Datan är "sjuk"!

[hemda]

Hej!

Hoppas dett aär rätt forum. Annras så får ni upplysa mig om i vilket forum jag ska fråga.=)

Min data krånglar något oerhört jus tnu. Fast jag har panda Antivirus och har tagit bort skadliga filer som panda hittade.

 

1.Min aktivitetshanterare har lagt av, det kommer upp ett felmeddelande som säger " inaktiverats administratören" ???

 

2. Det ligger 3 ikoner på skrivbordet , som bara kommertillbaka fast jag tar bort dem och startar om datan. De heter Spyware protection,Privacy Protection och error cleaner. De gör nog en massa illdåd, eftersom plötsligt så br öppnar sig datasidor med en massa antivrus-teste& fösäljning.

 

3.Datan ger felmeddelande "windows alert alaarm"att den har någon worm...i sig,

 

har alltså plockat bort sånt jag sett och ej vill ha..och kört panda antivrus otaligggr nu. Men när datan startar är det allt tillbaka....h Panda antivirus ger hela tiden meddelande om "kapningförsök mot internet exp".

 

Tänkte fårga här om någon har råd el förslag på hur min sjuka dator blir frisk igen....eler kanske ska man lämna i den i dataaffärern idirekt så de får gå genom den?..men som sagt..ett sådant sjukhusbesök kan ju..koste end el.

 

tacksam för alla förslag.

mvh Henrik

 

 

[Laso]

Vi kan se om HijackThis visar något till att börja med:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Så får någon av våra kunniga gå igenom loggen

 

 

 

// gästen

 

Sopa alltid rent framför egen dörr

 

[hemda]

Tack för svar!

 

Jag är inte sådär jättekunnig i datavälden.Men nu har jag alddat hem och gjort den deär scannen. Men vet inte hur jag ska få in den i den där log-knappen...hur den ska komma från min data in i forumet.

 

[NoiseKiller]

Jag flyttar över tråden till forumet Virus - Antivirus.

 

Använd Log-knappen genom att trycka på den, sedan klistra in din text efter |LOG|-texten och sedan trycka på Log-knappen igen så du får en slut-|/LOG|.

 

| Noisekiller |

Moderator för Hårdvara - övrigt

 

[hemda]

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:08:58, on 2008-04-24

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\All Users\Application Data\tgrgtyze\pinovsfm.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\Program\XP Antivirus\xpa.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\DVDFab Platinum 4\DVDFabPlatinum.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Windows Live\installer\WLSetupSvc.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\Program\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sr.se/cgi-bin/International/nyhetssidor/index.asp?nyheter=1&ProgramID=2108

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: dpevflbg - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - C:\WINDOWS\dpevflbg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ctpeudqj] C:\WINDOWS\system32\dohcvoba.exe

O4 - HKCU\..\Run: [e©ùýùäûïÎóÎüøøãøôùÊýùñûÙÞó] C:\Program\XP Antivirus\xpa.exe

O4 - HKLM\..\Policies\Explorer\Run: [yTc0VcW0ax] C:\Documents and Settings\All Users\Application Data\tgrgtyze\pinovsfm.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208516889171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208539847171

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://nydalakameran.net.umea.se/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O21 - SSODL: vadokmxt - {4582BB35-FAC3-4047-8FCE-72917C631DC6} - C:\WINDOWS\vadokmxt.dll

O21 - SSODL: wdpoefan - {C14E26C6-D8C3-4597-9E20-207B8DFA02E8} - C:\WINDOWS\wdpoefan.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 9458 bytes

[/log]

 

[hemda]

hoppas det blev rätt!

 

[Cecilia]

Javisst blev det rätt!

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Gå till mappen C:\Program

Markera mappen XPAntivirus och tryck sedan på Delete-tangenten

Låt datorn ta bort mappen

 

Starta om datorn i normalt läge.

 

Spara ner FixXPAV.reg till Skrivbordet

http://download.bleepingcomputer.com/reg/FixXPAV.reg

 

Dubbelklicka på den nedladdade filen FixXPAV.reg som finns på Skrivbordet.

Acceptera de förändringar som den gör i registret.

 

Gå med Utforskaren till mappen C:\Documents and Settings\All Users\Start Menu\Programs och ta där bort mappen "XP antivirus".

Om du har en ikon bredvid Start-knappen som hör ihop med XP Antivirus så högerklicka på den och välj Ta bort.

 

Starta om datorn igen och skanna igenom med Panda.

Starta om datorn igen och klistra in en ny HijackThis-logg.

 

[hemda]

Allright,Här kommer loggen, men efter att jag följt åtgärderna!

 

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:07:09, on 2008-04-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Program\Panda Security\Panda Internet Security 2008\psimreal.exe

C:\Documents and Settings\All Users\Application Data\tgrgtyze\pinovsfm.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\Program\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sr.se/cgi-bin/International/nyhetssidor/index.asp?nyheter=1&ProgramID=2108

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: dpevflbg - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - C:\WINDOWS\dpevflbg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Security\Panda Internet Security 2008\Inicio.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ctpeudqj] C:\WINDOWS\system32\dohcvoba.exe

O4 - HKCU\..\Run: [e©ùýùäûïÎóÎüøøãøôùÊýùñûÙÞó] C:\Program\XP Antivirus\xpa.exe

O4 - HKLM\..\Policies\Explorer\Run: [yTc0VcW0ax] C:\Documents and Settings\All Users\Application Data\tgrgtyze\pinovsfm.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208516889171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208539847171

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://nydalakameran.net.umea.se/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O21 - SSODL: vadokmxt - {4582BB35-FAC3-4047-8FCE-72917C631DC6} - C:\WINDOWS\vadokmxt.dll

O21 - SSODL: wdpoefan - {C14E26C6-D8C3-4597-9E20-207B8DFA02E8} - C:\WINDOWS\wdpoefan.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 9257 bytes

[/log]

 

[hemda]

För info hur datan fungerar just nu, när den är uppstartad igen är att den är lika smittad/dålig/konstig fortfarande. Menyraden med bla redigera,visa,favoriter,verkty är försvunnen, där finna nu märkliga ikoner som säkert ommer fårn något som laddat ner sig, bla finns där ikoner med Remove Ppoups, Scan Spayware....etc.

 

Är inte så datakunnig som sagt, men tänkte att jag ger den infon jag ser här nu.

(alla spyware varningarna, internet explorer attacker, och olika virusföretags sajter som självöppnar sig finns kvar och saker går seeegt)

 

[Laso]

Om du går in i kontrollpanelen och tittar under "Lägg till eller ta bort program", kan du där se någonting som heter Toolbar xxx eller innehåller namnet Toolbar?

 

Eller något som heter XP Antivirus?

 

 

Men kör även Combofix

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av alla program du ser inklusive antivirusprogram, antispionprogram och brandvägg (alternativt starta om datorn i felsäkert läge).

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram och brandvägg är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn. Det kan bli problem t ex om du har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.[/log]

 

Bifoga en ny HijackThis-logg efter detta igen

 

 

 

 

// gästen

 

Sopa alltid rent framför egen dörr

 

[Cecilia]

Det där var bara första steget i att rensa datorn.

Nästa steg är ComboFix som //gästen beskrev samt följande med SmitfraudFix:

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

[hemda]

hej igen!

Nu har jag kört combofix. vissa ikoner som var "spyware protector..odyl" som agt sig på skrivbordet sista dygnet är borta!!=) aktiviteshanteraren fungerar igen!

Men däremot går det inte att anluta till internet länge, ska jag göra något speceill tgärd? ( har startatom datan)

 

[hemda]

och har kollat lägg till/ta bort som "gästen" sa och i den menyn finns inget programm som heter XP antivirus el Toolbar/toolbar xxx".

Xp antivirus fanns endast i papperskorgen=)

 

[hemda]

Här är Hi-Jack filen först

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:53, on 2008-04-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program\internet explorer\iexplore.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\NOTEPAD.EXE

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB} - C:\WINDOWS\qnmargolxgn.dll

O3 - Toolbar: dpevflbg - {B21EAD36-EC0C-4B82-B102-1AB20B481977} - C:\WINDOWS\dpevflbg.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [ctpeudqj] C:\WINDOWS\system32\dohcvoba.exe

O4 - HKLM\..\Policies\Explorer\Run: [yTc0VcW0ax] C:\Documents and Settings\All Users\Application Data\tgrgtyze\pinovsfm.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208516889171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208539847171

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://nydalakameran.net.umea.se/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: jkkLFvTN - jkkLFvTN.dll (file missing)

O21 - SSODL: vadokmxt - {4582BB35-FAC3-4047-8FCE-72917C631DC6} - C:\WINDOWS\vadokmxt.dll

O21 - SSODL: wdpoefan - {C14E26C6-D8C3-4597-9E20-207B8DFA02E8} - C:\WINDOWS\wdpoefan.dll

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 8611 bytes

[/log]

 

[hemda]

Kom ut på internet igen ,fast inte vanliga vägen.

