Just nu i M3-nätverket
Jump to content

Hjälp!!


hjalpmig

Recommended Posts

Hejsan!

Nu är det så att min data stängdes av av sig själv och när jag satte på den så är det en ruta nere vid klockan som poppar upp hela tiden och säger "Your computer is infected". Är det något virus tro?

 

Jag har sökt runt lite på det, och några säger att jag ska ladda ner ett program som heter malwarebytes, men när den installerar kommer det upp den ruta som säger "

C:\Program\Malwarebytes' Anti-Malware\ssubtmr6.dll

 

Kunde inte resistera DLL/OCX: RegSvr32 failed with exit code 0x3.

 

Välj Försök igen eller Ignorera och fortsätt i alla fall (ej rekommenderat), eller Avbryt installationen."

 

Jag vet inte vad jag ska ta mej till, hjälp mig nån, snälla!

 

Link to comment
Share on other sites

Ja, det är ett skadligt program. Jag sitter inte vid datorn jämnt, lite mer tålamod får man nog ha när man vänder sig till personer som ställer upp frivilligt och gratis.

 

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Okej, jag vet, men tänkte att det skulle bli värre om inget gjordes fort, men jag måste tacka för att du hjälper mig, verkligen snällt.

 

Jag laddade ner HiJackThis som du sa, men när jag klickar på ikonen häner igenting. Programet vill inte starta. När jag gick in på kontrollpanelen för att avinstallera den, fanns den inte där. Vet du vad som kan ha hänt?

 

Link to comment
Share on other sites

Pröva med att byta namn på den nedladdade filen från HJTInstall till något annat som rensa.

 

Om inte det heller går så ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt.

Bocka för Scan all Users.

Välj 30 dagar för File Age om det redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Installera den här filen

http://www.microsoft.com/downloads/details.aspx?FamilyId=7B9BA261-7A9C-43E7-9117-F673077FFB3C&displaylang=en

så bör det gå bättre att installaera Malwarebytes Anti-Malware (MBAM) sen.

 

Link to comment
Share on other sites

Det funkade i alla fall inte, men det gick med OTView.[log]OTViewIt logfile created on: 2008-10-30 20:47:52 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Madde\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

447,48 Mb Total Physical Memory | 194,73 Mb Available Physical Memory | 43,52% Memory free

1,25 Gb Paging File | 0,89 Gb Available in Paging File | 71,43% Paging File free

Paging file location(s): C:\pagefile.sys 896 896;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 46,58 Gb Total Space | 3,00 Gb Free Space | 6,44% Space Free | Partition Type: NTFS

Drive D: | 4,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN574102870231

Current User Name: Madde

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2007-09-06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2004-08-25 07:12:14 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe

[2003-10-27 11:03:12 | 02,256,896 | ---- | M] () -- C:\Program\Stop-the-Pop-Up Lite\stopthepop.exe

[2005-01-11 06:33:24 | 00,143,360 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe

[2005-03-08 02:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2004-08-12 14:13:16 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPLpr.exe

[2004-08-12 14:12:50 | 00,684,032 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPEnh.exe

[2005-04-15 10:01:46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2007-01-30 10:40:54 | 00,094,208 | ---- | M] (Universal Electronics Inc.) -- C:\Program\SimpleCenter\bin\win\sclauncher.exe

[2007-03-23 13:20:52 | 00,227,328 | ---- | M] (Nokia) -- C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[2007-11-15 13:11:04 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunesHelper.exe

[2007-08-24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

[2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe

[2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe

[2004-09-14 09:33:19 | 00,375,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regscan.exe

[2007-03-26 13:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program\PC Connectivity Solution\ServiceLayer.exe

[2007-01-30 10:40:56 | 00,163,328 | ---- | M] (Universal Electronics, Inc.) -- C:\Program\SimpleCenter\Home Media Server.exe

[2007-12-07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\ONENOTEM.EXE

[2008-07-18 21:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2007-11-15 13:10:54 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe

[2007-01-19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\usnsvc.exe

[2008-10-30 20:47:39 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Madde\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2007-09-06 12:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2004-07-15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006-09-03 00:36:33 | 00,198,336 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

File not found -- -- (CLTNetCnService [Auto | Stopped])

