-06-10 20:26 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe

2007-06-10 20:26 208,896 --a------ C:\WINDOWS\system32\nvrszhc.dll

2007-06-10 20:26 192,512 --a------ C:\WINDOWS\system32\nvwrsko.dll

2007-06-10 20:26 163,840 --a------ C:\WINDOWS\system32\nvwrszht.dll

2007-06-10 20:26 159,810 --a------ C:\WINDOWS\system32\nvsvc32.exe

2007-06-10 20:26 159,744 --a------ C:\WINDOWS\system32\nvwrszhc.dll

2007-06-10 20:26 114,688 --a------ C:\WINDOWS\system32\nvrszht.dll

2007-06-09 14:53 <KAT> d-------- C:\Program\Disc2Phone

2007-06-09 14:40 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2007-06-09 08:10 <KAT> d-------- C:\Program\SmartFTP Client

2007-06-09 08:10 <KAT> d-------- C:\DOCUME~1\Mattias\APPLIC~1\SmartFTP

2007-06-09 07:56 <KAT> d-------- C:\Program\Staff-FTP

2007-06-08 21:59 <KAT> d-------- C:\ATI

2007-06-06 21:39 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision

2007-06-06 21:25 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2007-06-06 21:25 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-06-06 21:25 <KAT> d-------- C:\Program\Delade filer\Macromedia Shared

2007-06-06 10:30 <KAT> d-------- C:\Program\Maxis

2007-06-06 10:29 304,640 --a------ C:\WINDOWS\IsUn041d.exe

2007-06-06 10:29 <KAT> d-------- C:\DOCUME~1\Therese\WINDOWS

2007-06-04 17:51 <KAT> d-------- C:\Program\Majesco Entertainment

2007-06-04 17:28 <KAT> d-------- C:\Program\PowerISO

2007-06-04 15:22 <KAT> d-------- C:\Program\Logitech

2007-06-04 14:07 <KAT> d-------- C:\Program\Ubisoft

2007-06-04 13:26 <KAT> d-------- C:\Program\HyperLobbyPro3

2007-06-03 21:52 <KAT> d-------- C:\Program\MSXML 4.0

2007-06-03 13:54 <KAT> d-------- C:\Program\Guitar Pro 5

2007-06-03 11:05 <KAT> d-------- C:\WINDOWS\system32\sv-se

2007-06-03 10:50 <KAT> d-------- C:\Program\Photo Story 3 for Windows

2007-06-03 10:47 <KAT> d-------- C:\Program\Windows Defender

2007-06-02 18:54 <KAT> d-------- C:\DOCUME~1\Mattias\APPLIC~1\Ahead

2007-06-02 18:52 <KAT> d-------- C:\Program\Nero

2007-06-02 18:52 <KAT> d-------- C:\Program\Delade filer\Ahead

2007-06-02 18:52 <KAT> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero

2007-06-02 18:44 745,472 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-06-02 18:44 719,872 --a------ C:\WINDOWS\system32\devil.dll

2007-06-02 18:44 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-06-02 18:44 308,224 --a------ C:\WINDOWS\system32\avisynth.dll

2007-06-02 18:44 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-06-02 18:44 <KAT> d-------- C:\Program\DIKO

2007-06-02 18:43 <KAT> d-------- C:\Program\VideoLAN

2007-06-02 18:43 <KAT> d-------- C:\DOCUME~1\Mattias\APPLIC~1\vlc

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-09 12:48:16 63,572 ----a-w C:\WINDOWS\system32\perfc01D.dat

2007-06-09 12:48:16 386,352 ----a-w C:\WINDOWS\system32\perfh01D.dat

2007-06-04 16:10:53 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-06-01 16:23:43 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe

2007-05-28 16:33:32 -------- d-----w C:\Program\Onlinetjänster

2007-05-11 15:30:16 25,888 ----a-w C:\WINDOWS\system32\drivers\LVPr2Mon.sys

2007-05-11 15:29:54 2,142,752 ----a-w C:\WINDOWS\system32\drivers\LVMVdrv.sys

2007-05-11 15:27:58 2,107,808 ----a-w C:\WINDOWS\system32\drivers\Lvckap.sys

2007-04-25 14:22:55 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-19 11:26:00 888,832 ----a-w C:\WINDOWS\system32\nvmobls.dll

2007-04-19 11:26:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll

2007-04-19 11:26:00 794,624 ----a-w C:\WINDOWS\system32\nvcplui.exe

2007-04-19 11:26:00 581,632 ----a-w C:\WINDOWS\system32\nvhwvid.dll

2007-04-19 11:26:00 5,619,712 ----a-w C:\WINDOWS\system32\nvdisps.dll

2007-04-19 11:26:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-04-19 11:26:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-04-19 11:26:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe

2007-04-19 11:26:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe

2007-04-19 11:26:00 311,296 ----a-w C:\WINDOWS\system32\nvexpbar.dll

2007-04-19 11:26:00 3,035,136 ----a-w C:\WINDOWS\system32\nvgames.dll

2007-04-19 11:26:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-04-19 11:26:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll

2007-04-19 11:26:00 212,992 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-04-19 11:26:00 2,924,544 ----a-w C:\WINDOWS\system32\nvvitvs.dll

2007-04-19 11:26:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll

2007-04-19 11:26:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe

2007-04-19 11:26:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll

2007-04-19 11:26:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe

2007-04-19 11:26:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll

2007-04-19 11:26:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe

2007-04-19 11:26:00 1,236,992 ----a-w C:\WINDOWS\system32\nvwss.dll

2007-04-19 11:26:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll

2007-04-19 11:26:00 1,011,712 ----a-w C:\WINDOWS\system32\nvcpluir.dll

2007-04-18 16:14:40 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-03-17 13:45:59 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program\google\googletoolbar2.dll [2007-05-30 16:45]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]

"cctray"="C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-06-14 19:14]

"CAVRID"="C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-05-31 07:59]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"NeroFilterCheck"="C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

"PWRISOVM.EXE"="C:\Program\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]

"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]

"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]

"LogitechCommunicationsManager"="C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]

"QOELOADER"="C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe" [2007-06-14 19:14]

"XoftSpySE"="C:\Program\XoftSpySE\xoftspy.exe" [2007-03-30 20:05]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:34]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

"swg"="C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-30 16:45]

"DNA"="C:\Program\BitTorrent_DNA\dna.exe" [2007-05-30 20:10]

"BitTorrent"="C:\Program\BitTorrent\bittorrent.exe" [2007-03-02 01:11]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-28 17:50:16 C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Mattias at 18 50.job

2007-06-17 14:52:03 C:\WINDOWS\tasks\MP Scheduled Scan.job

2007-06-17 15:00:03 C:\WINDOWS\tasks\XoftSpySE 2.job

2007-06-16 06:14:29 C:\WINDOWS\tasks\XoftSpySE.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-17 16:59:37

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

Completion time: 2007-06-17 17:13:09 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-17 17:12

 

--- E O F ---[/log]

 

[Cecilia]

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck Y för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i filen i ditt svar här.