Här är smittfraud filen.

 

[log]SmitFraudFix v2.318

 

Scan done at 8:51:03.20, 2008-04-25

Run from C:\Documents and Settings\Žgaren\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavBckPT.exe

C:\Program\internet explorer\iexplore.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\dohcvoba.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

C:\WINDOWS\olgdqarf.exe FOUND !

C:\WINDOWS\wxvgsdbq.exe FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Žgaren\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GAREN~1\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

+--------------------------------------------------+

[!] Suspicious: qnmargolxgn.dll

BHO: DVA Gate - {7A6FD945-14B0-41F8-84FB-74DEF17528BB}

TypeLib: {97334AA5-423A-47E8-831C-A7FBF5A8804B}

Interface: {4005C168-1692-4CFD-B21B-03F29DC530D4}

Interface: {AEB838DD-2819-4A77-8BF8-E75405B85F6F}

 

[!] Suspicious: dpevflbg.dll

Toolbar: dpevflbg - {B21EAD36-EC0C-4B82-B102-1AB20B481977}

TypeLib: {DC33216E-1322-437E-9D55-2DD312F190C2}

Interface: {0263D762-B6E5-4DCF-91A5-E1283D25E850}

Classe: dpevflbg.bgdq

Classe: dpevflbg.ToolBar.1

 

[!] Suspicious: vadokmxt.dll

SSODL: vadokmxt - {4582BB35-FAC3-4047-8FCE-72917C631DC6}

 

[!] Suspicious: wdpoefan.dll

SSODL: wdpoefan - {C14E26C6-D8C3-4597-9E20-207B8DFA02E8}

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Miniport för paketschemaläggning

DNS Server Search Order: 172.16.3.3

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{ABB583E2-A791-468E-8D94-4B78F5854A72}: DhcpNameServer=172.16.3.3

HKLM\SYSTEM\CS1\Services\Tcpip\..\{ABB583E2-A791-468E-8D94-4B78F5854A72}: DhcpNameServer=172.16.3.3

HKLM\SYSTEM\CS2\Services\Tcpip\..\{ABB583E2-A791-468E-8D94-4B78F5854A72}: DhcpNameServer=172.16.3.3

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=172.16.3.3

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=172.16.3.3

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.16.3.3

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[Cecilia]

XP Antivirus fick du bort med det du gjorde under natten.

 

Har du prövat med att reparera internetanslutningen enligt //gästens anvisningar?

Vad har du för sorts anslutning i datorn för att ansluta till internet? Är det något som är USB-anslutet?

 

Nu har jag kört combofix. vissa ikoner som var "spyware protector..odyl" som agt sig på skrivbordet sista dygnet är borta!!=) aktiviteshanteraren fungerar igen!

Bra att ComboFix fick bort dem.

 

[Cecilia]

Oj, hinner inte med med alla dina inlägg.

 

Hur kom du ut på internet nu?

 

Klistra in ComboFix-loggen, C:\Combofix.txt.

 

Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Dubbelklicka på smitfraudfix.exe för att starta programmet.

Välj alternativ 2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt.

 

[hemda]

Ber om ursäkt, det gick av bara glädjens fart med inlägg, när äntligen de "dumm" ikonerna försvann och aktivitetshanteraren var i bruket igen. Ska försökta ta det steg för steg fom nu.

 

För att komma ut på internet tryckte jag till slut på en ikon som var som "ett litet hus" ,upe i menyraden, så kom jag ut och därefter så kan jag klicka på e-ukonen på skrivbordet och ut på nätet kommer jag i vanlig ordning.!! Bra tips med combofixen!!=) tack!

 

Ska combo-loggen ligga på skrivbordet el öppna sig när den kört igenom sitt uppdrag?

 

[Cecilia]

Det gör inget med alla inlägg, det var mer som en förklaring till om jag hade skrivit något som du redan hade gjort eller som blev konstigt pga något sådant.

 

ComboFix-loggen hittar du som C:\Combofix.txt, kolla med Utforskaren eller Den här datorn.

 

[hemda]

Den här combo-filen finns där inte, verkar det som . Det finns ju en ammsa andra filen. men ingne combo-text. Ska jag ev köra combo igen för att få fram en fil?

 

sen ska jag skicka en fil efter att ha kört smithfraud.exe programmet.

Är det månne denna , som jag klistar in här under

 

[log]SmitFraudFix v2.318

 

Scan done at 9:35:53.78, 2008-04-25

Run from C:\Documents and Settings\Žgaren\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

C:\WINDOWS\qnmargolxgn.dll deleted.

C:\WINDOWS\dpevflbg.dll deleted.

C:\WINDOWS\vadokmxt.dll deleted.

C:\WINDOWS\wdpoefan.dll deleted.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

 

S!Ri's WS2Fix: LSP not Found.

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\olgdqarf.exe Deleted

C:\WINDOWS\wxvgsdbq.exe Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CS2\Services\Tcpip\..\{ABB583E2-A791-468E-8D94-4B78F5854A72}: DhcpNameServer=172.16.3.3

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=172.16.3.3

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

[hemda]

Status just nu:

(detta är mitt första nlägg i denna tråden,skriver stora bokstäver för visa nuvarande status)

 

1.Min aktivitetshanterare har lagt av, det kommer upp ett felmeddelande som säger " inaktiverats administratören" ??? AKTIVITETSHANTERAREN FUNGERAR SOM SMÖR I SOLEN!!=)

 

2. Det ligger 3 ikoner på skrivbordet , som bara kommertillbaka fast jag tar bort dem och startar om datan. De heter Spyware protection,Privacy Protection och error cleaner. De gör nog en massa illdåd, eftersom plötsligt så br öppnar sig datasidor med en massa antivrus-teste& fösäljning. DE 3 IKONERNA mED SPYWARE PROTECTION..ETC ÄR BORTA!

 

3.Datan ger felmeddelande "windows alert alaarm"att den har någon worm

JUST NU HAR DET GÅTT SÄKERT 4MINUTER UTAN ATT EN MASSA SIDOR ÖPPNAS AV SIG SJÄLV, INGA ZONEALARM, IINTE STÄNDIGA PANDA-VARNINGAR!!

 

Wowwwwwwww!!!!!!!!!! =)=)

 

[Cecilia]

Hehe, ComboFix och SmitfraudFix är bra!

 

Kör ComboFix igen.

 

[hemda]

Combofix och Smittfraud är ju super!!

 

Startar upp combofix igen, men den blåa rutan med texten "preparing to run"..kommer fram, men sen händer inget alls länge...

 

 

....samt...

Tro det eller ej ..men nu poppade det upp 1. ett zonealarm med txten "din data ärinfecterad..etc..etc" och några sekunder senare så öppnade en sida upp sig igen...där det rekommenderas att köpa antivirusprogramm....=(

 

[Cecilia]

Det ska nog ordna sig med datorn, troligen är det något kvar som vi behöver hitta och ta bort. Vi tar Deckard's System Scanner i stället. Spara på Skrivbordet.

http://www.techsupportforum.com/sectools/Deckard/dss.exe

 

Avsluta alla program.

Kör programmet och följ anvisningarna som visas.

När det är klart så skapas två loggfiler, main.txt och extra.txt i samma mapp som skannern ligger i. Klistra in dem här.

 

Programmet kommer bland annat att tömma Papperskorgarna och mappar för tillfälliga filer i datorn.

 

[hemda]

[log]här kommer de 2 analysloggarna från Deckard.