[2007-10-16 20:40:45 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2007-11-15 13:10:54 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2006-09-03 00:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])

File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])

[2007-03-12 17:30:14 | 00,517,768 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2007-03-26 13:06:24 | 00,292,864 | ---- | M] (Nokia.) -- C:\Program\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])

[2004-08-25 07:12:14 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])

[2007-01-19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2006-11-15 10:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2005-04-19 09:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2001-08-17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2004-08-03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [boot | Running])

[2004-08-11 15:30:00 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2001-08-17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001-08-17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2008-10-30 16:48:52 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [system | Running])

[2001-09-06 18:54:56 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2001-08-17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2004-10-18 14:48:34 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])

[2004-08-03 22:07:44 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\GAGP30KX.SYS -- (gagp30kx [boot | Running])

[2006-09-19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2004-08-04 00:18:48 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2001-08-17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2004-08-25 06:40:28 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])

[2004-08-25 06:33:32 | 01,395,376 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])

[2007-02-22 10:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])

[2007-02-22 10:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])

[2007-02-22 10:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])

[2007-02-22 10:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2001-08-17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001-08-17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001-08-17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2004-08-25 06:43:18 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent [boot | Running])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2004-08-25 06:46:54 | 00,653,600 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])

[2004-08-25 06:35:14 | 00,100,240 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])

[2004-08-25 06:24:14 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])

[2001-08-17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2007-09-13 21:27:06 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2001-08-17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001-08-17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2001-08-17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001-08-17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2004-08-12 14:07:56 | 00,185,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2001-08-17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2005-03-08 09:50:16 | 00,172,544 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://www.yahoo.com

"Default_Search_URL"=http://www.google.com/ie

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://www.google.com

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.google.com

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://www.google.com

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Start Page"=http://www.google.com

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 1

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Start Page"=http://www.google.com

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\Software\Microsoft\Internet Explorer\SearchURL]

""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 1

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (710 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"PCSuiteTrayApplication"=C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" -atboottime (Apple Inc.)

"sclauncher"=C:\Program\SimpleCenter\bin\win\sclauncher.exe (Universal Electronics Inc.)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"sureshotpopupkiller"="C:\Program\Stop-the-Pop-Up Lite\stopthepop.exe" -minimized ()

"Symantec PIF AlertEng"="C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)

"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"A00F3A80CE.exe"=C:\DOCUME~1\Madde\LOKALA~1\Temp\_A00F3A80CE.exe (Avira GmbH)

"A00FFFA30D.exe"=C:\DOCUME~1\Madde\LOKALA~1\Temp\_A00FFFA30D.exe (Avira GmbH)

"brastk"=C:\WINDOWS\system32\brastk.exe ()

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"Regscan"=C:\WINDOWS\system32\regscan.exe (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"=C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"=C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"A00F3A80CE.exe"=C:\DOCUME~1\Madde\LOKALA~1\Temp\_A00F3A80CE.exe (Avira GmbH)

"A00FFFA30D.exe"=C:\DOCUME~1\Madde\LOKALA~1\Temp\_A00FFFA30D.exe (Avira GmbH)

"brastk"=C:\WINDOWS\system32\brastk.exe ()

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"Regscan"=C:\WINDOWS\system32\regscan.exe (Microsoft Corporation)

 

========== (O4) Startup Folders ==========

 

[2005-09-23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2007-01-30 10:40:56 | 00,163,328 | ---- | M] (Universal Electronics, Inc.) -- C:\Documents and Settings\Madde\Start-meny\Program\Autostart\Home Media Server.lnk = C:\Program\SimpleCenter\Home Media Server.exe

[2007-12-07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Madde\Start-meny\Program\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program\Microsoft Office\Office12\ONENOTEM.EXE

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

Add to Windows &Live Favorites: File not found

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\Software\Microsoft\Internet Explorer\MenuExt\]

Add to Windows &Live Favorites: File not found

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008-02-22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006-10-10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [sun Java-konsol] -> [2008-02-22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [sun Java-konsol] -> [2008-02-22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [sun Java-konsol] -> [2008-02-22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [sun Java-konsol] -> [2008-02-22 04:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{56B2B499-8B31-4CD5-9D18-B619F5040D3A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=karna.datFIGURATIO

>[2008-10-30 19:24:32 | 00,006,144 | ---- | M] () -- C:\WINDOWS\system32\karna.dat

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

__c00AB950: "DllName" = C:\WINDOWS\system32\__c00AB950.dat -- C:\WINDOWS\system32\__c00AB950.dat ()

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Documents and Settings\Madde\Mina dokument\CAQ30TEV.

