Just nu i M3-nätverket
Jump to content

Redigering av Registret har inaktiverats av din administratör, men jag är ju administratör??


ViktorP

Recommended Posts

Hej! snälla hjälp mej nån, skulle köra regedit.exe men får då upp ett felmeddelande med denna text, "Redigering av Registret har inaktiverats av din administratör", jag fattar ingenting, det är ju jag som är administratör. Jag kör en Window XP Media Center om det skulle hjälpa nått.

 

Link to comment
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Det brukar vara att man har drabbats av något skadligt program som har ställt om rättigheterna för att det ska vara svårare att få bort det skadliga programmet.

Vi kan ju se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

  • 10 months later...

Hej,

Jag har samma problem. Automatiska uppdateringar är också avstängda och gråmarkerade. Har testat olika ”Repair” program, men det hjälpte inte.

Är inte så kunnig att göra något mer en at ropa:

Snälla, hjääääääääääälp!!!

Tack på förhand!!

 

 

 

Link to comment
Share on other sites

HejTack för snabb svar, men tyvär det gick inte att köra Hijack This. Det kom medelande:

HijackThis har stött på ett problem och måste avslutas.

 

[bild bifogad 2009-02-26 18:28:29 av As1959]

1125739_thumb.jpg

Link to comment
Share on other sites

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn) och se om det går bättre. Du kan också pröva med att byta namn på själva programfilen från HijackThis.exe till t ex as1959.exe.

 

Link to comment
Share on other sites

Okej, vi får pröva med några olika program och se vad som kan fungera. Så fort ett program fungerar så behöver du inte göra resten.

 

[log]1. Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.[/log]

 

[log]2. Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. [/log]

 

[log]3. Ladda ner DDS till Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

Starta programmet.

Tryck Yes/Ja på frågan om Optional Scan.

Klistra in de två loggarna DSS.txt och Attach.txt i ditt svar.[/log]

 

[log]4. Ladda ner Gmer till Skrivbordet från en av dessa sidor:

http://www.gmer.net/files.php välj Gmer application

http://www.majorgeeks.com/GMER_d5198.html

Packa upp filen till Skrivbordet.

Stäng alla program.

Starta programmet gmer.exe.

Välj fliken rootkit, kontrollera att allt är förbockat till höger utom Show All. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Copy och klistra sedan in resultatet i ditt svar.[/log]

 

Link to comment
Share on other sites

Det gick bra med Malwarebites :). Bifogar loggen[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1809

Windows 5.1.2600 Service Pack 3

 

2009-02-27 16:21:29

mbam-log-2009-02-27 (16-21-29).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 67578

Förfluten tid: 13 minute(s), 4 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 0

Infekterade registerdataposter: 3

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\CLSID\{b448d946-3623-42ab-ba32-c08651e36980} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b448d946-3623-42ab-ba32-c08651e36980} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{511f9316-771b-4953-a268-1c36da667fe9} (Dialer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b448d946-3623-42ab-ba32-c08651e36980} (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe "C:\Program\Common Files\System\svchost.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

Link to comment
Share on other sites

Bifogar gmer logg[log]GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2009-02-27 17:19:17

Windows 5.1.2600 Service Pack 3

 

 

---- System - GMER 1.0.14 ----

 

SSDT 85DBBE38 ZwAlertResumeThread

SSDT 85E76430 ZwAlertThread

SSDT 85C79E90 ZwAllocateVirtualMemory

SSDT 85E32E18 ZwConnectPort

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF4E13020]

SSDT 85D7A440 ZwCreateMutant

SSDT 85D8EE70 ZwCreateThread

SSDT 85D8EE38 ZwDebugActiveProcess

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF4E132A0]

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF4E13800]

SSDT 85D5DE38 ZwFreeVirtualMemory

SSDT 85F58F80 ZwImpersonateAnonymousToken

SSDT 85F597B8 ZwImpersonateThread

SSDT 85E68FB0 ZwMapViewOfSection

SSDT 85F58D60 ZwOpenEvent

SSDT 85ED33F8 ZwOpenProcessToken

SSDT 85DAD0E8 ZwOpenSection

SSDT 85D66420 ZwOpenThreadToken

SSDT 85E5A208 ZwResumeThread

SSDT 85DC2158 ZwSetContextThread

SSDT 85E68ED8 ZwSetInformationProcess

SSDT 85D66348 ZwSetInformationThread

SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF4E13A50]

SSDT 85C683C0 ZwSuspendProcess

SSDT 85DA1E30 ZwSuspendThread

SSDT 85E57BA8 ZwTerminateProcess

SSDT 85C98158 ZwTerminateThread

SSDT 85CB4210 ZwUnmapViewOfSection

SSDT 85D65800 ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.14 ----

 

? iqbaa.sys Det går inte att hitta filen. !