 

[log]Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Välj alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix. [/log]

 

[tankado]

Här är resultaten:

 

SDFix Report:

[log]

SDFix: Version 1.88

 

Run by Mattias on 2007-06-17 at 22:30

 

Microsoft Windows XP [Version 5.1.2600]

 

Running From: C:\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing SharedAccess Service

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

No Trojan Files Found

 

 

 

 

Removing Temp Files...

 

ADS Check:

 

Checking C:\WINDOWSC:\WINDOWS

No streams found.

 

Checking C:\WINDOWS\system32

C:\WINDOWS\system32

No streams found.

 

Checking C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

No streams found.

 

Checking C:\WINDOWS\system32\ntoskrnl.exe

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program\\LimeWire\\LimeWire.exe"="C:\\Program\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program\\BitTorrent_DNA\\dna.exe"="C:\\Program\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"

"C:\\Program\\BitTorrent\\bittorrent.exe"="C:\\Program\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files:

---------------

 

 

Listing Files with Hidden Attributes:

 

C:\Documents and Settings\Mattias\Lokala inst„llningar\Application Data\Microsoft\Messenger\cob_lake_bodom@hotmail.com\Sharing Folders\deathisthegift@hotmail.com\Elin\Thumbs.db

C:\Documents and Settings\Mattias\Lokala inst„llningar\Application Data\Microsoft\Messenger\cob_lake_bodom@hotmail.com\Sharing Folders\deathisthegift@hotmail.com\Jag\Thumbs.db

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

C:\WINDOWS\system32\config\default.tmp.LOG

C:\WINDOWS\system32\config\SAM.tmp.LOG

C:\WINDOWS\system32\config\SECURITY.tmp.LOG

C:\WINDOWS\system32\config\software.tmp.LOG

C:\WINDOWS\system32\config\system.tmp.LOG

 

Listing User Accounts:

 

Anv„ndarkonton f”r \\CRIBZOR-BDCCFA7

 

Administrat”r ASPNET G„st

Hj„lpassistent Mattias Skenheten & Odjuret

SUPPORT_388945a0 Therese

Kommandot har utf”rts.

 

 

Finished [/log]

 

och SmitfraudFix (by S!Ri) rapport:

 

[log]SmitFraudFix v2.195

 

Scan done at 22:56:35,67, 2007-06-17

Run from C:\Documents and Settings\Mattias\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\BitTorrent_DNA\dna.exe

C:\Program\BitTorrent\bittorrent.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mattias

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mattias\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»»

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Broadcom NetXtreme 57xx Gigabit Controller - Miniport för paketschemaläggning

DNS Server Search Order: 83.255.249.10

DNS Server Search Order: 83.255.245.10

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{63714CE6-F38C-4776-BA38-25095B865493}: DhcpNameServer=83.255.249.10 83.255.245.10

HKLM\SYSTEM\CS1\Services\Tcpip\..\{63714CE6-F38C-4776-BA38-25095B865493}: DhcpNameServer=83.255.249.10 83.255.245.10

HKLM\SYSTEM\CS2\Services\Tcpip\..\{63714CE6-F38C-4776-BA38-25095B865493}: DhcpNameServer=83.255.249.10 83.255.245.10

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=83.255.249.10 83.255.245.10

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=83.255.249.10 83.255.245.10

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=83.255.249.10 83.255.245.10

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End[/log]

 

[Cecilia]

Ladda ner Deckard's System Scanner till Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

Avsluta alla program.

Kör programmet och följ anvisningarna som visas.

När det är klart så skapas två loggfiler, main.txt och extra.txt i samma mapp som skannern ligger i. Klistra in dem här.

 

Eftersom det finns fler konton i datorn så logga in på de andra kontona (Skenheten & Odjuret resp. Therese) och skapa en HijackThis-logg från vardera kontot.

 

[tankado]

Här följer loggarna:

 

Deckard's System Scanner main logg:

[log]Deckard's System Scanner v20070611.50

Run by Mattias on 2007-06-18 at 12:11:41

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 5 Restore Point(s) --

62: 2007-06-18 10:11:50 UTC - RP62 - Deckard's System Scanner Restore Point

61: 2007-06-16 22:28:24 UTC - RP61 - Windows Defender Checkpoint

60: 2007-06-16 22:02:58 UTC - RP60 - SPTD setup V1.43

59: 2007-06-16 19:47:01 UTC - RP59 - Windows Defender Checkpoint

58: 2007-06-15 10:57:48 UTC - RP58 - Software Distribution Service 2.0

 

 

-- First Restore Point --

1: 2007-05-28 16:46:20 UTC - RP1 - Systemkontrollpunkt

 

 

Backed up registry hives.

 

Performed disk cleanup.