 

LOG]Deckard's System Scanner v20071014.68

Run by Ägaren on 2008-04-25 11:58:08

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

 

 

-- Last 5 Restore Point(s) --

60: 2008-04-25 09:43:41 UTC - RP60 - Deckard's System Scanner Restore Point

59: 2008-04-25 09:38:46 UTC - RP59 - Removed SUPERAntiSpyware Professional

58: 2008-04-25 09:19:46 UTC - RP58 - Uniblue RegistryBooster

57: 2008-04-25 08:58:48 UTC - RP57 - Installed SUPERAntiSpyware Professional

56: 2008-04-25 06:08:14 UTC - RP56 - ComboFix created restore point

 

 

-- First Restore Point --

1: 2008-04-24 14:05:35 UTC - RP1 - Systemkontrollpunkt

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Ägaren.exe) ----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58, on 2008-04-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Documents and Settings\Ägaren\Skrivbord\dss.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program\TRENDM~1\HIJACK~1\Ägaren.exe

C:\Program\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Program\Panda Security\Panda Internet Security 2008\psimreal.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/'>http://www.hotmail.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab'>http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab'>http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208516889171'>http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208516889171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208539847171'>http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208539847171

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://nydalakameran.net.umea.se/activex/AMC.cab'>http://nydalakameran.net.umea.se/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab'>http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab'>http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: jkkLFvTN - jkkLFvTN.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 7872 bytes

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - shell\open\command - C:\Program\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

.vbs - VBSFile - shell\open\command - C:\Program\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)

R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)

R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

 

S0 O2MDRDR - c:\windows\system32\drivers\o2media.sys (file missing)

S0 O2SDRDR - c:\windows\system32\drivers\o2sd.sys (file missing)

S1 SASDIFSV - c:\program\superantispyware\sasdifsv.sys (file missing)

S1 SASKUTIL - c:\program\superantispyware\saskutil.sys (file missing)

S3 catchme - c:\combofix\catchme.sys (file missing)

S3 SASENUM - c:\program\superantispyware\sasenum.sys (file missing)

S3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Nero BackItUp Scheduler 3 - c:\program\nero\nero8\nero backitup\nbservice.exe

R3 ServiceLayer - "c:\program\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID:

Description: Modemenhet på High Definition Audio-buss

Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\4&34E4CF7E&0&0001

Manufacturer:

Name: Modemenhet på High Definition Audio-buss

PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\4&34E4CF7E&0&0001

Service:

 

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: Styrenhet för lagringsenhet

Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10C71734&REV_01\4&6B16D5B&0&23F0

Manufacturer:

Name: Styrenhet för lagringsenhet

PNP Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10C71734&REV_01\4&6B16D5B&0&23F0

Service: O2MDRDR

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-04-23 03:30:00 404 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job

 

 

-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

 

2008-04-25 11:17:40 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Uniblue

2008-04-25 10:59:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-25 10:58:50 0 d-------- C:\Program\SUPERAntiSpyware

2008-04-25 10:58:50 0 d-------- C:\Documents and Settings\Ägaren\Application Data\SUPERAntiSpyware.com

2008-04-25 08:51:06 2822 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-25 08:49:36 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-04-25 08:49:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-04-25 08:49:36 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-04-25 08:49:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-04-25 08:49:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org;'>http://www.beyondlogic.org; Command Line Process Utility>

2008-04-25 08:49:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-25 08:49:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-04-25 08:49:36 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-25 08:43:27 0 dr-h----- C:\Documents and Settings\Ägaren\Recent

2008-04-25 08:10:51 53248 --a------ C:\WINDOWS\PSEXESVC.EXE

2008-04-25 08:07:52 68096 --a------ C:\WINDOWS\zip.exe

2008-04-25 08:07:52 49152 --a------ C:\WINDOWS\VFind.exe

2008-04-25 08:07:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-04-25 08:07:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-04-25 08:07:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-04-25 08:07:52 98816 --a------ C:\WINDOWS\sed.exe

2008-04-25 08:07:52 80412 --a------ C:\WINDOWS\grep.exe

2008-04-25 08:07:52 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-04-24 20:19:54 0 d-------- C:\Program\Trend Micro

2008-04-24 17:55:33 0 d-------- C:\Documents and Settings\Ägaren\Application Data\TmpRecentIcons

2008-04-24 17:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-04-24 17:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FirstClass

2008-04-24 17:27:27 0 d-------- C:\Program\FirstClass

2008-04-24 15:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\tgrgtyze

2008-04-24 14:45:20 0 d-------- C:\Documents and Settings\Ägaren\Application Data\CyberLink

2008-04-24 14:44:44 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2008-04-24 14:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk

2008-04-24 13:34:22 0 d-------- C:\Program\Messenger Plus! Live

2008-04-24 13:21:00 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

2008-04-24 13:21:00 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Vso

2008-04-24 13:21:00 47360 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

2008-04-24 13:20:56 0 d-------- C:\Program\DVDFab Platinum 4

2008-04-24 07:57:33 0 d-------- C:\Program\DVDFab HD Decrypter 4

2008-04-23 16:54:01 0 d-------- C:\Ingmar Bergman

2008-04-23 15:52:27 0 d-------- C:\Program\CyberLink

2008-04-23 15:51:23 0 d-------- C:\Program\NeroInstall.bak

2008-04-23 15:48:33 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>

2008-04-23 15:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2008-04-23 15:45:47 106496 -----n--- C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>

2008-04-23 15:45:47 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>

2008-04-23 15:45:38 0 d-------- C:\Program\Delade filer\Ahead

2008-04-23 15:45:35 0 d-------- C:\Program\Ahead

2008-04-23 15:08:29 0 d-------- C:\Program\Nero

2008-04-23 15:08:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-04-23 15:08:28 0 d-------- C:\Program\DVD Decrypter

2008-04-23 15:08:28 0 d-------- C:\Program\Delade filer\Nero

2008-04-21 19:48:35 0 d-------- C:\Program\Microsoft Works

2008-04-21 19:48:01 0 d-------- C:\Program\Microsoft.NET

2008-04-21 19:46:42 0 d-------- C:\WINDOWS\SHELLNEW

2008-04-21 19:46:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-21 19:46:02 0 dr-h----- C:\MSOCache

2008-04-21 19:22:46 0 d-------- C:\Program\Kutchka

2008-04-21 19:22:46 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Kutchka

2008-04-21 10:49:09 0 d-------- C:\WINDOWS\Sun

2008-04-21 10:37:02 0 d-------- C:\Program\Axis Communications

2008-04-21 00:19:36 0 d-------- C:\Documents and Settings\Ägaren\Application Data\OpenOffice.org2

2008-04-21 00:16:34 0 d-------- C:\Program\OpenOffice.org 2.4

2008-04-21 00:15:45 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Sun

2008-04-20 12:54:21 0 d-------- C:\Program\Delade filer\xing shared

2008-04-20 12:54:13 0 d-------- C:\Program Files

2008-04-20 12:54:11 0 d-------- C:\Program\Delade filer\Real

2008-04-20 12:54:10 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Real

2008-04-20 12:50:23 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Nokia Multimedia Player

2008-04-19 05:16:23 0 d-------- C:\Documents and Settings\Gäst\Application Data\Macromedia

2008-04-19 05:15:32 0 d-------- C:\Documents and Settings\Gäst\Application Data\Adobe

2008-04-19 05:14:19 0 d-------- C:\Documents and Settings\Gäst\Application Data\Teleca

2008-04-19 05:14:00 0 d-------- C:\Documents and Settings\Gäst\Application Data\Identities

2008-04-19 05:13:49 0 dr------- C:\Documents and Settings\Gäst\Start-meny

2008-04-19 05:13:49 0 d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-04-19 05:13:49 0 dr-h----- C:\Documents and Settings\Gäst\SendTo

2008-04-19 05:13:49 0 dr-h----- C:\Documents and Settings\Gäst\Recent

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-04-19 05:13:49 0 dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Mallar

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-04-19 05:13:49 0 dr------- C:\Documents and Settings\Gäst\Favoriter

2008-04-19 05:13:49 0 d--hs---- C:\Documents and Settings\Gäst\Cookies

2008-04-19 05:13:49 0 dr-h----- C:\Documents and Settings\Gäst\Application Data

2008-04-19 05:13:49 0 d---s---- C:\Documents and Settings\Gäst\Application Data\Microsoft

2008-04-19 05:13:48 786432 --ah----- C:\Documents and Settings\Gäst\NTUSER.DAT

2008-04-18 22:41:14 0 d-------- C:\Program\Windows Media Connect 2

2008-04-18 22:39:46 0 d-------- C:\9cee2aa79b608a4416bc67a47a

2008-04-18 22:39:42 0 d-------- C:\WINDOWS\system32\LogFiles

2008-04-18 22:39:42 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2008-04-18 22:21:13 0 d-------- C:\Program\Ät&Njut på CD-rom

2008-04-18 22:20:07 0 d--h----- C:\Program\Zero G Registry

2008-04-18 20:04:48 384018 --a------ C:\WINDOWS\system32\perfh01D.dat

2008-04-18 20:04:48 63134 --a------ C:\WINDOWS\system32\perfc01D.dat

2008-04-18 20:04:37 60928 --a------ C:\WINDOWS\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>

2008-04-18 20:04:37 10240 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>

2008-04-18 20:04:37 48128 --a------ C:\WINDOWS\system32\drivers\SiSRaid.sys <Not Verified; Silicon Integrated Systems; SiS 180/181 Controller>

2008-04-18 20:04:37 97920 --a------ C:\WINDOWS\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc.; SiI 3112 SATARaid controller>

2008-04-18 20:04:37 135168 --a------ C:\WINDOWS\system32\drivers\Property.dll <Not Verified; ; 180property Dynamic Link Library>

2008-04-18 20:04:37 132608 --a------ C:\WINDOWS\system32\drivers\adpu320.sys <Not Verified; Adaptec, Inc.; Adaptec Windows 2000, XP and Server 2003 Ultra320 Family Driver>