 

---- User IAT/EAT - GMER 1.0.14 ----

 

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 013CBCA0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 013CBC50

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 013C7EA0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 013C9100

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 013CAA10

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 013C9370

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 013C9180

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 013CA010

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 013CB950

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 013CB990

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 013CBD30

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 013CB810

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 013CA970

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 013C9930

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013C92E0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 013C9660

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 013CC2B0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 013CA360

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 013CA7D0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 013CAE90

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 013CAC20

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 013CAE10

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 013CB2F0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 013CB000

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 013C9250

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013C97E0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 013CBA70

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 013CAD60

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 013CA910

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 013CA790

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 013CAB20

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 013CBD50

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 013CAB60

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 013CBFF0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 013CBF90

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 013CC1E0

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 013CC280

IAT C:\Program\Registry Mechanic\RegMech.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 013CC0B0

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

---- EOF - GMER 1.0.14 ----

[/log]

 

Link to comment
Share on other sites

Du skriver:

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Min nätverkskort i bärbar dator är:

D-Link AirPlus DWL-G650+

äR DETTA PROBLEM i samband med Combofix?

 

Link to comment
Share on other sites

Om nätverkskortet sitter i en USB-kontakt så kan du behöva installera om det för att det ska fungera efter att ComboFix har körts, men om det är ett instickskort så ska inte ComboFix påverka.

 

Link to comment
Share on other sites

Ta bort den ComboFix du har och ladda ner på nytt, men denna gång så byter du namn på filen när du får frågan om var filen ska sparas, till exempel till as1959cf.exe. Om det inte hjälper så försök med felsäkert läge.

 

Om det inte hjälper så ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger2/download.php

 

Starta Avenger.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger).

Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

 

Link to comment
Share on other sites

Råd:"Ta bort den ComboFix du har och ladda ner på nytt, men denna gång så byter du namn på filen när du får frågan om var filen ska sparas, till exempel till as1959cf.exe. Om det inte hjälper så försök med felsäkert läge." Det hjälpte inte . Bifogar log Avenger---------------[log]Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

 

Platform: Windows XP

 

*******************

 

Script file opened successfully.

Script file read successfully.

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

Rootkit scan active.

No rootkits found!

 

 

Completed script processing.

 

*******************

 

Finished! Terminate.

[/log]

 

[inlägget ändrat 2009-02-27 18:54:03 av As1959]

Link to comment
Share on other sites

Inget där.

Ladda ner RSIT (random's system information tool) till Skrivbordet

http://images.malwareremoval.com/random/RSIT.exe

Starta programmet och klistra in båda loggarna som kommer ut. Om de inte kommer upp automatiskt så finns de i mappen C:\rsit som log.txt och info.txt.

 

Skanna datorn med Blacklight:

http://www.f-secure.com/security_center/ länken Blackllight

Klistra in loggen därifrån om den hittar något.

 

Link to comment
Share on other sites

log.txt[log]Logfile of random's system information tool 1.05 (written by random/random)

Run by Asmer at 2009-02-27 19:58:02

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 4 GB (22%) free of 19 GB

Total RAM: 479 MB (18% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:59:17, on 2009-02-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18372)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\brsvc01a.exe

C:\WINDOWS\System32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Brother\ControlCenter2\brctrcen.exe

C:\Program\Windows Defender\MSASCui.exe

C:\D-Link\AirPlusG+\AirPlus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Registry Mechanic\RegMech.exe

C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\MICROS~3\Office\OUTLOOK.EXE

C:\Program\Brother\Brmfcmon\BrMfimon.exe

C:\Documents and Settings\Asmer\Skrivbord\RSIT.exe

C:\Program\trend micro\Asmer.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swedbank.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O3 - Toolbar: hitta.se Toolbar - {D7A61ADE-54FB-471F-B38E-D2DBA747AE3C} - C:\Program\hitta.se Toolbar\hitta.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: Visa Norton-verktygsfältet - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [GUI] C:\D-Link\AirPlusG+\AirPlus.exe