 

 

-- HijackThis (run as Mattias.exe) ---------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 12:12:47, on 2007-06-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\BitTorrent_DNA\dna.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Documents and Settings\Mattias\Lokala inställningar\Temporary Internet Files\Content.IE5\3LT06VF1\dss[1].exe

C:\Program\HIJACK~1\Mattias.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [DNA] "C:\Program\BitTorrent_DNA\dna.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Program\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: ubisoft register.lnk = C:\Program\Ubisoft\Eagle Dynamics\Lock On\Register\schedule.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204'>http://go.microsoft.com/fwlink/?linkid=39204'>http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180715641734'>http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180715641734'>http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180715641734

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

 

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - DefaultIcon - C:\Program\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2

.js - JSFile - shell\open\command - "C:\Program\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

R2 windrvNT - c:\windows\system32\windrvnt.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

S2 nlsvc (NetLimiter) - "c:\program\netlimiter 2 pro\nlsvc.exe" <Not Verified; Locktime Software; NetLimiter 2 Pro>

S3 NBService - c:\program\nero\nero 7\nero backitup\nbservice.exe

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-06-18 08:20:20 318 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

2007-06-18 08:17:36 412 --a------ C:\WINDOWS\Tasks\XoftSpySE 2.job

2007-06-16 08:14:29 342 --a------ C:\WINDOWS\Tasks\XoftSpySE.job

2007-05-28 19:50:16 494 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Mattias at 18 50.job

 

 

-- Files created between 2007-05-18 and 2007-06-18 -----------------------------

 

2007-06-18 11:47:51 0 d-------- C:\Documents and Settings\Mattias\Application Data\Locktime

2007-06-18 11:47:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Locktime

2007-06-18 11:46:55 0 d-------- C:\Program\NetLimiter 2 Pro

2007-06-17 22:57:21 2928 --a------ C:\WINDOWS\system32\tmp.reg

2007-06-17 18:42:51 35363 --a------ C:\WINDOWS\system32\windrvNT.sys

2007-06-17 18:42:51 110592 --a------ C:\WINDOWS\system32\suppdll.dll

2007-06-17 18:42:51 77824 --a------ C:\WINDOWS\system32\FLKill.exe <Not Verified; USPTO; Project1>

2007-06-17 18:42:50 0 d-------- C:\Program\Folder Lock

2007-06-17 16:48:34 0 d-------- C:\Avenger

2007-06-17 00:07:38 0 d-------- C:\Program\DAEMON Tools

2007-06-17 00:02:59 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-06-16 08:14:27 0 d-------- C:\Program\XoftSpySE

2007-06-16 08:12:22 0 d-------- C:\Program\Riva

2007-06-15 22:57:45 0 d-------- C:\Documents and Settings\Mattias\Incomplete

2007-06-15 22:57:29 0 d-------- C:\Documents and Settings\Mattias\Application Data\LimeWire

2007-06-15 22:56:42 0 d-------- C:\Program\LimeWire

2007-06-15 21:44:50 0 d-------- C:\Fraps

2007-06-15 21:31:57 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2007-06-14 22:26:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2007-06-14 21:59:04 0 d-------- C:\Program\Nokia

2007-06-14 07:29:25 0 d-------- C:\Program\Microsoft CAPICOM 2.1.0.2

2007-06-13 17:44:00 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Lokala instllningar

2007-06-13 17:42:45 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Adobe

2007-06-13 13:02:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2007-06-13 13:02:33 0 d-------- C:\Program\Delade filer\LogiShrd

2007-06-13 13:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd

2007-06-13 12:38:09 0 d-------- C:\Documents and Settings\Mattias\Lokala instllningar

2007-06-13 12:37:36 0 d-------- C:\Documents and Settings\Mattias\Application Data\Adobe

2007-06-13 12:05:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2007-06-13 12:05:30 0 d-------- C:\Program\Delade filer\Adobe Systems Shared

2007-06-13 12:04:48 0 d-------- C:\Program\Delade filer\Adobe

2007-06-13 12:04:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2007-06-12 15:00:45 0 d-------- C:\Program\WinPop

2007-06-10 22:02:19 0 d-------- C:\Program\QuickTime

2007-06-10 22:02:15 0 d-------- C:\Program\Xilisoft

2007-06-10 21:13:16 0 d-------- C:\WINDOWS\nview

2007-06-10 21:12:48 0 d-------- C:\NVIDIA

2007-06-10 20:51:00 0 d-------- C:\WINDOWS\system32\ReinstallBackups

2007-06-09 14:53:07 0 d-------- C:\Program\Disc2Phone

2007-06-09 14:40:41 0 d-------- C:\WINDOWS\system32\URTTemp

2007-06-09 08:10:12 0 d-------- C:\Documents and Settings\Mattias\Application Data\SmartFTP

2007-06-09 08:10:05 0 d-------- C:\Program\SmartFTP Client

2007-06-09 07:56:19 0 d-------- C:\Program\Staff-FTP

2007-06-08 21:59:53 0 d-------- C:\ATI

2007-06-06 21:39:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision

2007-06-06 21:25:18 0 d-------- C:\Program\Delade filer\Macromedia Shared

2007-06-06 21:24:38 0 d-------- C:\Program\Delade filer\Macromedia

2007-06-06 21:23:31 0 d-------- C:\Program\Macromedia

2007-06-06 10:30:35 0 d-------- C:\Program\Maxis

2007-06-06 10:29:20 304640 --a------ C:\WINDOWS\IsUn041d.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>

2007-06-06 10:29:17 0 d-------- C:\Documents and Settings\Therese\WINDOWS

2007-06-04 17:51:32 0 d-------- C:\Program\Majesco Entertainment

2007-06-04 17:28:39 0 d-------- C:\Program\PowerISO

2007-06-04 15:22:29 0 d-------- C:\Program\Logitech

2007-06-04 14:07:46 0 d-------- C:\Program\Ubisoft

2007-06-04 13:26:32 0 d-------- C:\Program\HyperLobbyPro3

2007-06-03 21:52:20 0 d-------- C:\Program\MSXML 4.0

2007-06-03 13:54:40 0 d-------- C:\Program\Guitar Pro 5

2007-06-03 11:05:07 0 d-------- C:\WINDOWS\system32\sv-se

2007-06-03 10:50:41 0 d-------- C:\Program\Photo Story 3 for Windows

2007-06-03 10:47:35 0 d-------- C:\Program\Windows Defender

2007-06-02 18:54:17 0 d-------- C:\Documents and Settings\Mattias\Application Data\Ahead

2007-06-02 18:52:35 0 d-------- C:\Program\Nero

2007-06-02 18:52:35 0 d-------- C:\Program\Delade filer\Ahead

2007-06-02 18:52:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2007-06-02 18:44:47 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll

2007-06-02 18:44:47 745472 --a------ C:\WINDOWS\system32\xvidcore.dll

2007-06-02 18:44:47 719872 --a------ C:\WINDOWS\system32\devil.dll <Not Verified; Abysmal Software; Developer's Image Library (DevIL)>

2007-06-02 18:44:47 308224 --a------ C:\WINDOWS\system32\avisynth.dll <Not Verified; The Public; Avisynth 2.5>

2007-06-02 18:44:36 0 d-------- C:\Program\DIKO

2007-06-02 18:43:37 0 d-------- C:\Documents and Settings\Mattias\Application Data\vlc

2007-06-02 18:43:10 0 d-------- C:\Program\VideoLAN

2007-06-02 09:59:24 0 d-------- C:\Documents and Settings\Therese\Application Data\Macromedia

2007-06-01 21:09:31 0 d-------- C:\Program\Windows Media Connect 2

2007-06-01 21:07:18 0 d-------- C:\WINDOWS\system32\LogFiles

2007-06-01 21:07:18 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2007-06-01 19:02:19 0 d-------- C:\WINDOWS\network diagnostic

2007-06-01 18:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2007-06-01 18:33:04 0 d--hs---- C:\Documents and Settings\Mattias\UserData

2007-05-31 21:45:57 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Macromedia

2007-05-31 19:26:14 0 d-------- C:\Program\directX

2007-05-31 18:22:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2007-05-31 18:17:05 0 d-------- C:\Documents and Settings\Mattias\Application Data\BitTorrent

2007-05-31 18:02:17 0 d-------- C:\Program\EA GAMES

2007-05-31 18:02:16 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>

2007-05-31 16:52:00 0 d-------- C:\Documents and Settings\Therese\Application Data\Talkback

2007-05-31 16:51:50 0 d-------- C:\Documents and Settings\Therese\Application Data\Mozilla

2007-05-31 15:41:25 0 d-------- C:\Program\EPSON

2007-05-31 08:04:17 0 d-------- C:\Program\Delade filer\Scanner

2007-05-30 22:01:10 0 d-------- C:\WINDOWS\system32\PreInstall

2007-05-30 22:01:07 0 d--h----- C:\WINDOWS\$hf_mig$

2007-05-30 21:42:20 0 d-------- C:\Documents and Settings\Mattias\Application Data\Sun

2007-05-30 20:46:40 0 d-------- C:\Program\FLVPlayer

2007-05-30 20:21:03 552 --a------ C:\WINDOWS\system32\d3d8caps.dat

2007-05-30 20:13:12 0 d-------- C:\Program Files

2007-05-30 20:12:48 0 d-------- C:\Program\BitTorrent

2007-05-30 20:10:04 0 d-------- C:\Program\BitTorrent_DNA

2007-05-30 20:10:04 0 d-------- C:\Documents and Settings\Mattias\Application Data\DNA

2007-05-30 19:55:39 0 d-------- C:\Documents and Settings\Mattias\Application Data\Macromedia

2007-05-30 19:52:02 0 d-------- C:\Documents and Settings\Mattias\Application Data\Google

2007-05-30 19:32:01 0 d-------- C:\Documents and Settings\Therese\Application Data\Google

2007-05-30 17:50:27 0 d-------- C:\Documents and Settings\Therese\Contacts

2007-05-30 16:45:05 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Google

2007-05-30 16:27:48 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\cbt

2007-05-30 16:27:24 0 d-------- C:\WINDOWS\Sun

2007-05-30 16:27:24 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Sun

2007-05-30 16:27:09 0 d-------- C:\Program\Google

2007-05-30 16:27:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Google

2007-05-30 16:26:06 0 d-------- C:\Program\Java

2007-05-30 16:23:29 0 d-------- C:\Program\Delade filer\Java

2007-05-30 16:16:36 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Talkback

2007-05-30 16:16:11 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Mozilla

2007-05-30 16:07:27 0 d-------- C:\Program\Game_Maker6

2007-05-30 16:07:17 0 d-------- C:\WINDOWS\CAVTemp

2007-05-30 16:07:08 0 d-------- C:\Documents and Settings\Mattias\Contacts

2007-05-30 16:05:35 0 d-------- C:\WINDOWS\Downloaded Installations

2007-05-30 16:05:19 0 d------c- C:\WINDOWS\system32\DRVSTORE

2007-05-30 16:04:50 0 d-------- C:\Program\MSN Messenger

2007-05-30 15:59:10 1132 --a------ C:\WINDOWS\mozver.dat

2007-05-30 15:56:46 0 d-------- C:\Documents and Settings\Mattias\Application Data\Talkback

2007-05-30 15:56:38 0 --a------ C:\WINDOWS\nsreg.dat

2007-05-30 15:56:36 0 d-------- C:\Documents and Settings\Mattias\Application Data\Mozilla

2007-05-30 15:46:21 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-05-30 15:45:04 0 d-------- C:\Program\Broadcom

2007-05-29 17:38:29 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Identities

2007-05-29 17:38:13 0 d--h----- C:\Documents and Settings\Skenheten & Odjuret\Skrivare

2007-05-29 17:38:13 0 dr-h----- C:\Documents and Settings\Skenheten & Odjuret\SendTo

2007-05-29 17:38:13 0 dr-h----- C:\Documents and Settings\Skenheten & Odjuret\Recent

2007-05-29 17:38:13 0 d--h----- C:\Documents and Settings\Skenheten & Odjuret\Nätverket

2007-05-29 17:38:13 0 dr------- C:\Documents and Settings\Skenheten & Odjuret\Mina dokument

2007-05-29 17:38:13 0 d--h----- C:\Documents and Settings\Skenheten & Odjuret\Mallar

2007-05-29 17:38:13 0 d--h----- C:\Documents and Settings\Skenheten & Odjuret\Lokala inställningar

2007-05-29 17:38:13 0 dr------- C:\Documents and Settings\Skenheten & Odjuret\Favoriter

2007-05-29 17:38:13 0 d--hs---- C:\Documents and Settings\Skenheten & Odjuret\Cookies

2007-05-29 17:38:13 0 dr-h----- C:\Documents and Settings\Skenheten & Odjuret\Application Data

