Just nu i M3-nätverket
Jump to content

Trojan/virus som gör att det inte går att starta Internet explorer?


Rob..

Recommended Posts

 

 

När jag ska starta Internet explorer via skrivbordet får jag följande felmeddelande;

 

”Det går inte att hitta filen c:\program\internet\explorer\iexplore.exe” Men jag ser filen i mappen. Jag har testat med att starta direkt ifrån mappen o då får jag samma fel har även ominstallerat Internet, utan framgång.

Tidigare har jag haft problem med adultfriendfinder som jag trodde att jag hade fått bort men som kom tillbaka och nu misstänker jag att det kan ha påverkat Internet explorer. Antar att jag kanske måste blåsa om datorn men det vill jag helst undvika.

Är det ngn som kan hjälpa mig med;

 

A: Ta bort adultfriendfinder

B: Få ingång Internet explorer

 

Tack på förhand!

 

 

 

Link to comment
Share on other sites

Jag kan hjälpa dig med att få bort skadliga program men jag vet inte om det hjälper för att få igång Internet Explorer.

 

har även ominstallerat Internet
Hur?

 

Har du möjlighet att flytta filer fram och tillbaks mellan en dator med fungerande internetanslutning och datorn med problem?

Om det går bra så börjar vi med HijackThis. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

För över till problemdatorns Skrivbord. Installera, starta och välj "Do a system scan and save a logfile", för över loggen som kommer upp till den fungerande datorn.

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Ok tack, har testat hijack tidigare men det är svårt o bedöma vad man ska ta bort.

Har bara en dator men jag kan surfa när jag använde en annan webbläsare.

 

Hehe ja ominstallerat hela nätet, inga dåliga grejer

 

FYI har xp samt hempc

 

Bifogar loggen;

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:19:23, on 06/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\HP\KBD\KBD.EXE

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\iid.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Safari\Safari.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

c:\windows\system\hpsysdrv.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsnow.co.uk/newsfeed/?name=Liverpool

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: D - {0FF199A6-C55B-3CE7-9CB8-528855BAD444} - C:\WINDOWS\system32\xel61128.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.apple.com

O15 - Trusted Zone: http://www.extrafilm.se

O15 - Trusted Zone: www.postfoto.se

O15 - Trusted Zone: http://www.svt.se

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab'>http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: aeydcsgs - C:\Documents and Settings\HP_Ägaren\Application Data\aeydcsgs.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

 

End of file - 13674 bytes

[/log]

Rättat till LOG-taggar, det ska vara en innan loggen och en efter loggen.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-01-06 14:32:41 av Cecilia]

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg. [/log]

 

Link to comment
Share on other sites

Ok bifogar loggarna (förhoppningsvis på rätt sätt)..det verkar ha varit en hel del skumma saker.

 

[log]

Malwarebytes' Anti-Malware 1.32

Databasversion: 1624

Windows 5.1.2600 Service Pack 3

 

06/01/2009 17:26:10

mbam-log-2009-01-06 (17-26-10).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 56720

Förfluten tid: 4 minute(s), 13 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 34

Infekterade registervärden: 3

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 8

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ff199a6-c55b-3ce7-9cb8-528855bad444} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0ff199a6-c55b-3ce7-9cb8-528855bad444} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dc_ads.ads (Adware.Fotomoto) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\dc_ads.ads.1 (Adware.Fotomoto) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo3 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\rotator.gizmo3.1 (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{ff533c29-a129-3f74-a5db-f32d367bde57} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{39b639e2-5c30-3a97-a3cf-9ba22d8ea369} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ff199a6-c55b-3ce7-9cb8-528855bad444} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\xel61128.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.

C:\Program\Delade filer\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qnkfqvs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\el61128.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program\KB43306.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\{7d73ce35-943c-c410-ea99-c7b3d0736ef8}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[/log]

 

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:27:34, on 06/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\HP\KBD\KBD.EXE

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\iid.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Safari\Safari.exe

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

c:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsnow.co.uk/newsfeed/?name=Liverpool

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.apple.com

O15 - Trusted Zone: http://www.extrafilm.se

O15 - Trusted Zone: www.postfoto.se

O15 - Trusted Zone: http://www.svt.se

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab'>http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: aeydcsgs - C:\Documents and Settings\HP_Ägaren\Application Data\aeydcsgs.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 13737 bytes

 

 

[/log]

 

Link to comment
Share on other sites

Jag ser i Hijack-loggen att det finns en java-version med säkerhetshål

i datorn,rekommenderar att du avinstallerar den i Kontrollpanelen

Lägg till och ta bort program,ladda sedan hem och installera uppdaterad

version http://www.java.com/sv/

 

Link to comment
Share on other sites

Tack.