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [symLnch] "C:\Documents and Settings\Asmer\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Asmer\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-656016574-3095290957-2122901767-500\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Administratör')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

O4 - Global Startup: D-Link AirPlus G+ Wireless Utility.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: hitta.se Toolbar - {D7A61ADE-54FB-471F-B38E-D2DBA747AE3C} - C:\Program\hitta.se Toolbar\hitta.dll

O9 - Extra 'Tools' menuitem: hitta.se Toolbar - {D7A61ADE-54FB-471F-B38E-D2DBA747AE3C} - C:\Program\hitta.se Toolbar\hitta.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - https://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.se/ImageUploader5.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228932921836

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228932877402

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 8599 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\MP Scheduled Scan.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{84E14882-C567-4F86-AC9E-3A1B0892D9A3}.job

C:\WINDOWS\tasks\Norton Internet Security - Kör fullständig systemsökning - Asmer.job

C:\WINDOWS\tasks\Windows Update.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Länkhjälp till Adobe PDF Reader - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [2007-08-24 316784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program\DELADE~1\SYMANT~1\IDS\IPSBHO.dll [2008-05-23 116088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D7A61ADE-54FB-471F-B38E-D2DBA747AE3C} - hitta.se Toolbar - C:\Program\hitta.se Toolbar\hitta.dll [2004-08-13 446464]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program\google\googletoolbar2.dll [2007-01-19 2411584]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Visa Norton-verktygsfältet - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 316784]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ControlCenter2.0"=C:\Program\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]

"Windows Defender"=C:\Program\Windows Defender\MSASCui.exe [2006-11-03 866584]

"GUI"=C:\D-Link\AirPlusG+\AirPlus.exe [2005-08-24 1474560]

"osCheck"=C:\Program\Norton Internet Security\osCheck.exe [2007-08-24 714608]

"ccApp"=C:\Program\Delade filer\Symantec Shared\ccApp.exe [2008-10-17 51048]

"Adobe Reader Speed Launcher"=C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"=C:\Documents and Settings\Asmer\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe [2007-08-26 687976]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"RegistryMechanic"=C:\Program\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

C:\Program\Apoint2K\Apoint.exe [2001-10-19 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]

C:\WINDOWS\emMON.exe [2006-05-30 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

C:\Program\LAUNCH~1\QtaET2S.EXE [2002-05-29 139264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]

C:\Program\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe [1998-07-03 25088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program\QuickTime\qttask.exe [2006-09-01 282624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

C:\Program\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2004-06-28 32768]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-26 68856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^InterVideo WinCinema Manager.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mnmsrvc"=3

"GhostStartService"=2

"Fax"=2

 

C:\Documents and Settings\All Users\Start-meny\Program\Autostart

Status Monitor.lnk - C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

D-Link AirPlus G+ Wireless Utility.lnk - C:\D-Link\AirPlusG+\AirPlus.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\Program\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

scecli

scecli

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoActiveDesktop"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program\Messenger\msmsgs.exe"="C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program\Joost\xulrunner\tvprunner.exe"="C:\Program\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"

"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\Program\Skype\Phone\Skype.exe"="C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program\MSN Messenger\msnmsgr.exe"="C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program\MSN Messenger\livecall.exe"="C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf877e00-94fb-11dc-8598-000d88f0f69c}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf877e01-94fb-11dc-8598-000d88f0f69c}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

 

======List of files/folders created in the last 1 months======

 

2009-02-27 19:58:43 ----D---- C:\Program\trend micro

2009-02-27 19:58:02 ----D---- C:\rsit

2009-02-27 18:43:23 ----D---- C:\Avenger

2009-02-27 18:43:23 ----A---- C:\avenger.txt

2009-02-27 18:23:55 ----D---- C:\32788R22FWJFW

2009-02-27 17:07:57 ----A---- C:\WINDOWS\gmer.ini

2009-02-27 17:07:53 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2009-02-27 17:07:53 ----A---- C:\WINDOWS\gmer.exe

2009-02-27 17:07:53 ----A---- C:\WINDOWS\gmer.dll

2009-02-27 16:01:37 ----D---- C:\Documents and Settings\Asmer\Application Data\Malwarebytes

2009-02-27 16:00:59 ----D---- C:\Program\Malwarebytes' Anti-Malware

2009-02-27 16:00:59 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-02-25 18:59:47 ----D---- C:\Program\inKline Global