2007-05-29 17:38:13 0 d---s---- C:\Documents and Settings\Skenheten & Odjuret\Application Data\Microsoft

2007-05-29 17:38:12 0 dr------- C:\Documents and Settings\Skenheten & Odjuret\Start-meny

2007-05-29 17:38:12 0 d-------- C:\Documents and Settings\Skenheten & Odjuret\Skrivbord

2007-05-29 17:38:12 2097152 --ah----- C:\Documents and Settings\Skenheten & Odjuret\NTUSER.DAT

2007-05-28 20:24:04 0 d--hs---- C:\WINDOWS\Installer

2007-05-28 20:24:04 0 d-------- C:\Program\Delade filer\ODBC

2007-05-28 20:23:59 0 d-------- C:\Program\Delade filer\SpeechEngines

2007-05-28 20:23:58 0 dr------- C:\Program

2007-05-28 20:23:58 0 d-------- C:\Program\Delade filer

2007-05-28 20:23:58 0 d-------- C:\Program\Delade filer\Microsoft Shared

2007-05-28 20:23:13 0 dr------- C:\Documents and Settings\Default User\Start-meny

2007-05-28 20:23:13 0 d-------- C:\Documents and Settings\Default User\Skrivbord

2007-05-28 20:23:13 0 d--h----- C:\Documents and Settings\Default User\Skrivare

2007-05-28 20:23:13 0 dr-h----- C:\Documents and Settings\Default User\SendTo

2007-05-28 20:23:13 0 d--h----- C:\Documents and Settings\Default User\Recent

2007-05-28 20:23:13 0 d--h----- C:\Documents and Settings\Default User\Nätverket

2007-05-28 20:23:13 0 d-------- C:\Documents and Settings\Default User\Mina dokument

2007-05-28 20:23:13 0 d--h----- C:\Documents and Settings\Default User\Mallar

2007-05-28 20:23:13 0 dr-h----- C:\Documents and Settings\Default User\Lokala inställningar

2007-05-28 20:23:13 0 d-------- C:\Documents and Settings\Default User\Favoriter

2007-05-28 20:23:13 0 d--hs---- C:\Documents and Settings\Default User\Cookies

2007-05-28 20:23:13 0 dr------- C:\Documents and Settings\All Users\Start-meny

2007-05-28 20:23:13 0 d-------- C:\Documents and Settings\All Users\Skrivbord

2007-05-28 20:23:13 0 d--h----- C:\Documents and Settings\All Users\Mallar

2007-05-28 20:23:13 0 d-------- C:\Documents and Settings\All Users\Favoriter

2007-05-28 20:23:13 0 dr------- C:\Documents and Settings\All Users\Dokument

2007-05-28 20:20:58 0 d-------- C:\WINDOWS\system32\CatRoot2

2007-05-28 20:20:58 0 d-------- C:\WINDOWS\system32\CatRoot

2007-05-28 20:20:53 0 dr-h----- C:\Documents and Settings\Default User\Application Data

2007-05-28 20:20:53 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft

2007-05-28 20:20:52 0 dr-h----- C:\Documents and Settings\All Users\Application Data

2007-05-28 20:20:52 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft

2007-05-28 20:20:32 0 d--hs---- C:\System Volume Information

2007-05-28 20:20:32 0 d-------- C:\Documents and Settings

2007-05-28 20:14:29 0 d-------- C:\WINDOWS

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\WinSxS

2007-05-28 20:14:29 0 dr------- C:\WINDOWS\Web

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\twain_32

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\wins

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\wbem

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\usmt

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\spool

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\ShellExt

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\Setup

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\ras

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\oobe

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\npp

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\mui

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\inetsrv

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\IME

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\icsxml

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\ias

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\export

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\drivers

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\drivers\etc

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\drivers\disdn

2007-05-28 20:14:29 0 dr-hs--c- C:\WINDOWS\system32\dllcache

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\dhcp

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\config

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\3com_dmi

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\3076

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\2052

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1054

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1053

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1042

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1041

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1037

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1033

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1031

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1028

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system32\1025

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\system

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\security

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Resources

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\repair

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Provisioning

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\PeerNet

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\pchealth

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\mui

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\msapps

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\msagent

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Media

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\java

2007-05-28 20:14:29 0 d--h----- C:\WINDOWS\inf

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\ime

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Help

2007-05-28 20:14:29 0 dr--s---- C:\WINDOWS\Fonts

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Driver Cache

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Debug

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Cursors

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Connection Wizard

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\Config

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\AppPatch

2007-05-28 20:14:29 0 d-------- C:\WINDOWS\addins

2007-05-28 19:11:41 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll

2007-05-28 19:11:41 17212 --a------ C:\WINDOWS\system32\SIntf32.dll

2007-05-28 19:11:41 12067 --a------ C:\WINDOWS\system32\SIntf16.dll

2007-05-28 19:10:38 0 d-------- C:\Documents and Settings\Therese\Application Data\Identities

2007-05-28 19:10:31 0 dr------- C:\Documents and Settings\Therese\Start-meny

2007-05-28 19:10:31 0 d-------- C:\Documents and Settings\Therese\Skrivbord

2007-05-28 19:10:31 0 d--h----- C:\Documents and Settings\Therese\Skrivare

2007-05-28 19:10:31 0 dr-h----- C:\Documents and Settings\Therese\SendTo

2007-05-28 19:10:31 0 dr-h----- C:\Documents and Settings\Therese\Recent

2007-05-28 19:10:31 0 d--h----- C:\Documents and Settings\Therese\Nätverket

2007-05-28 19:10:31 2097152 --ah----- C:\Documents and Settings\Therese\NTUSER.DAT

2007-05-28 19:10:31 0 dr------- C:\Documents and Settings\Therese\Mina dokument

2007-05-28 19:10:31 0 d--h----- C:\Documents and Settings\Therese\Mallar

2007-05-28 19:10:31 0 d--h----- C:\Documents and Settings\Therese\Lokala inställningar

2007-05-28 19:10:31 0 dr------- C:\Documents and Settings\Therese\Favoriter

2007-05-28 19:10:31 0 d--hs---- C:\Documents and Settings\Therese\Cookies

2007-05-28 19:10:31 0 dr-h----- C:\Documents and Settings\Therese\Application Data