 

Dock lyckas jag inte ominstallera Java. Laddar ned filen och sätter igång installationen men sen händer inget. Får inget felmeddeland.

 

 

 

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

 

O20 - Winlogon Notify: aeydcsgs - C:\Documents and Settings\HP_Ägaren\Application Data\aeydcsgs.dll

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och så en ny HijackThis-logg.

 

Ställ in Utforskaren eller Den här datorn så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Sök efter iexplore.exe. I vilka mappar finns den?

 

Vad har du för årsmodell av Norton?

 

[log]Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java och J2SEutom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

Är det meningen att du ska ha både Google- och Yahoo-toolbars i Internet Explorer?

 

O15 - Trusted Zone: http://www.apple.com

O15 - Trusted Zone: http://www.extrafilm.se

O15 - Trusted Zone: www.postfoto.se

O15 - Trusted Zone: http://www.svt.se

Är du medveten om att när du lägger en webbplats i den tillförlitliga zonen så kan de webbplatserna göra väldigt mycket med datorn?[/log]

 

Link to comment
Share on other sites

Sök efter iexplore.exe. I vilka mappar finns den?

 

C:\windows\prefetch (filnamn: IEXPLORE.EXE.EXE-03135C29.pf)

C:\program +Internet explorer\sv-se (filnamn: iexplore.exe.mui)

 

Sen ser jag en fil som heter: iexplore.exe och som ligger i mappen:

C:\program +Internet explorer men den tycker ej upp när jag söker efter den. Det är väl därför inte den vill starta.

 

Vad har du för årsmodell av Norton?

 

Skiten är från 2006 men den ska uppdateras kontinuerligt, vad jag vet. Betalar nog för det i alla fall.

 

 

Är det meningen att du ska ha både Google- och Yahoo-toolbars i Internet Explorer?

 

Nej det är inte meningen, för mig kvittar det tar jag bort dem ur avistallera program i kontrollpanelen?

 

 

Är du medveten om att när du lägger en webbplats i den tillförlitliga zonen så kan de webbplatserna göra väldigt mycket med datorn?

 

Nej det var jag inte, så du rekommenderar att jag tar bort dem?

 

 

 

Ny logg

 

 

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:52:04, on 06/01/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\iid.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Personal\bin\Personal.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsnow.co.uk/newsfeed/?name=Liverpool

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.apple.com

O15 - Trusted Zone: http://www.extrafilm.se

O15 - Trusted Zone: www.postfoto.se

O15 - Trusted Zone: http://www.svt.se

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab'>http://www.postfoto.se/aurigma/ImageUploader4.cab

O16 - DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} (DAX Control) - https://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.postfoto.se/aurigma/ImageUploader4.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: aeydcsgs - C:\Documents and Settings\HP_Ägaren\Application Data\aeydcsgs.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 13682 bytes

 

[/log]

 

Link to comment
Share on other sites

Skiten är från 2006 men den ska uppdateras kontinuerligt, vad jag vet. Betalar nog för det i alla fall.
Ja, fast du får uppgradera till ny årsmodell manuellt. Se högt upp på

http://www.symantec.com/sv/se/norton/support/index.jsp

 

Nej det är inte meningen, för mig kvittar det tar jag bort dem ur avistallera program i kontrollpanelen?
Ja, det bör gå bra att ta bort toolbas så.

 

Nej det var jag inte, så du rekommenderar att jag tar bort dem?
Om det inte är nödvändigt att ha dem där för att webbplatserna ska fungera så är det ju bättre att ta bort dem från tillförlitliga platser.

 

I Windows-mappen så borde du ha någon mapp som heter något med servicepackfiles, om jag kommer ihåg rätt från XP, och i den eller dess undermappar så borde det finnas någon iexplore, eventuellt också i mappen windows\system32\dllcache.

 

Link to comment
Share on other sites

Jaha det kan ju vara nödvändigt.

 

Ok.

 

Jag hittar filen i windowsmappen; servicepackfiles dock hittar jag inte alls den andra mappen. Vidare så får jag samma fel när jag försöker starta filen i servicepacksmappen. Ngr ideeer, vad det kan vara?