2009-02-24 20:52:06 ----HD---- C:\WINDOWS\$NtUninstallKB967715$

2009-02-24 20:50:29 ----HD---- C:\WINDOWS\$NtUninstallKB961118$

2009-02-19 12:03:34 ----A---- C:\WINDOWS\system32\SymNeti.dll

2009-02-19 12:03:26 ----A---- C:\WINDOWS\system32\SymRedir.dll

2009-02-15 10:49:14 ----HD---- C:\WINDOWS\$NtUninstallKB960715$

2009-02-15 10:48:27 ----N---- C:\WINDOWS\system32\spmsg2.dll

2009-02-15 10:48:25 ----HD---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2009-02-15 10:28:35 ----D---- C:\WINDOWS\system32\XPSViewer

2009-02-15 10:28:23 ----D---- C:\Program\MSBuild

2009-02-15 10:27:53 ----D---- C:\Program\Reference Assemblies

2009-02-15 10:25:45 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-02-15 10:25:44 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-02-15 10:25:43 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-02-15 10:24:34 ----D---- C:\WINDOWS\SxsCaPendDel

2009-02-15 10:14:55 ----SHD---- C:\Config.Msi

2009-02-11 15:43:24 ----A---- C:\WINDOWS\system32\STKIT432.DLL

2009-02-11 15:43:18 ----D---- C:\Program\Registry Mechanic

2009-02-10 18:35:11 ----D---- C:\Documents and Settings\All Users\Application Data\GARMIN

2009-01-29 18:45:27 ----HD---- C:\WINDOWS\ie8

2009-01-29 18:22:52 ----HD---- C:\WINDOWS\$NtUninstallKB958687$

2009-01-29 18:22:23 ----D---- C:\WINDOWS\ie8updates

 

======List of files/folders modified in the last 1 months======

 

2009-02-27 18:43:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-27 18:32:16 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-24 20:52:02 ----A---- C:\WINDOWS\imsins.BAK

2009-02-15 10:42:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-12 05:56:18 ----A---- C:\WINDOWS\system32\MRT.exe

2009-02-09 21:39:06 ----A---- C:\WINDOWS\wincmd.ini

2009-01-29 17:40:22 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;AMD K7-processordrivrutin; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41728]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys []

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2002-12-11 11044]

R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]

R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-09-07 63232]

R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-09-07 55936]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [1998-10-21 72704]

R2 SSIPDDP;SSIPDDP Parallel port device driver; \??\C:\WINDOWS\System32\DRIVERS\SSIPDDP.SYS []

R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-03-06 22400]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2001-09-29 50209]

R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 BridgeMP;Miniport för MAC-brygga; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

R3 CAMCAUD;Conexant AMC 3D Environmental Audio; C:\WINDOWS\system32\drivers\camcaud.sys [2003-03-07 291712]

R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camchal.sys [2003-03-07 268288]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 HidUsb;Microsoft HID-klassdrivrutin; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-03-06 1106944]

R3 HSFHWVIA;HSFHWVIA; C:\WINDOWS\System32\DRIVERS\HSFHWVIA.sys [2003-03-06 159104]

R3 KBFiltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\KBFiltr.sys [2002-04-01 14643]

R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-09-06 12160]

R3 NAVENG;NAVENG; \??\C:\Program\DELADE~1\SYMANT~1\VIRUSD~1\20090227.004\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\Program\DELADE~1\SYMANT~1\VIRUSD~1\20090227.004\NAVEX15.SYS []

R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [2003-01-23 6912]

R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\D-Link\AIRPLU~1\PCANDIS5.SYS []

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-09-07 5888]

R3 S3SavageNB;S3SavageNB; C:\WINDOWS\system32\DRIVERS\s3gnbm.sys [2004-08-04 166912]

R3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]

R3 StillCam;Drivrutin för seriell digital stillbildskamera; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-09-06 6912]

R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2009-02-19 96560]

R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2009-02-19 38576]

R3 SYMIDSCO;SYMIDSCO; \??\C:\Program\DELADE~1\SYMANT~1\SymcData\ipsdefs\20090217.004\SymIDSCo.sys []

R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]

R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2009-02-19 37424]

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]