2007-05-28 19:10:31 0 d---s---- C:\Documents and Settings\Therese\Application Data\Microsoft

2007-05-28 18:54:17 0 d-------- C:\Program\Delade filer\L&H

2007-05-28 18:54:02 0 d-------- C:\Program\Microsoft.NET

2007-05-28 18:53:43 0 d-------- C:\Program\Microsoft ActiveSync

2007-05-28 18:52:22 0 d-------- C:\Program\Delade filer\DESIGNER

2007-05-28 18:52:17 0 d-------- C:\Program\Microsoft Works

2007-05-28 18:52:03 0 d-------- C:\WINDOWS\SHELLNEW

2007-05-28 18:50:57 0 dr-h----- C:\MSOCache

2007-05-28 18:49:05 0 d-------- C:\Documents and Settings\All Users\Application Data\CA

2007-05-28 18:49:04 0 d-------- C:\Program\CA

2007-05-28 18:47:25 0 d-------- C:\WINDOWS\VirtualEar

2007-05-28 18:47:25 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>

2007-05-28 18:47:25 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>

2007-05-28 18:47:25 65536 --a------ C:\WINDOWS\system32\Audio3d.dll <Not Verified; Sensaura Ltd; Sensaura>

2007-05-28 18:47:25 0 d-------- C:\Program\Analog Devices

2007-05-28 18:47:24 0 d--h----- C:\Program\InstallShield Installation Information

2007-05-28 18:47:16 0 d-------- C:\Program\Delade filer\InstallShield

2007-05-28 18:46:51 0 d-------- C:\dell

2007-05-28 18:46:10 0 d-------- C:\Documents and Settings\Mattias\Application Data\Identities

2007-05-28 18:45:56 0 dr------- C:\Documents and Settings\Mattias\Start-meny

2007-05-28 18:45:56 0 d-------- C:\Documents and Settings\Mattias\Skrivbord

2007-05-28 18:45:56 0 d--h----- C:\Documents and Settings\Mattias\Skrivare

2007-05-28 18:45:56 0 dr-h----- C:\Documents and Settings\Mattias\SendTo

2007-05-28 18:45:56 0 dr-h----- C:\Documents and Settings\Mattias\Recent

2007-05-28 18:45:56 0 d--h----- C:\Documents and Settings\Mattias\Nätverket

2007-05-28 18:45:56 3145728 --ah----- C:\Documents and Settings\Mattias\NTUSER.DAT

2007-05-28 18:45:56 0 dr------- C:\Documents and Settings\Mattias\Mina dokument

2007-05-28 18:45:56 0 d--h----- C:\Documents and Settings\Mattias\Mallar

2007-05-28 18:45:56 0 d--h----- C:\Documents and Settings\Mattias\Lokala inställningar

2007-05-28 18:45:56 0 d--hs---- C:\Documents and Settings\Mattias\Cookies

2007-05-28 18:45:56 0 dr-h----- C:\Documents and Settings\Mattias\Application Data

2007-05-28 18:45:05 0 d-------- C:\WINDOWS\SoftwareDistribution

2007-05-28 18:45:05 0 d-------- C:\WINDOWS\Prefetch

2007-05-28 18:45:04 0 d---s---- C:\WINDOWS\system32\Microsoft

2007-05-28 18:45:03 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT

2007-05-28 18:45:03 0 d--h----- C:\Documents and Settings\LocalService\Lokala inställningar

2007-05-28 18:45:03 0 d--hs---- C:\Documents and Settings\LocalService\Cookies

2007-05-28 18:45:03 0 d-------- C:\Documents and Settings\LocalService\Application Data

2007-05-28 18:45:03 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft

2007-05-28 18:37:36 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT

2007-05-28 18:37:36 0 d--h----- C:\Documents and Settings\NetworkService\Lokala inställningar

2007-05-28 18:37:36 0 d---s---- C:\Documents and Settings\NetworkService\Cookies

2007-05-28 18:37:36 0 d-------- C:\Documents and Settings\NetworkService\Application Data

2007-05-28 18:37:36 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft

2007-05-28 18:34:59 0 d-------- C:\WINDOWS\system32\xircom

2007-05-28 18:34:59 0 d-------- C:\Program\microsoft frontpage

2007-05-28 18:34:57 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT

2007-05-28 18:34:43 0 -rahs---- C:\MSDOS.SYS

2007-05-28 18:34:43 0 -rahs---- C:\IO.SYS

2007-05-28 18:34:43 0 --a------ C:\CONFIG.SYS

2007-05-28 18:34:43 0 --a------ C:\AUTOEXEC.BAT

2007-05-28 18:33:54 0 d--hs---- C:\Documents and Settings\All Users\DRM

2007-05-28 18:33:45 0 dr------- C:\WINDOWS\Offline Web Pages

2007-05-28 18:33:45 0 d---s---- C:\WINDOWS\Downloaded Program Files

2007-05-28 18:33:36 0 d--h----- C:\Program\WindowsUpdate

2007-05-28 18:33:32 0 d-------- C:\Program\Onlinetjänster

2007-05-28 18:33:12 0 d-------- C:\WINDOWS\system32\DirectX

2007-05-28 18:32:13 0 d-------- C:\Program\Delade filer\Services

2007-05-28 18:32:08 0 d---s---- C:\WINDOWS\Tasks

2007-05-28 18:32:06 0 d-------- C:\Program\Delade filer\MSSoap

2007-05-28 18:32:01 0 d-------- C:\WINDOWS\srchasst

2007-05-28 18:32:00 0 d-------- C:\WINDOWS\system32\Macromed

2007-05-28 18:31:48 0 d-------- C:\Program\Movie Maker

2007-05-28 18:31:33 0 d-------- C:\WINDOWS\system32\Restore

2007-05-28 18:31:09 0 d-------- C:\Program\Delade filer\System

2007-05-28 18:31:03 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-05-28 18:30:46 0 d-------- C:\WINDOWS\Registration