2008-04-18 19:49:42 0 d-------- C:\i386

2008-04-18 16:09:12 0 d-------- C:\Documents and Settings\Ägaren\Application Data\RegistrySmart

2008-04-18 15:53:31 0 d-------- C:\Program\MSXML 4.0

2008-04-18 15:44:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2008-04-18 15:44:10 0 d-------- C:\Program\Delade filer\Adobe

2008-04-18 15:36:39 0 d-------- C:\Program\Canon

2008-04-18 15:18:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Canon

2008-04-18 15:05:42 0 d--h----- C:\CanoScan

2008-04-18 14:24:18 0 d-------- C:\WINDOWS\system32\PreInstall

2008-04-18 14:17:07 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>

2008-04-18 14:14:08 0 d-------- C:\Media

2008-04-18 14:14:05 0 d-------- C:\Program\Creative

2008-04-18 14:11:11 0 d-------- C:\Documents and Settings\Ägaren\Contacts

2008-04-18 14:08:43 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller

2008-04-18 14:08:13 0 d-------- C:\Program\Windows Live

2008-04-18 14:08:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-18 14:05:41 0 d-------- C:\Program\MessengerPlus! 3

2008-04-18 14:00:29 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Adobe

2008-04-18 13:58:46 143360 -ra------ C:\WINDOWS\apptune1020.exe <Not Verified; Zenographics; Zenographics apptune>

2008-04-18 13:58:40 0 d-------- C:\Program\Hewlett-Packard

2008-04-18 13:58:39 0 d--h----- C:\Program\Zenographics

2008-04-18 13:51:13 163840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr <Not Verified; ArcSoft Inc.; Saver>

2008-04-18 13:51:12 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>

2008-04-18 13:50:22 0 d-------- C:\Program\ArcSoft

2008-04-18 13:42:16 0 d-------- C:\WINDOWS\RegisteredPackages

2008-04-18 13:42:01 0 d-------- C:\Documents and Settings\Ägaren\Application Data\PC Suite

2008-04-18 13:42:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-04-18 13:40:28 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Nokia

2008-04-18 13:40:10 0 d-------- C:\Program\Delade filer\PCSuite

2008-04-18 13:40:10 0 d-------- C:\Program\Delade filer\Nokia

2008-04-18 13:40:00 0 d-------- C:\Program\DIFX

2008-04-18 13:39:53 0 d-------- C:\Program\PC Connectivity Solution

2008-04-18 13:39:45 0 d-------- C:\Program\Nokia

2008-04-18 13:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2008-04-18 13:34:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-04-18 13:27:40 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Sony Ericsson

2008-04-18 13:27:34 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Teleca

2008-04-18 13:26:38 0 d-------- C:\Documents and Settings\All Users\Documents

2008-04-18 13:26:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-04-18 13:26:27 0 d-------- C:\Program\Sony Ericsson

2008-04-18 13:26:27 0 d-------- C:\Program\Delade filer\Teleca Shared

2008-04-18 13:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-04-18 13:25:56 0 d-------- C:\WINDOWS\Downloaded Installations

2008-04-18 13:23:27 0 d-------- C:\Program\QuickTime

2008-04-18 13:23:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-04-18 13:22:27 0 d-------- C:\Program\Disc2Phone

2008-04-18 13:12:10 0 d-------- C:\WINDOWS\system32\sv-se

2008-04-18 13:11:56 0 d-------- C:\APPS

2008-04-18 13:11:42 0 d--hs---- C:\WINDOWS\Installer

2008-04-18 13:11:41 0 d-------- C:\Program\Delade filer\ODBC

2008-04-18 13:11:40 0 dr------- C:\Program

2008-04-18 13:11:40 0 d-------- C:\Program\Delade filer

2008-04-18 13:11:40 0 d-------- C:\Program\Delade filer\SpeechEngines

2008-04-18 13:11:31 0 dr------- C:\Documents and Settings\Default User\Start-meny

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\Default User\Skrivbord

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Skrivare

2008-04-18 13:11:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Recent

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Nätverket

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\Default User\Mina dokument

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Mallar

2008-04-18 13:11:31 0 dr-h----- C:\Documents and Settings\Default User\Lokala inställningar

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\Default User\Favoriter

2008-04-18 13:11:31 0 d---s---- C:\Documents and Settings\Default User\Cookies

2008-04-18 13:11:31 0 dr------- C:\Documents and Settings\All Users\Start-meny

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\All Users\Skrivbord

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\All Users\Mallar

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\All Users\Favoriter

2008-04-18 13:11:31 0 dr------- C:\Documents and Settings\All Users\Dokument

2008-04-18 13:11:23 0 d-------- C:\WINDOWS\system32\CatRoot2

2008-04-18 13:11:23 0 d-------- C:\WINDOWS\system32\CatRoot

2008-04-18 13:11:17 0 dr-h----- C:\Documents and Settings\Default User\Application Data

2008-04-18 13:11:17 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft

2008-04-18 13:11:17 0 dr-h----- C:\Documents and Settings\All Users\Application Data

2008-04-18 13:11:17 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-04-18 13:11:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2008-04-18 13:11:08 0 d--hs---- C:\System Volume Information

2008-04-18 13:11:08 0 d-------- C:\Documents and Settings

2008-04-18 13:08:04 68424 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Microsoft Corporation; >

2008-04-18 13:07:55 0 d-------- C:\Program\LiveBear

2008-04-18 13:06:30 0 d-------- C:\WINDOWS

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\WinSxS

2008-04-18 13:06:30 0 dr------- C:\WINDOWS\Web

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\twain_32

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\wins

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\wbem

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\usmt

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\spool

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\ShellExt

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\Setup

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\ras

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\oobe

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\npp

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\mui

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\inetsrv

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\IME

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\icsxml

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\ias

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\export

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\drivers

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\drivers\etc

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\drivers\disdn

2008-04-18 13:06:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\dhcp

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\config

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\3com_dmi

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\3076

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\2052

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1054

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1053

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1042

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1041

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1037

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1033

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1031

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1028

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1025

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\security

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Resources

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\repair

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Provisioning

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\PeerNet

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\pchealth

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\mui

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\msapps

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\msagent

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Media

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\java

2008-04-18 13:06:30 0 d--h----- C:\WINDOWS\inf

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\ime

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Help

2008-04-18 13:06:30 0 dr--s---- C:\WINDOWS\Fonts

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Driver Cache

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Debug

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Cursors

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Connection Wizard

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Config

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\AppPatch

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\addins

2008-04-18 13:00:22 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-04-18 12:57:46 249 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-04-18 12:57:44 246532 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-04-18 12:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Backup

2008-04-18 12:57:23 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHELP HTML 9.2>

2008-04-18 12:57:19 0 d-------- C:\WINDOWS\system32\PAV

2008-04-18 12:57:19 0 d-------- C:\Program\Panda Security

2008-04-18 12:53:42 0 d-------- C:\Program\Delade filer\Panda Software

2008-04-18 12:53:40 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Macromedia

2008-04-18 12:44:25 0 d--hs---- C:\Documents and Settings\Ägaren\UserData

2008-04-18 12:36:53 0 d-------- C:\WINDOWS\system32\Lang

2008-04-18 12:34:41 0 d------c- C:\WINDOWS\system32\DRVSTORE

2008-04-18 12:33:39 40960 --a------ C:\WINDOWS\system32\ChCfg.exe

2008-04-18 12:33:26 0 d-------- C:\WINDOWS\system32\RTCOM

2008-04-18 12:33:16 0 d-------- C:\Program\Realtek

2008-04-18 12:33:16 0 d--h----- C:\Program\InstallShield Installation Information

2008-04-18 12:33:14 487424 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>

2008-04-18 12:33:12 0 d-------- C:\Program\Delade filer\InstallShield

2008-04-18 11:40:17 0 d-------- C:\WINDOWS\system32\ReinstallBackups

2008-04-18 11:40:17 0 d-------- C:\Program\Intel

2008-04-18 11:39:52 0 d-------- C:\fsc.tmp

2008-04-18 11:26:15 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Identities

2008-04-18 11:24:56 0 d-------- C:\WINDOWS\system32\URTTemp

2008-04-18 11:24:46 0 dr------- C:\Documents and Settings\Ägaren\Start-meny

2008-04-18 11:24:46 0 d-------- C:\Documents and Settings\Ägaren\Skrivbord

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Skrivare

2008-04-18 11:24:46 0 dr-h----- C:\Documents and Settings\Ägaren\SendTo

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Nätverket

2008-04-18 11:24:46 3407872 --ah----- C:\Documents and Settings\Ägaren\NTUSER.DAT