R3 TNET1130;D-Link AirPlus G+ Wireless Adapter; C:\WINDOWS\system32\DRIVERS\GPLUS_XP.sys [2004-10-25 439296]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Drivrutin för Microsoft USB-standardnav (hub); C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-03-06 622720]

S3 Bridge;MAC-brygga; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 CCDECODE;Avkodare för dold textning; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []

S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []

S3 DCamUSBEMPIA;MSI MS8609 Video; C:\WINDOWS\System32\DRIVERS\emDevice.sys [2004-02-26 100861]

S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\System32\DRIVERS\emFilter.sys [2004-02-26 4733]

S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2002-12-20 19313]

S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2002-12-20 50396]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-27 85969]

S3 MPE;BDA MPE-filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]

S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video-anslutning; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PortlUSB;PortlUSB; C:\WINDOWS\system32\DRIVERS\Vibe-500.sys [2005-09-02 7552]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]

S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]

S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]

S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]

S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]

S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\System32\DRIVERS\emScan.sys [2004-02-26 4525]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-19 31280]

S3 USB28xxBGA;USB 2800 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-09-12 292864]

S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-21 7168]

S3 USBSTOR;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-09-01 104064]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Teletext-codec för världsstandard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S3 XI726_USB;LANEscape/XI-726 Driver; C:\WINDOWS\System32\DRIVERS\xi726.sys [2002-01-27 50688]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\System32\brsvc01a.exe [2002-04-12 57344]

R2 ccEvtMgr;Symantec Event Manager; C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 ccSetMgr;Symantec Settings Manager; C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

R2 WinDefend;Windows Defender; C:\Program\Windows Defender\MsMpEng.exe [2006-11-03 13592]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare; C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-31 243064]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 comHost;COM Host; C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Updater Service; C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LiveUpdate;LiveUpdate; C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]

S3 Symantec Core LC;Symantec Core LC; C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-05-23 1251720]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program\Windows Media Player\WMPNetwk.exe [2006-11-15 912384]

S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[/log]

 

Link to comment
Share on other sites

info.txt[log]info.txt logfile of random's system information tool 1.05 2009-02-27 19:59:25

 

======Uninstall list======

 

-->"C:\Program\Symantec\LiveUpdate\LSETUP.EXE" /U

-->C:\WINDOWS\IsUninst.exe -f"C:\Program\Acer Inc.\Acer English Online Help Creator\Uninst.isu"

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.3 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81300000003}

AdriaROUTE 2.10-->MsiExec.exe /X{828A3BA6-B5AB-4B03-AC13-443BE0C64C17}

ALPS Touch Pad Driver-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL

AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}

Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}

Aspire Launch Manager-->C:\WINDOWS\UnInst32.exe QtaET2S.UNI

Aspire1310 screensaver-->"C:\Program\Aspire1310 screensaver\Aspire1310 screensaver.scr" /S /Uninstall

AutoCAD 2000-->C:\WINDOWS\uninst.exe -fC:\Program\ACAD2000\DeIsL1.isu -c"C:\Program\ACAD2000\unacad.dll

Azureus-->C:\Program\Azureus\Uninstall.exe

Brother MFL-Pro Suite-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x1d Brunin03.dllBrunin03.dll

ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}

Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}

Conexant AC-Link Audio-->CIAunwdm.exe

Conexant Soft 56K Modem-->C:\Program\CONEXANT\CNXT_MODEM_PCI_VEN_1106&DEV_3068&SUBSYS_00301025\HXFSETUP.EXE -U -IVEN_1106&DEV_3068&SUBSYS_00301025

dBpowerAMP Music Converter-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat

dBpowerAMP WMA V9 Codec-->"C:\WINDOWS\System32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat

DivX 4.02 Codec-->"C:\Program\DivXCodec\uninstall.exe"

D-Link AirPlus G+ Wireless LAN Adapter-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{5A2BE5CA-0E67-4062-B5EF-BE9C6485C745}\Setup.exe" -l0x1d

DVD Solution-->C:\Program\Uninstall_CDS.exe

Ease Audio Converter 3.70-->C:\Program\easetech\EaseAudioConverter\unins000.exe

FTDI USB Serial Converter Drivers-->C:\WINDOWS\System32\ftdiunin.exe C:\WINDOWS\System32\ftdiun2k.ini

Garmin City Navigator Europe NT 2009 Update-->MsiExec.exe /X{1240A058-8BCE-4A3B-BF82-6E5B801D71BA}