 

Link to comment
Share on other sites

Jag hittar filen i windowsmappen; servicepackfiles dock hittar jag inte alls den andra mappen. Vidare så får jag samma fel när jag försöker starta filen i servicepacksmappen.
Har du iexplore.exe i Windows-mappen?

Resten har jag svårt att förstå.

 

Link to comment
Share on other sites

Ja den ligger i den ena windows-mappen (servicepackfiles) som du sa. Men när jag försöker starta internet via den så for jag fortfarande samma felmeddelande; som jag skrev längst upp i denna tråd. Dvs " det går inte att hitta filen....

 

 

 

 

Link to comment
Share on other sites

Hej!

Kan jag hänga med på samma problem?

c:/Program/Internet Explorer/IEXPLORE.EXE går inte att hitta, men den finns där.

Fick detta för ett par dagar sedan, Norton hittade en Trojan, Vundo, som den städade bort, men återkom mest hela tiden.

Jag har kört flera Antispyware program, SuperAntiSpy, Spyware doctor och MalwareBytes. Å nu klagar inte Norton längre.

Ett tag så kunde jag ibland få igång Explorer en gång efter omstart, men inte längre.

Jag har lagt in XP SP3 idag, men det hjälpte inte.

 

Malware hittade nyss flera Vundo smittade filer och tog bort dem, men det hjälpte inte heller. Jag har startat om pc'n och kört en vända till.

Skickar med loggar

1:a AntiMalware

[log]

Malwarebytes' Anti-Malware 1.32

Databasversion: 1628

Windows 5.1.2600 Service Pack 3

 

2009-01-07 20:57:24

mbam-log-2009-01-07 (20-57-24).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 78252

Förfluten tid: 33 minute(s), 40 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 5

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 3

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75f21470-1545-3827-9831-b261b67950cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{75f21470-1545-3827-9831-b261b67950cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{5e1ff92c-3c92-3693-993e-627cbc39fdc3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{100cecc2-1c3b-3bbc-8901-5d770289c2d7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75f21470-1545-3827-9831-b261b67950cd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\xel89843.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qnkfqvs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\el89843.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

[/log]

 

2:a AntiMalware efter åtgärd och omstart

[log]

Malwarebytes' Anti-Malware 1.32

Databasversion: 1628

Windows 5.1.2600 Service Pack 3

 

2009-01-07 22:07:49

mbam-log-2009-01-07 (22-07-49).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 78101

Förfluten tid: 14 minute(s), 47 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

Hijack logfilen:

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:12:41, on 2009-01-07

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\SystemOK\BackOnTrack\WinXP\bcbs_xp.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program\Volvo\SCS\cvpnd.exe

C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PGPserv.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program\Spyware Doctor\pctsAuxs.exe

C:\Program\Spyware Doctor\pctsSvc.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Program\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\Program\SystemOK\BackOnTrack\1053\botalert.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE

C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe

C:\Program\Creative\Shared Files\Module Loader\DLLML.exe

C:\WINDOWS\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program\CyberLink\PowerCinema\PCMService.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\HP\HP Software Update\HPwuSchd2.exe

C:\Program\SystemOK\BackOnTrack\1053\BOTTray.exe

C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\PowerISO\PWRISOVM.EXE

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\Canon\MyPrinter\BJMyPrt.exe

C:\Program\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Spyware Doctor\pctsTray.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe

C:\Program\Spybot - Search & Destroy\TeaTimer.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Delade filer\Teleca Shared\logger.exe

C:\Program\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE

C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program\Symbian\Shared\SYMBIA~1\SCBAL.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\PGP Corporation\PGP Desktop\PGPtray.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Outlook Express\msimn.exe

c:\windows\system\hpsysdrv.exe

C:\Program\HijackThis\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SV_SE&c=63&bd=PAVILION&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {2F33C4CB-77B3-4BBC-90BD-F3E5C3B84ECD} - C:\WINDOWS\system32\xxyyvUmJ.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [CTDVDDET] "C:\Program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"

O4 - HKLM\..\Run: [VolPanel] "C:\Program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r

O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [HPHUPD08] c:\Program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [bOTTray] "C:\Program\SystemOK\BackOnTrack\1053\BOTTray.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [bOTSplash] C:\Program\SystemOK\BackOnTrack\SplashScreen.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [iSTray] "C:\Program\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [mRouterConfig] "C:\Program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program\Delade filer\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: PGPtray.exe.lnk = ?