2008-04-18 11:24:46 0 dr------- C:\Documents and Settings\Ägaren\Mina dokument

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Mallar

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Lokala inställningar

2008-04-18 11:24:46 0 dr------- C:\Documents and Settings\Ägaren\Favoriter

2008-04-18 11:24:46 0 d--hs---- C:\Documents and Settings\Ägaren\Cookies

2008-04-18 11:24:46 0 dr-h----- C:\Documents and Settings\Ägaren\Application Data

2008-04-18 11:24:36 0 d-------- C:\WINDOWS\SoftwareDistribution

2008-04-18 11:24:34 0 d-------- C:\WINDOWS\Prefetch

2008-04-18 11:24:33 0 d---s---- C:\WINDOWS\system32\Microsoft

2008-04-18 11:24:33 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT

2008-04-18 11:24:33 0 d--h----- C:\Documents and Settings\LocalService\Lokala inställningar

2008-04-18 11:24:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies

2008-04-18 11:24:33 0 d-------- C:\Documents and Settings\LocalService\Application Data

2008-04-18 11:24:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft

2008-04-18 11:24:29 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT

2008-04-18 11:24:29 0 d--h----- C:\Documents and Settings\NetworkService\Lokala inställningar

2008-04-18 11:24:29 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies

2008-04-18 11:24:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data

2008-04-18 11:24:29 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft

2008-04-18 11:20:55 0 d-------- C:\WINDOWS\system32\xircom

2008-04-18 11:20:55 0 d-------- C:\Program\microsoft frontpage

2008-04-18 11:20:52 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT

2008-04-18 11:20:12 0 d-------- C:\Program\Java

2008-04-18 11:20:11 0 d-------- C:\Program\Delade filer\Java

2008-04-18 11:20:05 0 d-------- C:\WINDOWS\fsc

2008-04-18 11:20:04 0 d-------- C:\AddOn

2008-04-18 11:17:48 0 d--h----- C:\WINDOWS\$hf_mig$

2008-04-18 11:17:45 0 -rahs---- C:\MSDOS.SYS

2008-04-18 11:17:45 0 -rahs---- C:\IO.SYS

2008-04-18 11:17:45 0 --a------ C:\CONFIG.SYS

2008-04-18 11:17:45 0 --a------ C:\AUTOEXEC.BAT

2008-04-18 11:17:08 0 d--hs---- C:\Documents and Settings\All Users\DRM

2008-04-18 11:17:00 0 dr------- C:\WINDOWS\Offline Web Pages

2008-04-18 11:17:00 0 d---s---- C:\WINDOWS\Downloaded Program Files

2008-04-18 11:16:51 0 d--h----- C:\Program\WindowsUpdate

2008-04-18 11:16:50 0 d-------- C:\Program\Onlinetjänster

2008-04-18 11:16:44 0 d-------- C:\WINDOWS\system32\DirectX

2008-04-18 11:16:39 0 d---s---- C:\WINDOWS\Tasks

2008-04-18 11:16:39 0 d-------- C:\Program\Delade filer\MSSoap

2008-04-18 11:16:37 0 d-------- C:\WINDOWS\system32\Macromed

2008-04-18 11:16:37 0 d-------- C:\WINDOWS\srchasst

2008-04-18 11:16:35 0 d-------- C:\Program\Movie Maker

2008-04-18 11:16:34 0 d-------- C:\WINDOWS\system32\Restore

2008-04-18 11:16:29 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-04-18 11:16:26 0 d-------- C:\WINDOWS\Registration

2008-04-18 11:16:02 0 d-------- C:\Program\MSN Gaming Zone

2008-04-18 11:16:02 0 d-------- C:\Program\Messenger

2008-04-18 11:15:55 0 d-------- C:\WINDOWS\system32\MsDtc

2008-04-18 11:15:55 0 d-------- C:\Program\Windows NT

2008-04-18 11:15:54 0 d-------- C:\WINDOWS\system32\Com

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-04-24 13:21:04 34 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.log

2008-04-24 13:21:01 7887 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.cat

2008-04-24 13:21:00 1144 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.inf

2008-04-18 13:11:31 62 --ahs---- C:\Documents and Settings\Ägaren\Application Data\desktop.ini

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 15:34 C:\WINDOWS\RTHDCPL.exe]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-04-18 13:23]

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-04-20 12:54]

"NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59]

"RemoteControl"="C:\Program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 16:13]

"NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"PC Suite Tray"="C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20]

"MessengerPlus3"="C:\Program\MessengerPlus! 3\MsgPlus.exe" [2008-04-18 14:05]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLFvTN]

jkkLFvTN.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-04-25 12:02:13 ------------

 

[/log]

[log]Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: Swedish

 

CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz

CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz

Percentage of Memory in Use: 52%

Physical Memory (total/avail): 1014.11 MiB / 481.32 MiB

Pagefile Memory (total/avail): 2440.57 MiB / 1964.82 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1886.47 MiB

 

C: is Fixed (NTFS) - 74.53 GiB total, 15.45 GiB free.

D: is CDROM (No Media)

 

\\.\PHYSICALDRIVE0 - ST98823AS - 74.53 GiB - 1 partition

\PARTITION0 (bootable) - Installerbart filsystem - 74.53 GiB - C:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

 

FirstRunDisabled is set.

 

FW: Panda Internet Security 2008 v12.01.00 (Panda Security)

AV: Panda Internet Security 2008 v12.01.00 (Panda Security)

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program\\Windows Live\\Messenger\\livecall.exe"="C:\\Program\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Žgaren\Application Data

CLASSPATH=C:\Program\Java\jre1.5.0_06\lib\ext\QTJava.zip

CLIENTNAME=Console

CommonProgramFiles=C:\Program\Delade filer

COMPUTERNAME=HENRIK-5DCC9F61

ComSpec=C:\WINDOWS\system32\cmd.exe

DEFAULT_CA_NR=CA6

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Žgaren

LOGONSERVER=\\HENRIK-5DCC9F61

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program\PC Connectivity Solution;C:\Program\Panda Security\Panda Internet Security 2008;C:\Program\QuickTime\QTSystem;C:\Program\Delade filer\Teleca Shared

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e08

ProgramFiles=C:\Program

PROMPT=$P$G

QTJAVA=C:\Program\Java\jre1.5.0_06\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\GAREN~1\LOKALA~1\Temp

TMP=C:\DOCUME~1\GAREN~1\LOKALA~1\Temp

USERDOMAIN=HENRIK-5DCC9F61

USERNAME=Žgaren

USERPROFILE=C:\Documents and Settings\Žgaren

windir=C:\WINDOWS

 

 

-- User Profiles ---------------------------------------------------------------

 

Ägaren (admin)

Gäst (new local, guest)

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

HijackThis 2.0.2 --> "C:\Program\Trend Micro\HijackThis\HijackThis.exe" /uninstall

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type741 / Error

Event Submitted/Written: 04/25/2008 11:00:37 AM

Event ID/Source: 5000 / Microsoft Office 12

Event Description:

EventType officelifeboathang, P1 winword.exe, P2 12.0.6211.1000, P3 ntdll.dll, P4 5.1.2600.2180, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

 

Event Record #/Type729 / Warning

Event Submitted/Written: 04/25/2008 09:33:12 AM

Event ID/Source: 1524 / Userenv

Event Description:

Det går inte att ta bort klassregisterfilen ur minnet eftersom den fortfarande används av andra program eller tjänster. Filen kommer att tas bort från minnet när den inte längre används.

 

Event Record #/Type728 / Error

Event Submitted/Written: 04/25/2008 08:45:12 AM

Event ID/Source: 1002 / Application Hang

Event Description:

Stoppat program iexplore.exe, version 7.0.6000.16640, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Event Record #/Type686 / Error

Event Submitted/Written: 04/24/2008 11:42:40 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Stoppat program iexplore.exe, version 7.0.6000.16640, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Event Record #/Type685 / Error

Event Submitted/Written: 04/24/2008 10:58:15 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Stoppat program wmplayer.exe, version 11.0.5721.5145, stoppad modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type7606 / Error

Event Submitted/Written: 04/25/2008 11:57:24 AM

Event ID/Source: 7026 / Service Control Manager

Event Description:

Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:

O2MDRDR

SASDIFSV

SASKUTIL

 

Event Record #/Type7583 / Error

Event Submitted/Written: 04/25/2008 11:48:46 AM

Event ID/Source: 7026 / Service Control Manager

Event Description:

Följande start- eller systemstartdrivrutin(er) avbröts på grund av fel under start:

O2MDRDR

SASDIFSV

SASKUTIL

 

Event Record #/Type7577 / Error

Event Submitted/Written: 04/25/2008 11:39:01 AM

Event ID/Source: 7023 / Service Control Manager

Event Description:

Tjänsten Application Management avbröts med följande fel:

%%126

 

Event Record #/Type7574 / Error

Event Submitted/Written: 04/25/2008 11:39:01 AM

Event ID/Source: 7023 / Service Control Manager

Event Description:

Tjänsten Application Management avbröts med följande fel:

%%126

 

Event Record #/Type7571 / Error

Event Submitted/Written: 04/25/2008 11:39:01 AM

Event ID/Source: 7023 / Service Control Manager

Event Description:

Tjänsten Application Management avbröts med följande fel:

%%126

 

 

 

-- End of Deckard's System Scanner: finished at 2008-04-25 12:02:13 ------------

 

[/log]

[log]Deckard's System Scanner v20071014.68

Run by Ägaren on 2008-04-25 11:58:08

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

 

 

-- Last 5 Restore Point(s) --

60: 2008-04-25 09:43:41 UTC - RP60 - Deckard's System Scanner Restore Point

59: 2008-04-25 09:38:46 UTC - RP59 - Removed SUPERAntiSpyware Professional

58: 2008-04-25 09:19:46 UTC - RP58 - Uniblue RegistryBooster

57: 2008-04-25 08:58:48 UTC - RP57 - Installed SUPERAntiSpyware Professional

56: 2008-04-25 06:08:14 UTC - RP56 - ComboFix created restore point

 

 

-- First Restore Point --

1: 2008-04-24 14:05:35 UTC - RP1 - Systemkontrollpunkt

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as Ägaren.exe) ----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:58, on 2008-04-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

C:\Program\Panda Security\Panda Internet Security 2008\AVENGINE.EXE

c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Internet Security 2008\ApvxdWin.exe

C:\Program\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program\QuickTime\qttask.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe

C:\Documents and Settings\Ägaren\Skrivbord\dss.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\Panda Security\Panda Internet Security 2008\WebProxy.exe

C:\Program\TRENDM~1\HIJACK~1\Ägaren.exe

C:\Program\Panda Security\Panda Internet Security 2008\avciman.exe

C:\Program\Panda Security\Panda Internet Security 2008\psimreal.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208516889171

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208539847171

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://nydalakameran.net.umea.se/activex/AMC.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam2.vilhelmina.se/activex/AxisCamControl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - Winlogon Notify: jkkLFvTN - jkkLFvTN.dll (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Panda Software Controller - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\pavsrv51.exe

O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program\panda security\panda internet security 2008\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\PsImSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program\Panda Security\Panda Internet Security 2008\TPSrv.exe

 

--

End of file - 7872 bytes

 

-- File Associations -----------------------------------------------------------

 

.js - JSFile - shell\open\command - C:\Program\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

.vbs - VBSFile - shell\open\command - C:\Program\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)

R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)

R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)

R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

 

S0 O2MDRDR - c:\windows\system32\drivers\o2media.sys (file missing)

S0 O2SDRDR - c:\windows\system32\drivers\o2sd.sys (file missing)

S1 SASDIFSV - c:\program\superantispyware\sasdifsv.sys (file missing)

S1 SASKUTIL - c:\program\superantispyware\saskutil.sys (file missing)

S3 catchme - c:\combofix\catchme.sys (file missing)

S3 SASENUM - c:\program\superantispyware\sasenum.sys (file missing)

S3 smserial - c:\windows\system32\drivers\smserial.sys (file missing)

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 Nero BackItUp Scheduler 3 - c:\program\nero\nero8\nero backitup\nbservice.exe

R3 ServiceLayer - "c:\program\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

Class GUID:

Description: Modemenhet på High Definition Audio-buss

Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\4&34E4CF7E&0&0001

Manufacturer:

Name: Modemenhet på High Definition Audio-buss

PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10573055&REV_1007\4&34E4CF7E&0&0001

Service:

 

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Description: Styrenhet för lagringsenhet

Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10C71734&REV_01\4&6B16D5B&0&23F0

Manufacturer:

Name: Styrenhet för lagringsenhet

PNP Device ID: PCI\VEN_1217&DEV_7130&SUBSYS_10C71734&REV_01\4&6B16D5B&0&23F0

Service: O2MDRDR

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-04-23 03:30:00 404 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job

 

 

-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

 

2008-04-25 11:17:40 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Uniblue

2008-04-25 10:59:52 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-04-25 10:58:50 0 d-------- C:\Program\SUPERAntiSpyware

2008-04-25 10:58:50 0 d-------- C:\Documents and Settings\Ägaren\Application Data\SUPERAntiSpyware.com

2008-04-25 08:51:06 2822 --a------ C:\WINDOWS\system32\tmp.reg

2008-04-25 08:49:36 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-04-25 08:49:36 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >

2008-04-25 08:49:36 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>

2008-04-25 08:49:36 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>

2008-04-25 08:49:36 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>

2008-04-25 08:49:36 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-25 08:49:36 51200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-04-25 08:49:36 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>

2008-04-25 08:43:27 0 dr-h----- C:\Documents and Settings\Ägaren\Recent

2008-04-25 08:10:51 53248 --a------ C:\WINDOWS\PSEXESVC.EXE

2008-04-25 08:07:52 68096 --a------ C:\WINDOWS\zip.exe

2008-04-25 08:07:52 49152 --a------ C:\WINDOWS\VFind.exe

2008-04-25 08:07:52 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-04-25 08:07:52 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-04-25 08:07:52 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-04-25 08:07:52 98816 --a------ C:\WINDOWS\sed.exe

2008-04-25 08:07:52 80412 --a------ C:\WINDOWS\grep.exe

2008-04-25 08:07:52 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-04-24 20:19:54 0 d-------- C:\Program\Trend Micro

2008-04-24 17:55:33 0 d-------- C:\Documents and Settings\Ägaren\Application Data\TmpRecentIcons

2008-04-24 17:52:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2008-04-24 17:27:31 0 d-------- C:\Documents and Settings\All Users\Application Data\FirstClass

2008-04-24 17:27:27 0 d-------- C:\Program\FirstClass

2008-04-24 15:59:57 0 d-------- C:\Documents and Settings\All Users\Application Data\tgrgtyze

2008-04-24 14:45:20 0 d-------- C:\Documents and Settings\Ägaren\Application Data\CyberLink

2008-04-24 14:44:44 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

2008-04-24 14:14:22 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk

2008-04-24 13:34:22 0 d-------- C:\Program\Messenger Plus! Live

2008-04-24 13:21:00 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

2008-04-24 13:21:00 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Vso

2008-04-24 13:21:00 47360 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

2008-04-24 13:20:56 0 d-------- C:\Program\DVDFab Platinum 4

2008-04-24 07:57:33 0 d-------- C:\Program\DVDFab HD Decrypter 4

2008-04-23 16:54:01 0 d-------- C:\Ingmar Bergman

2008-04-23 15:52:27 0 d-------- C:\Program\CyberLink

2008-04-23 15:51:23 0 d-------- C:\Program\NeroInstall.bak

2008-04-23 15:48:33 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>

2008-04-23 15:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead

2008-04-23 15:45:47 106496 -----n--- C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>

2008-04-23 15:45:47 38912 -----n--- C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>

2008-04-23 15:45:38 0 d-------- C:\Program\Delade filer\Ahead

2008-04-23 15:45:35 0 d-------- C:\Program\Ahead

2008-04-23 15:08:29 0 d-------- C:\Program\Nero

2008-04-23 15:08:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-04-23 15:08:28 0 d-------- C:\Program\DVD Decrypter

2008-04-23 15:08:28 0 d-------- C:\Program\Delade filer\Nero

2008-04-21 19:48:35 0 d-------- C:\Program\Microsoft Works

2008-04-21 19:48:01 0 d-------- C:\Program\Microsoft.NET

2008-04-21 19:46:42 0 d-------- C:\WINDOWS\SHELLNEW

2008-04-21 19:46:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-21 19:46:02 0 dr-h----- C:\MSOCache

2008-04-21 19:22:46 0 d-------- C:\Program\Kutchka

2008-04-21 19:22:46 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Kutchka

2008-04-21 10:49:09 0 d-------- C:\WINDOWS\Sun

2008-04-21 10:37:02 0 d-------- C:\Program\Axis Communications

2008-04-21 00:19:36 0 d-------- C:\Documents and Settings\Ägaren\Application Data\OpenOffice.org2

2008-04-21 00:16:34 0 d-------- C:\Program\OpenOffice.org 2.4

2008-04-21 00:15:45 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Sun

2008-04-20 12:54:21 0 d-------- C:\Program\Delade filer\xing shared

2008-04-20 12:54:13 0 d-------- C:\Program Files

2008-04-20 12:54:11 0 d-------- C:\Program\Delade filer\Real

2008-04-20 12:54:10 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Real

2008-04-20 12:50:23 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Nokia Multimedia Player

2008-04-19 05:16:23 0 d-------- C:\Documents and Settings\Gäst\Application Data\Macromedia

2008-04-19 05:15:32 0 d-------- C:\Documents and Settings\Gäst\Application Data\Adobe