Garmin MapSource-->MsiExec.exe /X{974530D2-AE96-4C99-B549-99CADA653CE5}

Garmin POI Loader-->MsiExec.exe /X{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}

Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program\google\googletoolbar2.dll"

HijackThis 2.0.2-->"C:\Program\trend micro\HijackThis.exe" /uninstall

hitta.se Toolbar-->regsvr32 /u /s "C:\Program\hitta.se Toolbar\hitta.dll"

hkSFV (remove only)-->"C:\Program\hkSFV\uninst.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}

Macromedia Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log

Malwarebytes' Anti-Malware-->"C:\Program\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE-->MsiExec.exe /I{77701BFD-3A86-34B0-A9EC-0D7440C6D8AF}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE-->MsiExec.exe /I{AA8CF3BD-6717-3B70-83BF-377426410A66}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - sve-->MsiExec.exe /I{7D7152AF-581B-316F-8CA4-15342C3EFA4B}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{0001041D-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Multiframe 3D-->C:\WINDOWS\IsUninst.exe -fC:\Program\Multiframe\Multiframe3D.isu

Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}

Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}

Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}

Norton Internet Security (Symantec Corporation)-->"C:\Program\Delade filer\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X

Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}

Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}

NTI CD-Maker 2000 Plus-->C:\WINDOWS\IsUninst.exe -f"C:\Program\NewTech Infosystems\NTI CD-Maker 2000 Plus\Uninst.isu"

NTI FileCD-->C:\WINDOWS\IsUninst.exe -f"C:\Program\NewTech Infosystems\FileCD\Uninst.isu"

PC Booster-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\setup.exe" -l0x9 -removeonly

Power MP3 WMA Converter 1.15-->"C:\Program\Power MP3 WMA Converter\unins000.exe"

PowerDirector Express-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\Setup.exe" -uninstall

PowerDVD-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerProducer 2 Gold-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" -uninstall

PPC 2003 - MSN ® Messenger Update-->C:\Program\DELADE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CF56B6FC-F26B-4493-802B-2E5EA74DC775}

ProSavageDDR and Utilities-->C:\Program\S3\P4M266\s3setvga.exe -s -fC:\Program\S3\P4M266\P4M266.uns

QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}

Registry Mechanic 8.0-->"C:\Program\Registry Mechanic\unins000.exe" /Log

S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'

S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'

S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'

S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'

SCG Route 1.70-->MsiExec.exe /X{BF4720EC-795A-4DE4-8A03-F80C52256E03}

SectionMaker -->C:\WINDOWS\IsUninst.exe -fC:\Program\Multiframe\SectionMaker.isu

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q

ServiceProvider-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{CF7E2D10-E9BE-4216-9DC6-9E6C6E10BFE9}\setup.exe"

Snabbkorrigering för Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Snabbkorrigering för Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Snabbkorrigering för Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Sony Ericsson PC Suite 4.006.00-->C:\Program\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x001d -removeonly

SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - sve\setup.exe

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Säkerhetsuppdatering för Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

The Complete Animator-->C:\PROGRAM\IOTASO~1\THECOM~1\UNWISE.EXE C:\PROGRAM\IOTASO~1\THECOM~1\INSTALL.LOG

The Playa-->"C:\Program\The Playa\uninstall.exe"

Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe

Total Video Converter 3.10-->"C:\Program\Total Video Converter\unins000.exe"

Ulead Photo Express 2.0 SE-->C:\WINDOWS\IsUninst.exe -f"C:\Program\Ulead Systems\Ulead Photo Express 2 SE\Uninst.isu" -c"C:\Program\Ulead Systems\Ulead Photo Express 2 SE\IS32Inst.dll"

Uppdatering för Windows Internet Explorer 8 (KB961813)-->"C:\WINDOWS\ie8updates\KB961813-IE8\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Uppdatering för Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

USB Video Device Driver-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\Setup.exe"

VideoLAN VLC media player 0.8.4a-->C:\Program\VideoLAN\VLC\uninstall.exe

Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}

Windows Internet Explorer 8 Release Candidate 1-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Messenger 5.1-->MsiExec.exe /I{A433AE09-2126-4dad-9CBD-C1B05DC42787}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program\WinRAR\uninstall.exe

WinZip-->"C:\Program\WinZip\WINZIP32.EXE" /uninstall

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Xvid 1.1.3 final uninstall-->"C:\Program\Xvid\unins000.exe"

 

======Security center information======

 

AV: Norton Internet Security

FW: Norton Internet Security

 

System event log

 

Computer Name: BÄRBAR

Event Code: 7036

Message: Tjänsten Application Management ändrade tillstånd till stoppad.