2007-05-28 18:30:15 0 d-------- C:\Program\Messenger

2007-05-28 18:30:10 0 d-------- C:\Program\MSN Gaming Zone

2007-05-28 18:29:13 0 d-------- C:\Program\Windows NT

2007-05-28 18:29:08 0 d-------- C:\WINDOWS\system32\MsDtc

2007-05-28 18:29:04 0 d-------- C:\WINDOWS\system32\Com

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-06-09 14:48:16 386352 --a------ C:\WINDOWS\system32\perfh01D.dat

2007-06-09 14:48:16 63572 --a------ C:\WINDOWS\system32\perfc01D.dat

2007-06-01 18:23:43 502272 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Operativsystemet Microsoft® Windows®>

2007-05-28 20:23:13 62 --ahs---- C:\Documents and Settings\Mattias\Application Data\desktop.ini

2007-04-19 13:26:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll

2007-04-19 13:26:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll

2007-04-19 13:26:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll

2007-04-19 13:26:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll

2007-04-19 13:26:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe

2007-04-19 13:26:00 1474560 --a------ C:\WINDOWS\system32\nview.dll

2007-04-19 13:26:00 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll

2007-04-19 13:26:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe

2007-04-19 13:26:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe

2007-04-19 13:26:00 212992 --a------ C:\WINDOWS\system32\nvapi.dll

2007-04-19 13:26:00 425984 --a------ C:\WINDOWS\system32\keystone.exe

 

 

-- Registry Dump ---------------------------------------------------------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program\Java\jre1.6.0_01\bin\ssv.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program\google\googletoolbar2.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SoundMAXPnP"="C:\\Program\\Analog Devices\\Core\\smax4pnp.exe"

"cctray"="\"C:\\Program\\CA\\CA Internet Security Suite\\cctray\\cctray.exe\""

"CAVRID"="\"C:\\Program\\CA\\CA Internet Security Suite\\CA Anti-Virus\\CAVRID.exe\""

"SunJavaUpdateSched"="\"C:\\Program\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

"NeroFilterCheck"="C:\\Program\\Delade filer\\Ahead\\Lib\\NeroCheck.exe"

"Windows Defender"="\"C:\\Program\\Windows Defender\\MSASCui.exe\" -hide"

"PWRISOVM.EXE"="C:\\Program\\PowerISO\\PWRISOVM.EXE"

"nwiz"="nwiz.exe /install"

"LogitechQuickCamRibbon"="\"C:\\Program\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"

"LogitechCommunicationsManager"="\"C:\\Program\\Delade filer\\LogiShrd\\LComMgr\\Communications_Helper.exe\""

"QOELOADER"="\"C:\\Program\\CA\\CA Internet Security Suite\\CA Anti-Spam\\QSP-5.1.17.0\\QOELoader.exe\""

"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MsnMsgr"="\"C:\\Program\\MSN Messenger\\MsnMsgr.Exe\" /background"

"swg"="C:\\Program\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

"DNA"="\"C:\\Program\\BitTorrent_DNA\\dna.exe\""

"BitTorrent"="\"C:\\Program\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program\\Delade filer\\Ahead\\Lib\\NMBgMonitor.exe\""

"DAEMON Tools"="\"C:\\Program\\DAEMON Tools\\daemon.exe\" -lang 1033"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0

 

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0

WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]

Shell\AutoRun\command E:\Autorun.exe

 

 

-- End of Deckard's System Scanner: finished at 2007-06-18 at 12:14:50 ---------[/log]

 

Deckard's System Scanner extra logg:

 

[log]Deckard's System Scanner v20070611.50

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Swedish

 

CPU 0: Intel® Pentium® 4 CPU 3.00GHz

Percentage of Memory in Use: 52%

Physical Memory (total/avail): 1022.09 MiB / 484.46 MiB

Pagefile Memory (total/avail): 2456.18 MiB / 1390.57 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1962.39 MiB

 

A: is Removable (No Media)

C: is Fixed (NTFS) - 149 GiB total, 100.26 GiB free.

D: is CDROM (No Media)

E: is CDROM (UDF)

F: is Fixed (FAT32) - 232.83 GiB total, 186.43 GiB free.

G: is CDROM (No Media)

H: is CDROM (No Media)

I: is CDROM (No Media)

J: is Removable (No Media)

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FirstRunDisabled is set.

 

AV: CA Anti-Virus v8.3.0.2 (CA, Inc.)

 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program\\LimeWire\\LimeWire.exe"="C:\\Program\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program\\BitTorrent_DNA\\dna.exe"="C:\\Program\\BitTorrent_DNA\\dna.exe:*:Enabled:DNA"

"C:\\Program\\BitTorrent\\bittorrent.exe"="C:\\Program\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Mattias\Application Data

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=CRIBZOR-BDCCFA7

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Mattias

LOGONSERVER=\\CRIBZOR-BDCCFA7

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\Program\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\Delade filer\Adobe\AGL

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Mattias\LOKALA~1\Temp

TMP=C:\DOCUME~1\Mattias\LOKALA~1\Temp

USERDOMAIN=CRIBZOR-BDCCFA7

USERNAME=Mattias

USERPROFILE=C:\Documents and Settings\Mattias

windir=C:\WINDOWS

__COMPAT_LAYER=EnableNXShowUI

 

 

-- User Profiles ---------------------------------------------------------------

 

Mattias (admin)

Skenheten & Odjuret (admin)

Therese (admin)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> C:\Program\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNRecode.exe /UNINSTALL

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock

Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}

Användarhandbok för ESPRX420 --> C:\Program\EPSON\TPMANUAL\ESPRX420\REF_G\DOCUNINS.EXE

BitTorrent 5.0.7 --> "C:\Program\BitTorrent\uninstall.exe"

Broadcom Gigabit Integrated Controller --> C:\Program\Delade filer\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1053

CA Anti-Spam --> "C:\Program\CA\CA Internet Security Suite\caunst.exe" /u /product=as

CA Anti-Spyware --> "C:\Program\CA\CA Internet Security Suite\caunst.exe" /u /product=pp

CA Anti-Virus --> "C:\Program\CA\CA Internet Security Suite\caunst.exe" /u /product=av

CA Pest Patrol Realtime Protection --> MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}

DIKO 2.31 --> "C:\Program\DIKO\unins000.exe"

Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}

DNA --> "C:\Program\BitTorrent_DNA\dna.exe" /UNINSTALL

Drivrutiner till Logitech® Camera --> "C:\Program\Delade filer\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

EPSON-skrivarprogramvara --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan --> C:\Program\epson\escndv\setup\setup.exe /r

ESPRX420 Programvaruguide --> C:\Program\EPSON\TPMANUAL\ESPRX420\PQU_G\DOCUNINS.EXE

FLV Player 1.3.3 --> "C:\Program\FLVPlayer\uninstall.exe"

Folder Lock --> C:\Program\Folder Lock\Uninstall.exe

Fraps (remove only) --> "C:\Fraps\uninstall.exe"

Game Maker 6.1 --> C:\Program\Game_Maker6\Uninstal.exe

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program\google\googletoolbar2.dll"

Guitar Pro 5.0 --> "C:\Program\Guitar Pro 5\unins000.exe"

Hijackthis 1.99.1 --> "C:\Program\Hijackthis\unins000.exe"

HijackThis 1.99.1 --> C:\Program\Hijackthis\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hyper Lobby Pro Client version 3.9.111 --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Hyper Lobby Pro Client version 3.9.111

Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Jaws Unleashed --> MsiExec.exe /X{E467A03B-C374-4EB8-A4AC-A3D9F807C6CF}

LimeWire 4.12.11 --> "C:\Program\LimeWire\uninstall.exe"

Lock On: Modern Air Combat --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}\setup.exe" -l0x9

Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}

Logitech QuickCam --> MsiExec.exe /X{EFA2BBEB-CF93-493B-904B-1B970B8DFAB6}

Macromedia Dreamweaver MX 2004 --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall

Macromedia Extension Manager --> RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.4) --> C:\PROGRAM\Mozilla Firefox\uninstall\helper.exe

MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

Nero 7 Premium --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1053}

neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NetLimiter 2 Pro (remove only) --> "C:\Program\NetLimiter 2 Pro\nl2uninst.exe"

Nokia Multimedia Player --> C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}

NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI

Photo Story 3 för Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

PowerISO --> "C:\Program\PowerISO\uninstall.exe"

Riva FLV Encoder 2.0 --> "C:\Program\Riva\Riva FLV Encoder 2.0\unins000.exe"

Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}

Snabbkorrigering för Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Säkerhetsuppdatering för Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"

SoundMAX --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x1d -removeonly

The Sims --> C:\WINDOWS\IsUn041d.exe -f"C:\Program\Maxis\The Sims\Uninst.isu"

The Sims 2 --> C:\Program\EA GAMES\The Sims 2\EAUninstall.exe

The Sims 2 Arbetsliv --> C:\Program\EA GAMES\The Sims 2 Arbetsliv\EAUninstall.exe

The Sims 2 Nattliv --> C:\Program\EA GAMES\The Sims 2 Nattliv\EAUninstall.exe

The Sims 2 University --> C:\Program\EA GAMES\The Sims 2 University\EAUninstall.exe

The Sims™ 2 Året runt --> C:\Program\EA GAMES\The Sims 2 Året runt\EAUninstall.exe

The Sims™ 2 Djurliv --> C:\Program\EA GAMES\The Sims 2 Djurliv\EAUninstall.exe

The Sims™ 2 Fest & bröllop! Prylpaket --> C:\Program\EA GAMES\The Sims 2 Fest & bröllop! Prylpaket\EAUninstall.exe

The Sims™ 2 Glitter & Glamour Prylpaket --> C:\Program\EA GAMES\The Sims 2 Glitter & Glamour Prylpaket\EAUninstall.exe

The Sims™ 2 H&M® Fashion Prylpaket --> C:\Program\EA GAMES\The Sims 2 H&M® Fashion Prylpaket\EAUninstall.exe

Uppdatering för Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"

VideoLAN VLC media player 0.8.6b --> C:\Program\VideoLAN\VLC\uninstall.exe

Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Live Messenger --> MsiExec.exe /I{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WinRAR archiver --> C:\Program\WinRAR\uninstall.exe

Xilisoft 3GP Video Converter --> C:\Program\Xilisoft\3GP Video Converter 3\Uninstall.exe

XoftSpySE --> C:\Program\XoftSpySE\uninstall.exe

 

 

-- End of Deckard's System Scanner: finished at 2007-06-18 at 12:14:50 ---------[/log]

 

Hijack This loggfil för användare "Skenheten och Odjuret":

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:34:26, on 2007-06-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe

C:\Program\Hijackthis\HijackThis.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180715641734

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe[/log]

 

HijackThis logg för användare "Therese":

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 12:33:03, on 2007-06-18

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program\Java\jre1.6.0_01\bin\jusched.exe

C:\Program\Windows Defender\MSASCui.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program\MSN Messenger\msnmsgr.exe

C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program\WinPop\winpop.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Hijackthis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [cctray] "C:\Program\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [QOELOADER] "C:\Program\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.17.0\QOELoader.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WinPop] C:\Program\WinPop\winpop.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180715641734

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe[/log]

 

[Cecilia]

Alla loggarna ser bra ut. Hur uppför sig datorn?

 

[tankado]

Sedan jag körde combofix (tror jag) så har cpvfeed slutat komma upp.

 

/Mattias

 

[Cecilia]

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware Free Edition och/eller Spybot S&D regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

 

Använd en brandvägg (bättre än den inbyggda i XP), det finns gratis t ex Comodo och ZoneAlarm.

http://www.personalfirewall.comodo.com/

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "I only want basic ZoneAlarm protection" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmet SpywareBlaster, vilket hindrar en hel del otrevliga program från att laddas ner resp. köras http://www.javacoolsoftware.com , samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn http://www.spywarewarrior.com/uiuc/resource.htm

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips på:

http://surfthenetsafely.com/surfsafely6.htm

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Om man använder webbläsaren Firefox så är det lämpligt att ha tillägget NoScript.

http://www.mozilla.com

https://addons.mozilla.org/firefox/722/

 

Se vilka webbplatser som är säkra/osäkra med hjälp av SiteAdvisor http://www.siteadvisor.com

 

Allt gratis för hemanvändare/personligt bruk.