2008-04-19 05:14:19 0 d-------- C:\Documents and Settings\Gäst\Application Data\Teleca

2008-04-19 05:14:00 0 d-------- C:\Documents and Settings\Gäst\Application Data\Identities

2008-04-19 05:13:49 0 dr------- C:\Documents and Settings\Gäst\Start-meny

2008-04-19 05:13:49 0 d-------- C:\Documents and Settings\Gäst\Skrivbord

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Skrivare

2008-04-19 05:13:49 0 dr-h----- C:\Documents and Settings\Gäst\SendTo

2008-04-19 05:13:49 0 dr-h----- C:\Documents and Settings\Gäst\Recent

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Nätverket

2008-04-19 05:13:49 0 dr------- C:\Documents and Settings\Gäst\Mina dokument

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Mallar

2008-04-19 05:13:49 0 d--h----- C:\Documents and Settings\Gäst\Lokala inställningar

2008-04-19 05:13:49 0 dr------- C:\Documents and Settings\Gäst\Favoriter

2008-04-19 05:13:49 0 d--hs---- C:\Documents and Settings\Gäst\Cookies

2008-04-19 05:13:49 0 dr-h----- C:\Documents and Settings\Gäst\Application Data

2008-04-19 05:13:49 0 d---s---- C:\Documents and Settings\Gäst\Application Data\Microsoft

2008-04-19 05:13:48 786432 --ah----- C:\Documents and Settings\Gäst\NTUSER.DAT

2008-04-18 22:41:14 0 d-------- C:\Program\Windows Media Connect 2

2008-04-18 22:39:46 0 d-------- C:\9cee2aa79b608a4416bc67a47a

2008-04-18 22:39:42 0 d-------- C:\WINDOWS\system32\LogFiles

2008-04-18 22:39:42 0 d-------- C:\WINDOWS\system32\drivers\UMDF

2008-04-18 22:21:13 0 d-------- C:\Program\Ät&Njut på CD-rom

2008-04-18 22:20:07 0 d--h----- C:\Program\Zero G Registry

2008-04-18 20:04:48 384018 --a------ C:\WINDOWS\system32\perfh01D.dat

2008-04-18 20:04:48 63134 --a------ C:\WINDOWS\system32\perfc01D.dat

2008-04-18 20:04:37 60928 --a------ C:\WINDOWS\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>

2008-04-18 20:04:37 10240 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>

2008-04-18 20:04:37 48128 --a------ C:\WINDOWS\system32\drivers\SiSRaid.sys <Not Verified; Silicon Integrated Systems; SiS 180/181 Controller>

2008-04-18 20:04:37 97920 --a------ C:\WINDOWS\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc.; SiI 3112 SATARaid controller>

2008-04-18 20:04:37 135168 --a------ C:\WINDOWS\system32\drivers\Property.dll <Not Verified; ; 180property Dynamic Link Library>

2008-04-18 20:04:37 132608 --a------ C:\WINDOWS\system32\drivers\adpu320.sys <Not Verified; Adaptec, Inc.; Adaptec Windows 2000, XP and Server 2003 Ultra320 Family Driver>

2008-04-18 19:49:42 0 d-------- C:\i386

2008-04-18 16:09:12 0 d-------- C:\Documents and Settings\Ägaren\Application Data\RegistrySmart

2008-04-18 15:53:31 0 d-------- C:\Program\MSXML 4.0

2008-04-18 15:44:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe

2008-04-18 15:44:10 0 d-------- C:\Program\Delade filer\Adobe

2008-04-18 15:36:39 0 d-------- C:\Program\Canon

2008-04-18 15:18:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Canon

2008-04-18 15:05:42 0 d--h----- C:\CanoScan

2008-04-18 14:24:18 0 d-------- C:\WINDOWS\system32\PreInstall

2008-04-18 14:17:07 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System>

2008-04-18 14:14:08 0 d-------- C:\Media

2008-04-18 14:14:05 0 d-------- C:\Program\Creative

2008-04-18 14:11:11 0 d-------- C:\Documents and Settings\Ägaren\Contacts

2008-04-18 14:08:43 0 d--hs--c- C:\Program\Delade filer\WindowsLiveInstaller

2008-04-18 14:08:13 0 d-------- C:\Program\Windows Live

2008-04-18 14:08:06 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-18 14:05:41 0 d-------- C:\Program\MessengerPlus! 3

2008-04-18 14:00:29 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Adobe

2008-04-18 13:58:46 143360 -ra------ C:\WINDOWS\apptune1020.exe <Not Verified; Zenographics; Zenographics apptune>

2008-04-18 13:58:40 0 d-------- C:\Program\Hewlett-Packard

2008-04-18 13:58:39 0 d--h----- C:\Program\Zenographics

2008-04-18 13:51:13 163840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr <Not Verified; ArcSoft Inc.; Saver>

2008-04-18 13:51:12 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>

2008-04-18 13:50:22 0 d-------- C:\Program\ArcSoft

2008-04-18 13:42:16 0 d-------- C:\WINDOWS\RegisteredPackages

2008-04-18 13:42:01 0 d-------- C:\Documents and Settings\Ägaren\Application Data\PC Suite

2008-04-18 13:42:00 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite

2008-04-18 13:40:28 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Nokia

2008-04-18 13:40:10 0 d-------- C:\Program\Delade filer\PCSuite

2008-04-18 13:40:10 0 d-------- C:\Program\Delade filer\Nokia

2008-04-18 13:40:00 0 d-------- C:\Program\DIFX

2008-04-18 13:39:53 0 d-------- C:\Program\PC Connectivity Solution

2008-04-18 13:39:45 0 d-------- C:\Program\Nokia

2008-04-18 13:37:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

2008-04-18 13:34:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations

2008-04-18 13:27:40 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Sony Ericsson

2008-04-18 13:27:34 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Teleca

2008-04-18 13:26:38 0 d-------- C:\Documents and Settings\All Users\Documents

2008-04-18 13:26:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

2008-04-18 13:26:27 0 d-------- C:\Program\Sony Ericsson

2008-04-18 13:26:27 0 d-------- C:\Program\Delade filer\Teleca Shared

2008-04-18 13:26:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-04-18 13:25:56 0 d-------- C:\WINDOWS\Downloaded Installations

2008-04-18 13:23:27 0 d-------- C:\Program\QuickTime

2008-04-18 13:23:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-04-18 13:22:27 0 d-------- C:\Program\Disc2Phone

2008-04-18 13:12:10 0 d-------- C:\WINDOWS\system32\sv-se

2008-04-18 13:11:56 0 d-------- C:\APPS

2008-04-18 13:11:42 0 d--hs---- C:\WINDOWS\Installer

2008-04-18 13:11:41 0 d-------- C:\Program\Delade filer\ODBC

2008-04-18 13:11:40 0 dr------- C:\Program

2008-04-18 13:11:40 0 d-------- C:\Program\Delade filer

2008-04-18 13:11:40 0 d-------- C:\Program\Delade filer\SpeechEngines

2008-04-18 13:11:31 0 dr------- C:\Documents and Settings\Default User\Start-meny

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\Default User\Skrivbord

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Skrivare

2008-04-18 13:11:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Recent

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Nätverket

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\Default User\Mina dokument

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\Default User\Mallar

2008-04-18 13:11:31 0 dr-h----- C:\Documents and Settings\Default User\Lokala inställningar

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\Default User\Favoriter

2008-04-18 13:11:31 0 d---s---- C:\Documents and Settings\Default User\Cookies

2008-04-18 13:11:31 0 dr------- C:\Documents and Settings\All Users\Start-meny

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\All Users\Skrivbord

2008-04-18 13:11:31 0 d--h----- C:\Documents and Settings\All Users\Mallar

2008-04-18 13:11:31 0 d-------- C:\Documents and Settings\All Users\Favoriter

2008-04-18 13:11:31 0 dr------- C:\Documents and Settings\All Users\Dokument

2008-04-18 13:11:23 0 d-------- C:\WINDOWS\system32\CatRoot2

2008-04-18 13:11:23 0 d-------- C:\WINDOWS\system32\CatRoot

2008-04-18 13:11:17 0 dr-h----- C:\Documents and Settings\Default User\Application Data

2008-04-18 13:11:17 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft

2008-04-18 13:11:17 0 dr-h----- C:\Documents and Settings\All Users\Application Data

2008-04-18 13:11:17 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-04-18 13:11:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution

2008-04-18 13:11:08 0 d--hs---- C:\System Volume Information

2008-04-18 13:11:08 0 d-------- C:\Documents and Settings

2008-04-18 13:08:04 68424 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Microsoft Corporation; >