 

Record Number: 53724

Source Name: Service Control Manager

Time Written: 20090210212944.000000+060

Event Type: information

User:

 

Computer Name: BÄRBAR

Event Code: 7035

Message: Tjänsten Application Management tog emot en starta-kontroll.

 

Record Number: 53723

Source Name: Service Control Manager

Time Written: 20090210212944.000000+060

Event Type: information

User: BÄRBAR\Asmer

 

Computer Name: BÄRBAR

Event Code: 7023

Message: Tjänsten Application Management avbröts med följande fel:

Det går inte att hitta den angivna modulen.

 

 

Record Number: 53722

Source Name: Service Control Manager

Time Written: 20090210212944.000000+060

Event Type: Fel

User:

 

Computer Name: BÄRBAR

Event Code: 7036

Message: Tjänsten Application Management ändrade tillstånd till stoppad.

 

Record Number: 53721

Source Name: Service Control Manager

Time Written: 20090210212944.000000+060

Event Type: information

User:

 

Computer Name: BÄRBAR

Event Code: 7035

Message: Tjänsten Application Management tog emot en starta-kontroll.

 

Record Number: 53720

Source Name: Service Control Manager

Time Written: 20090210212944.000000+060

Event Type: information

User: BÄRBAR\Asmer

 

Application event log

 

Computer Name: BÄRBAR

Event Code: 1000

Message: Felaktigt program firefox%20setup%203.0.5[1].exe, version 4.42.0.0, felaktig modul firefox%20setup%203.0.5[1].exe, version 4.42.0.0, felaktig adress 0x0000ba06.

 

Record Number: 10661

Source Name: Application Error

Time Written: 20081219152038.000000+060

Event Type: Fel

User:

 

Computer Name: BÄRBAR

Event Code: 101

Message: Informationsnivå: success

 

Nästa körning är schemalagd till ca 3:38 PM.

 

Record Number: 10660

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081219144427.000000+060

Event Type: information

User: NT INSTANS\SYSTEM

 

Computer Name: BÄRBAR

Event Code: 101

Message: Informationsnivå: success

 

Automatisk LiveUpdate har stoppats.

 

Record Number: 10659

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081219144427.000000+060

Event Type: information

User: NT INSTANS\SYSTEM

 

Computer Name: BÄRBAR

Event Code: 101

Message: Informationsnivå: success

 

Schemaläggaren startade Automatisk LiveUpdate.

 

Record Number: 10658

Source Name: Automatic LiveUpdate Scheduler

Time Written: 20081219144423.000000+060

Event Type: information

User: NT INSTANS\SYSTEM

 

Computer Name: BÄRBAR

Event Code: 1002

Message: Stoppat program iexplore.exe, version 8.0.6001.18241, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Record Number: 10657

Source Name: Application Hang

Time Written: 20081219142158.000000+060

Event Type: Fel

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program\DELADE~1\AUTODE~1;C:\Program\QuickTime\QTSystem"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program\Java\j2re1.4.2_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program\Java\j2re1.4.2_05\lib\ext\QTJava.zip

 

-----------------EOF-----------------

[/log]

 

Link to comment
Share on other sites

Jag behöver förstås veta vad F-secure har hittat och inte bara att det har hittat något. Jag gissar att man får reda på det om man väljer Jag vill avgöra objekt för objekt. Jag går igenom loggarna men det tar en stund.

 

Link to comment
Share on other sites

Sök i datorn och se om du kan hitta en fil som heter AdobeR.exe. I så fall surfa till http://www.virustotal.com bläddra fram den filen, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här.

 

Vad finns i mappen C:\32788R22FWJFW ?

 

Kontrollpanelen - Lägg till eller ta bort program

Ta bort PC Booster och ta sedan bort mappen C:\Program\inKline Global

 

 

Link to comment
Share on other sites

Hittar inte fil som heter AdobeR.exe. Har ingen anining vad finns i mappen C:\32788R22FWJFW. Bifogar bild. Kan jag ta bort den?

 

[bild bifogad 2009-02-28 09:13:00 av As1959]

1126072_thumb.jpg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...