File not found -- C:\Documents and Settings\Madde\Mina dokument\CACTEN8D.

[2008-10-30 20:47:20 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Madde\Skrivbord\OTViewIt.exe

[2008-10-30 20:45:43 | 00,000,000 | ---D | C] -- C:\Program Files

[2008-10-30 20:44:53 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Madde\Skrivbord\rensa.exe

[2008-10-30 19:12:55 | 00,001,721 | ---- | C] () -- C:\Documents and Settings\Madde\Skrivbord\HijackThis.lnk

[2008-10-30 19:12:55 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-10-30 18:43:40 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk

[2008-10-30 18:43:40 | 00,000,918 | ---- | C] () -- C:\Documents and Settings\Madde\Start-meny\Program\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk

[2008-10-30 18:43:40 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Madde\Start-meny\Program\Autostart\Home Media Server.lnk

[2008-10-30 18:04:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2008-10-30 17:50:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2008-10-30 16:58:30 | 00,080,812 | ---- | C] () -- C:\WINDOWS\System32\wini10736.exe

[2008-10-30 16:56:03 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\karna.dat

[2008-10-30 16:56:03 | 00,006,144 | ---- | C] () -- C:\WINDOWS\karna.dat

[2008-10-30 16:56:02 | 00,009,728 | ---- | C] () -- C:\WINDOWS\brastk.exe

[2008-10-30 16:49:19 | 00,000,112 | ---- | C] () -- C:\Documents and Settings\Madde\Skrivbord\delself.bat

[2008-10-30 16:48:59 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys

[2008-10-30 16:48:43 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\brastk.exe

[2008-10-30 16:48:31 | 00,042,496 | ---- | C] () -- C:\WINDOWS\System32\~.exe

[2008-10-30 01:23:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokument\City Interactive

[2008-10-30 01:15:27 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll

[2008-10-30 01:15:10 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll

[2008-10-30 01:15:10 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll

[2008-10-30 01:15:02 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll

[2008-10-30 01:14:44 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll

[2008-10-30 01:14:44 | 00,018,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll

[2008-10-30 01:14:31 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll

[2008-10-30 01:14:31 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll

[2008-10-30 01:14:21 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll

[2008-10-30 01:14:08 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll

[2008-10-30 01:13:57 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll

[2008-10-30 01:13:29 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll

[2008-10-30 01:13:29 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll

[2008-10-30 01:13:15 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll

[2008-10-30 01:13:13 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll

[2008-10-30 01:13:13 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll

[2008-10-30 01:13:11 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll

[2008-10-30 01:13:10 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll

[2008-10-30 01:13:10 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll

[2008-10-30 01:13:09 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll

[2008-10-30 01:13:09 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2008-10-30 01:13:08 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2008-10-30 01:13:07 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2008-10-30 01:13:06 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2008-10-30 01:12:57 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2008-10-30 01:12:43 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2008-10-30 01:12:41 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2008-10-30 01:12:41 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2008-10-30 01:12:40 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2008-10-30 01:12:39 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2008-10-30 01:12:38 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2008-10-30 01:12:37 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll

[2008-10-30 01:12:35 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2008-10-30 01:12:34 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2008-10-30 01:12:24 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

 

========== Files - Modified Within 30 Days ==========

 

[7 C:\WINDOWS\System32\*.tmp files]

File not found -- C:\Documents and Settings\Madde\Mina dokument\CAQ30TEV.

File not found -- C:\Documents and Settings\Madde\Mina dokument\CACTEN8D.