O4 - Global Startup: Volvo SCS.lnk = C:\Program\Volvo\SCS\vpngui.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program\SPYBOT~1\SDHelper.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://lnknsr03.gbgsd.se/qp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujidirekt.se/aurigma2/ImageUploader4.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{408E2679-59E0-4550-B738-91A6254BEC4D}: NameServer = 81.26.226.3,81.26.228.3

O20 - AppInit_DLLs: PGPmapih.dll C:\Program\Google\GOOGLE~3\GOEC62~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: pmnLBTnk - pmnLBTnk.dll (file missing)

O20 - Winlogon Notify: {75DC891D-D4CB-48f7-BDD1-C1E56C64250E} - C:\Program\SystemOK\BACKON~1\botwlnp.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: BackOnTrack Callback Service (BOTCbs) - SystemOK AB - C:\Program\SystemOK\BackOnTrack\WinXP\bcbs_xp.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Norton Internet Security\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program\Volvo\SCS\cvpnd.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Desktop-hanteraren 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program\Spyware Doctor\pctsSvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

 

--

End of file - 18498 bytes

[/log]

 

Med hopp om hjälp!

Tackar på förhand

 

 

Link to comment
Share on other sites

Jag testade o ladda ner samt installera, fick då följande meddelande under installationen: "skriptfel i internet... rad1 tecken 1 fel object expected kod 0 url www.mynortonaccount.com/amse/nortonaccount.do?...." osv med en massa siffror.

 

Installationen kunde slutföras men sen när jag tittar under servicepackfilesmappen så är det fortfarande den gamla filen (iexplore) som ligger kvar.

 

En annan sak, jag testade och trycka på windows update i kontrollpanelen och fick då detta meddelande;

"det går inte att hitta filen (null). Kontrollera att du angav rätt namn och försök igen"

 

 

 

 

 

[inlägget ändrat 2009-01-07 22:37:31 av prg]

Link to comment
Share on other sites

Kan jag hänga med på samma problem?
Helst skulle jag ju vilja ha bara en dator per tråd för det blir lätt så att jag börjar titta på fel loggar och blandar ihop datorerna, så kan du starta upp en egen tråd (Skriv inlägg i vänsterkolumnen) så lovar jag att jag hjälper dig, happyfour?

 

Du kan ha precis samma innehåll där som i det här inlägget.

 

Link to comment
Share on other sites

Hmm, verkar ju inte bra.

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Link to comment
Share on other sites

Combofix sa att det fanns en nyare version, jag installerade den o körde.

 

Loggen;

 

 

[log]

ComboFix 09-01-07.02 - HP_Ägaren 2009-01-08 17:30:56.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.2046.1531 [GMT 1:00]

Körs från: c:\documents and settings\HP_Ägaren\Skrivbord\ComboFix.exe

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\HP_Ägaren\Application Data\comctl32.dll

 

.

((((((((((((((((((((( Filer Skapade från 2008-12-08 till 2009-01-08 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-07 21:30 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-01-07 19:31 . 2008-12-12 04:28 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys

2009-01-07 17:51 . 2009-01-07 17:51 <KAT> dr------- c:\program\Norton Support

2009-01-07 17:30 . 2009-01-07 17:30 <KAT> d-------- c:\documents and settings\All Users\Application Data\Symantec

2009-01-07 17:29 . 2009-01-07 17:29 <KAT> d-------- c:\program\Symantec

2009-01-07 17:29 . 2009-01-07 17:29 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS

2009-01-07 17:29 . 2009-01-07 17:29 60,808 --a------ c:\windows\system32\S32EVNT1.DLL

2009-01-07 17:27 . 2009-01-07 21:45 <KAT> d-------- c:\windows\system32\drivers\NIS

2009-01-07 17:27 . 2009-01-07 17:27 <KAT> d-------- c:\program\Windows Sidebar

2009-01-07 17:27 . 2009-01-07 17:27 <KAT> d-------- c:\program\Norton Internet Security

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\program\NortonInstaller

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\documents and settings\All Users\Application Data\PCSettings

2009-01-07 17:15 . 2009-01-07 17:15 <KAT> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller

2009-01-07 17:15 . 2009-01-07 17:30 <KAT> d-------- c:\documents and settings\All Users\Application Data\Norton

2009-01-07 17:14 . 2009-01-07 17:14 <KAT> d-------- c:\documents and settings\All Users\Symantec Temporary Files

2009-01-06 18:53 . 2009-01-06 18:53 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-06 18:53 . 2009-01-06 18:53 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-06 18:42 . 2009-01-06 18:42 <KAT> d-------- c:\program\Delade filer\Java