2008-04-18 13:07:55 0 d-------- C:\Program\LiveBear

2008-04-18 13:06:30 0 d-------- C:\WINDOWS

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\WinSxS

2008-04-18 13:06:30 0 dr------- C:\WINDOWS\Web

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\twain_32

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\wins

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\wbem

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\usmt

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\spool

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\ShellExt

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\Setup

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\ras

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\oobe

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\npp

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\mui

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\inetsrv

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\IME

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\icsxml

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\ias

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\export

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\drivers

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\drivers\etc

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\drivers\disdn

2008-04-18 13:06:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\dhcp

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\config

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\3com_dmi

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\3076

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\2052

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1054

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1053

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1042

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1041

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1037

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1033

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1031

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1028

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system32\1025

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\system

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\security

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Resources

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\repair

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Provisioning

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\PeerNet

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\pchealth

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\mui

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\msapps

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\msagent

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Media

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\java

2008-04-18 13:06:30 0 d--h----- C:\WINDOWS\inf

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\ime

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Help

2008-04-18 13:06:30 0 dr--s---- C:\WINDOWS\Fonts

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Driver Cache

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Debug

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Cursors

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Connection Wizard

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\Config

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\AppPatch

2008-04-18 13:06:30 0 d-------- C:\WINDOWS\addins

2008-04-18 13:00:22 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel

2008-04-18 12:57:46 249 --a------ C:\WINDOWS\system32\PavCPL.dat

2008-04-18 12:57:44 246532 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT

2008-04-18 12:57:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Backup

2008-04-18 12:57:23 446464 --a------ C:\WINDOWS\system32\HHActiveX.dll <Not Verified; eHelp Corporation.; RoboHELP HTML 9.2>

2008-04-18 12:57:19 0 d-------- C:\WINDOWS\system32\PAV

2008-04-18 12:57:19 0 d-------- C:\Program\Panda Security

2008-04-18 12:53:42 0 d-------- C:\Program\Delade filer\Panda Software

2008-04-18 12:53:40 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Macromedia

2008-04-18 12:44:25 0 d--hs---- C:\Documents and Settings\Ägaren\UserData

2008-04-18 12:36:53 0 d-------- C:\WINDOWS\system32\Lang

2008-04-18 12:34:41 0 d------c- C:\WINDOWS\system32\DRVSTORE

2008-04-18 12:33:39 40960 --a------ C:\WINDOWS\system32\ChCfg.exe

2008-04-18 12:33:26 0 d-------- C:\WINDOWS\system32\RTCOM

2008-04-18 12:33:16 0 d-------- C:\Program\Realtek

2008-04-18 12:33:16 0 d--h----- C:\Program\InstallShield Installation Information

2008-04-18 12:33:14 487424 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>

2008-04-18 12:33:12 0 d-------- C:\Program\Delade filer\InstallShield

2008-04-18 11:40:17 0 d-------- C:\WINDOWS\system32\ReinstallBackups

2008-04-18 11:40:17 0 d-------- C:\Program\Intel

2008-04-18 11:39:52 0 d-------- C:\fsc.tmp

2008-04-18 11:26:15 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Identities

2008-04-18 11:24:56 0 d-------- C:\WINDOWS\system32\URTTemp

2008-04-18 11:24:46 0 dr------- C:\Documents and Settings\Ägaren\Start-meny

2008-04-18 11:24:46 0 d-------- C:\Documents and Settings\Ägaren\Skrivbord

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Skrivare

2008-04-18 11:24:46 0 dr-h----- C:\Documents and Settings\Ägaren\SendTo

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Nätverket

2008-04-18 11:24:46 3407872 --ah----- C:\Documents and Settings\Ägaren\NTUSER.DAT

2008-04-18 11:24:46 0 dr------- C:\Documents and Settings\Ägaren\Mina dokument

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Mallar

2008-04-18 11:24:46 0 d--h----- C:\Documents and Settings\Ägaren\Lokala inställningar

2008-04-18 11:24:46 0 dr------- C:\Documents and Settings\Ägaren\Favoriter

2008-04-18 11:24:46 0 d--hs---- C:\Documents and Settings\Ägaren\Cookies

2008-04-18 11:24:46 0 dr-h----- C:\Documents and Settings\Ägaren\Application Data

2008-04-18 11:24:36 0 d-------- C:\WINDOWS\SoftwareDistribution

2008-04-18 11:24:34 0 d-------- C:\WINDOWS\Prefetch

2008-04-18 11:24:33 0 d---s---- C:\WINDOWS\system32\Microsoft

2008-04-18 11:24:33 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT

2008-04-18 11:24:33 0 d--h----- C:\Documents and Settings\LocalService\Lokala inställningar

2008-04-18 11:24:33 0 d--hs---- C:\Documents and Settings\LocalService\Cookies

2008-04-18 11:24:33 0 d-------- C:\Documents and Settings\LocalService\Application Data

2008-04-18 11:24:33 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft

2008-04-18 11:24:29 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT

2008-04-18 11:24:29 0 d--h----- C:\Documents and Settings\NetworkService\Lokala inställningar

2008-04-18 11:24:29 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies

2008-04-18 11:24:29 0 d-------- C:\Documents and Settings\NetworkService\Application Data

2008-04-18 11:24:29 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft

2008-04-18 11:20:55 0 d-------- C:\WINDOWS\system32\xircom

2008-04-18 11:20:55 0 d-------- C:\Program\microsoft frontpage

2008-04-18 11:20:52 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT

2008-04-18 11:20:12 0 d-------- C:\Program\Java

2008-04-18 11:20:11 0 d-------- C:\Program\Delade filer\Java

2008-04-18 11:20:05 0 d-------- C:\WINDOWS\fsc

2008-04-18 11:20:04 0 d-------- C:\AddOn

2008-04-18 11:17:48 0 d--h----- C:\WINDOWS\$hf_mig$

2008-04-18 11:17:45 0 -rahs---- C:\MSDOS.SYS

2008-04-18 11:17:45 0 -rahs---- C:\IO.SYS

2008-04-18 11:17:45 0 --a------ C:\CONFIG.SYS

2008-04-18 11:17:45 0 --a------ C:\AUTOEXEC.BAT

2008-04-18 11:17:08 0 d--hs---- C:\Documents and Settings\All Users\DRM

2008-04-18 11:17:00 0 dr------- C:\WINDOWS\Offline Web Pages

2008-04-18 11:17:00 0 d---s---- C:\WINDOWS\Downloaded Program Files

2008-04-18 11:16:51 0 d--h----- C:\Program\WindowsUpdate

2008-04-18 11:16:50 0 d-------- C:\Program\Onlinetjänster

2008-04-18 11:16:44 0 d-------- C:\WINDOWS\system32\DirectX

2008-04-18 11:16:39 0 d---s---- C:\WINDOWS\Tasks

2008-04-18 11:16:39 0 d-------- C:\Program\Delade filer\MSSoap

2008-04-18 11:16:37 0 d-------- C:\WINDOWS\system32\Macromed

2008-04-18 11:16:37 0 d-------- C:\WINDOWS\srchasst

2008-04-18 11:16:35 0 d-------- C:\Program\Movie Maker

2008-04-18 11:16:34 0 d-------- C:\WINDOWS\system32\Restore

2008-04-18 11:16:29 21700 --a------ C:\WINDOWS\system32\emptyregdb.dat

2008-04-18 11:16:26 0 d-------- C:\WINDOWS\Registration

2008-04-18 11:16:02 0 d-------- C:\Program\MSN Gaming Zone

2008-04-18 11:16:02 0 d-------- C:\Program\Messenger

2008-04-18 11:15:55 0 d-------- C:\WINDOWS\system32\MsDtc

2008-04-18 11:15:55 0 d-------- C:\Program\Windows NT

2008-04-18 11:15:54 0 d-------- C:\WINDOWS\system32\Com

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-04-24 13:21:04 34 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.log

2008-04-24 13:21:01 7887 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.cat

2008-04-24 13:21:00 1144 --a------ C:\Documents and Settings\Ägaren\Application Data\pcouffin.inf

2008-04-18 13:11:31 62 --ahs---- C:\Documents and Settings\Ägaren\Application Data\desktop.ini

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17]

"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 15:34 C:\WINDOWS\RTHDCPL.exe]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-04-18 13:23]

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" [2008-04-20 12:54]

"NeroFilterCheck"="C:\Program\Delade filer\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59]

"RemoteControl"="C:\Program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 16:13]

"NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]

"PC Suite Tray"="C:\Program\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 11:20]

"MessengerPlus3"="C:\Program\MessengerPlus! 3\MsgPlus.exe" [2008-04-18 14:05]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

avldr.dll 2007-02-15 19:02 50736 C:\WINDOWS\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLFvTN]

jkkLFvTN.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

@="Service"

 

 

 

 

-- End of Deckard's System Scanner: finished at 2008-04-25 12:02:13 ------------

 

 

[/log]