[2008-10-30 20:47:39 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Madde\Skrivbord\OTViewIt.exe

[2008-10-30 20:45:43 | 00,001,721 | ---- | M] () -- C:\Documents and Settings\Madde\Skrivbord\HijackThis.lnk

[2008-10-30 20:45:00 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Madde\Skrivbord\rensa.exe

[2008-10-30 19:27:24 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Madde\Mina dokument\My Sharing Folders.lnk

[2008-10-30 19:26:16 | 00,080,812 | ---- | M] () -- C:\WINDOWS\System32\wini10736.exe

[2008-10-30 19:26:11 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2008-10-30 19:25:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-10-30 19:24:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-10-30 19:24:37 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys

[2008-10-30 19:24:32 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\brastk.exe

[2008-10-30 19:24:32 | 00,009,728 | ---- | M] () -- C:\WINDOWS\brastk.exe

[2008-10-30 19:24:32 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\karna.dat

[2008-10-30 19:24:32 | 00,006,144 | ---- | M] () -- C:\WINDOWS\karna.dat

[2008-10-30 18:43:40 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini

[2008-10-30 18:43:40 | 00,000,294 | RHS- | M] () -- C:\BOOT.INI

[2008-10-30 18:43:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2008-10-30 16:54:23 | 00,000,317 | ---- | M] () -- C:\xcrashdump.dat

[2008-10-30 16:49:19 | 00,000,112 | ---- | M] () -- C:\Documents and Settings\Madde\Skrivbord\delself.bat

[2008-10-30 16:48:52 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys

[2008-10-30 16:48:52 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys

[2008-10-30 16:48:31 | 00,042,496 | ---- | M] () -- C:\WINDOWS\System32\~.exe

[2008-10-30 13:21:16 | 00,075,776 | ---- | M] () -- C:\Documents and Settings\Madde\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-30 01:26:28 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-10-30 01:20:54 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\__c00AB950.dat

[2008-10-29 16:57:36 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-10-28 19:38:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm

[2008-10-28 19:38:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2008-10-26 23:09:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm

[2008-10-26 23:09:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2008-10-26 18:53:14 | 00,386,922 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-10-26 18:53:14 | 00,063,978 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-10-26 18:53:13 | 00,383,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-10-26 18:53:13 | 00,053,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-10-26 18:53:10 | 00,897,266 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-10-25 22:38:19 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2008-10-25 22:38:19 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2008-10-24 17:40:03 | 00,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2008-10-17 16:08:31 | 01,643,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-10-15 18:01:30 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008-10-15 18:01:30 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-13 18:36:30 | 00,034,304 | ---- | M] () -- C:\Documents and Settings\Madde\Mina dokument\CV.doc

[2008-10-10 21:16:41 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-10-08 16:45:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2008-10-08 16:45:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2008-10-08 08:54:38 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2008-10-08 08:54:38 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2008-10-07 22:25:57 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2008-10-07 22:25:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2008-10-07 16:29:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2008-10-07 16:29:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2008-10-06 20:14:20 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008-10-06 20:14:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008-10-05 21:25:01 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008-10-05 21:25:01 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008-10-04 21:20:11 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2008-10-04 21:20:11 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2008-10-04 16:20:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm

[2008-10-04 16:20:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2008-10-04 14:24:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2008-10-04 14:24:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2008-10-03 22:15:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2008-10-03 22:15:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2008-10-03 18:26:34 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2008-10-03 18:26:34 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-10-03 17:34:22 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2008-10-03 17:34:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2008-10-02 21:47:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2008-10-02 21:47:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

< End of report >

[/log] Det var OTView It texten.

 

[log]OTViewIt Extras logfile created on: 2008-10-30 20:47:54 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Madde\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

447,48 Mb Total Physical Memory | 194,73 Mb Available Physical Memory | 43,52% Memory free

1,25 Gb Paging File | 0,89 Gb Available in Paging File | 71,43% Paging File free

Paging file location(s): C:\pagefile.sys 896 896;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 46,58 Gb Total Space | 3,00 Gb Free Space | 6,44% Space Free | Partition Type: NTFS

Drive D: | 4,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN574102870231

Current User Name: Madde

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=1

"AntiVirusOverride"=1

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004-08-04 13:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007-01-04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2006-10-10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004-08-04 13:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-01-14 00:14:04 | 00,158,672 | ---- | M] (Aelitis) -- C:\Program\Azureus\Azureus.exe:*:Enabled:Azureus

[2007-01-19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007-01-04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

File not found -- C:\Program\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema

[2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

File not found -- C:\Documents and Settings\Madde\Lokala inställningar\Temporary Internet Files\Content.IE5\6L0RIX65\installer-13387-868-Nero-ShowTime[1].exe:*:Enabled:installer-13387-868-Nero-ShowTime[1]

[2007-11-15 13:10:56 | 17,152,808 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2006-10-10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-01-30 10:40:56 | 00,163,328 | ---- | M] (Universal Electronics, Inc.) -- C:\Program\SimpleCenter\Home Media Server.exe:*:Enabled:Home Media Server

[2004-09-14 09:33:19 | 00,375,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regscan.exe:*:Enabled:Microsoft© Registry Scaner

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-01-19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006-10-26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-01-19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}"=PC Connectivity Solution

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}"=Adobe ExtendScript Toolkit 2

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3

"{3186AEAE-E104-424D-9152-1BF6A4404758}"=Nokia Software Updater

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java 6 Update 5

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3

"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant

"{4F5CE18C-D97D-48FF-A510-A0D90C918294}"=iTunes

"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger

"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}"=Nokia PC Suite

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support

"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings

"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}"=Nokia Connectivity Cable Driver

"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}"=QuickTime

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings

"{AC76BA86-7AD7-1033-7B44-A70800000002}"=Adobe Reader 7.0.8

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B5C209B1-8DDB-4642-A573-375B951514CB}"=Apple Mobile Device Support

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files

"{D504303A-717D-414C-BA9F-FE01093E2EF8}"=Adobe Setup

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup

"0852D05415AB9A4F1EF451E342267F76C776ED2F"=Windows-drivrutinspaket - Nokia Modem (11/03/2006 6.82.0.1)

"0C5EDC3653FED5B121F464339EAC12534D253B25"=Windows Driver Package - Nokia Modem (02/15/2007 3.1)

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Shockwave Player"=Adobe Shockwave Player

"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e"=Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3

"Azureus"=Azureus

"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2007-07-22

"ENTERPRISE"=Microsoft Office Enterprise 2007

"F064B256B4A20996EA9E333B5E0F14B61AB3333D"=Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)

"Home Media Server 4.1.4.0067"=Home Media Server 4.1.4.0067

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"KLiteCodecPack_is1"=K-Lite Codec Pack 3.3.5 Full

"LiveUpdate"=LiveUpdate 3.1 (Symantec Corporation)

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"MP4 Converter_is1"=MP4 Converter 1.0

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"Mule Force_is1"=Mule Force

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Nokia PC Suite"=Nokia PC Suite

"RealAlt_is1"=Real Alternative 1.60

"ShockwaveFlash"=Adobe Flash Player 9 ActiveX

"Stop-the-Pop-Up Lite"=Stop-the-Pop-Up Lite

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6a

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2317036054-363206021-3921195962-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Networks Player - IE"=Move Networks Media Player for Internet Explorer

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-09-30 13:22:50 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program MultimediaPlayer.exe, version 6.83.202.3, stoppad

modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-09-30 16:49:38 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program Azureus.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-09-30 16:49:38 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program Azureus.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-09-30 16:49:38 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program Azureus.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-01 04:21:56 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program iTunes.exe, version 7.5.0.20, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-01 07:28:58 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.3156, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-11 07:36:54 | Computer Name = SN574102870231 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.3156, felaktig modul

mpegsplitter.ax, version 1.0.0.4, felaktig adress 0x000249eb.

 

Error - 2008-10-11 12:28:04 | Computer Name = SN574102870231 | Source = Application Error | ID = 1000

Description = Felaktigt program iexplore.exe, version 7.0.6000.16705, felaktig modul

, version 0.0.0.0, felaktig adress 0x00000000.

 

Error - 2008-10-30 14:23:12 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-30 14:23:14 | Computer Name = SN574102870231 | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:55 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-30 14:30:56 | Computer Name = SN574102870231 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

 

< End of report >[/log] Och det var Extras texten.

Hoppas jag gjort rätt och att du hittar felet.

 

Link to comment
Share on other sites

Försökte du med att installera filen från Microsoft så att det borde gå bättre med MBAM, för MBAM tar nog bort det här på ett nafs.

 

Ladda ner programmet SmitfraudFix (by S!Ri) till Skrivbordet:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Dubbelklicka på den nedladdade filen Smitfraudfix.exe.

Först kommer en uppmaning att trycka på någon tangent så gör det.

Välj sedan alternativ 1 - Search genom att trycka på 1 och Enter.

Programmet kommer att skanna igenom datorn.

När den är klart visas resultatet och programmet har skapat loggfilen C:\rapport.txt.

 

Klistra in innehållet i loggfilen i ditt svar här.

 

Gör inget annat med SmitfraudFix.

 

Link to comment
Share on other sites

Jag vet inte vart jag laddade ner den ifrån, men testade på lite olika ställen.

 

Nu gjorde jag som du sa, och fick denna information: [log]SmitFraudFix v2.369

 

Scan done at 22:40:01,50, 2008-10-30

Run from C:\Documents and Settings\Madde\Skrivbord\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Stop-the-Pop-Up Lite\stopthepop.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\SimpleCenter\bin\win\sclauncher.exe

C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\regscan.exe

C:\Program\PC Connectivity Solution\ServiceLayer.exe

C:\Program\SimpleCenter\Home Media Server.exe

C:\Program\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\MSN Messenger\usnsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Azureus\Azureus.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

C:\WINDOWS\karna.dat FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

C:\WINDOWS\system32\brastk.exe FOUND !

C:\WINDOWS\system32\karna.dat FOUND !

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Madde

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Madde\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Madde\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Min aktuella startsida"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, following keys are not inevitably infected!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, following keys are not inevitably infected!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, following keys are not inevitably infected!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, following keys are not inevitably infected!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

!!!Attention, following keys are not inevitably infected!!!

 

AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="karna.dat"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

C:\WINDOWS\system32\drivers\beep.sys infected !

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: VIA Rhine II Fast Ethernet Adapter - Miniport för paketschemaläggning

DNS Server Search Order: 192.168.0.254

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56B2B499-8B31-4CD5-9D18-B619F5040D3A}: DhcpNameServer=192.168.0.254

HKLM\SYSTEM\CS1\Services\Tcpip\..\{56B2B499-8B31-4CD5-9D18-B619F5040D3A}: DhcpNameServer=192.168.0.254

HKLM\SYSTEM\CS3\Services\Tcpip\..\{56B2B499-8B31-4CD5-9D18-B619F5040D3A}: DhcpNameServer=192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

[/log]

 

 

 

Link to comment
Share on other sites

Jag vet inte vart jag laddade ner den ifrån, men testade på lite olika ställen.
Nu hänger jag inte med alls.

Du ska installera filen som du hämtar på

http://www.microsoft.com/downloads/details.aspx?FamilyId=7B9BA261-7A9C-43E7-9117-F673077FFB3C&displaylang=en

Sedan laddar du ned MBAM från en av dessa två länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

och installerar det.

 

[log]Starta om datorn i felsäkert läge genom att trycka F8 upprepade gånger under uppstarten och välja Felsäkert i menyn.

 

Dubbelklicka på smitfraudfix.exe för att starta programmet.

Välj alternativ 2 genom att trycka 2 och Enter.

Vänta på att verktyget blir klart och diskrensningen avslutas.

Under tiden så kommer det en fråga om du vill rensa registret (clean the registry) svara ja (Yes) genom att trycka Y och Enter.

 

Om datorn inte startar om av sig själv så gör du det.

Även denna gång ska det vara felsäkert läge.

 

Kontrollpanelen - Internet-alternativ - Allmänt - Ta bort - Ta bort filer - OK

 

Starta om datorn i normalt läge.

 

I ditt svar så klistra in den nyss skapade C:\rapport.txt och en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

en liten parentes bara, jag testkör nya Panda och det eländet la smitfraudfix och diverse annat godis i karantän :)
Ganska vanligt att antivirusprogram reagerar på SmitfraudFix, ComboFix mm, de innehåller kraftfulla funktioner för att kunna ta bort hårt sittande skadliga filer, funktioner som kan användas både för bra och dåliga saker.

 

Link to comment
Share on other sites

det roliga är också att den "upptäcker" malware som "meddelats".... till gud eller vem dom meddelats framgår inte, inte heller placeras dom i karantän :)

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...