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\documents and settings\HP_Ägaren\Application Data\Malwarebytes

2009-01-06 17:13 . 2009-01-06 17:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-06 17:13 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-06 17:13 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-05 14:25 . 2009-01-05 14:25 44,308 --ah----- c:\windows\system32\mlfcache.dat

2009-01-05 14:05 . 2009-01-05 14:05 <KAT> d--hs---- c:\windows\ftpcache

2009-01-05 14:05 . 2009-01-05 14:05 917,504 --a------ c:\windows\system32\FLASH.OCX

2009-01-02 21:27 . 2009-01-02 21:27 <KAT> d-------- c:\documents and settings\All Users\Application Data\Sandlot Games

2009-01-02 21:27 . 2009-01-02 21:27 4,096 --a------ c:\windows\d3dx.dat

2009-01-02 21:25 . 2009-01-05 13:52 <KAT> d-------- C:\games

2009-01-02 21:25 . 2009-01-02 21:25 53,410,228 --a------ c:\windows\system32\xa19524250.exe

2009-01-02 21:25 . 2009-01-02 21:25 53,410,228 --a------ c:\windows\system32\xa19522671.exe

2009-01-02 21:25 . 2009-01-02 21:25 172,032 --a------ c:\windows\system32\xwr20356.dll

2009-01-02 21:25 . 2009-01-02 21:25 172,032 --a------ c:\windows\system32\wr20356.dll

2009-01-02 20:01 . <KAT> c:\documents and settings\HP_-garen

2009-01-02 10:30 . 2009-01-07 17:02 <KAT> d-------- c:\documents and settings\All Users\Application Data\Google Updater

2008-12-31 16:34 . 2008-12-31 16:34 400,404 --------- c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

2008-12-31 16:32 . 2008-12-31 16:32 400,404 --a------ c:\documents and settings\HP_Ägaren\Application Data\cwdsiwvk.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-08 16:18 --------- d-----w c:\program\SUPERAntiSpyware

2009-01-07 16:56 --------- d-----w c:\program\Google

2009-01-07 16:43 --------- d-----w c:\program\Delade filer\Symantec Shared

2009-01-07 16:29 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF

2009-01-07 16:29 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT

2009-01-06 17:53 --------- d-----w c:\program\Java

2009-01-05 12:26 --------- d-----w c:\documents and settings\HP_Ägaren\Application Data\HP

2009-01-02 23:18 --------- d-----w c:\documents and settings\HP_Ägaren\Application Data\uTorrent

2008-12-21 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\Creative

2008-12-20 19:37 47,579 ----a-w c:\windows\system32\usootjpmfcuqdzm.exe

2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-11-14 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant

2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 12:43 286,720 ------w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-15 16:38 337,408 ------w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2006-08-13 20:19 22 --sha-w c:\windows\SMINST\HPCD.sys

.

 

------- Sigcheck -------

 

2005-10-21 04:40 662016 d3b9f978b4927b4a674546896bf981ef c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll

2007-10-11 00:42 825344 bde874a25c35a9b2648b1bf510595f12 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll

2007-12-07 02:59 825344 520880d2467f57dd5325790f0c799b3e c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll

2008-03-01 13:49 827392 893312e4b19721a4de83411c4babab61 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

2008-04-23 05:21 827392 21fc0ae15f561edc35d82c8de85c2851 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll

2008-06-23 16:42 827904 763148c042469c197933ac956e566226 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll

2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll

2008-10-16 20:50 827904 e54a023eeb7dcf92add34940679078e2 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll

2004-08-04 05:00 656896 9f721bd834534e75661d8f9bd1efdcd7 c:\windows\$NtUninstallKB905915$\wininet.dll

2005-10-21 04:42 658944 86bf3664b86c59c669d8ff99b150f105 c:\windows\$NtUninstallKB916281$\wininet.dll

2006-05-10 06:27 664064 193ebb237b05182975ee44bda3405af1 c:\windows\$NtUninstallKB918899$\wininet.dll

2006-06-23 12:26 665088 466146844c05dd41e7da573e2f52634a c:\windows\$NtUninstallKB922760$\wininet.dll

2006-09-14 09:37 665088 124b5b1d140b7a5dc8f23172b5125c81 c:\windows\$NtUninstallKB925454$\wininet.dll

2006-10-23 16:35 665088 43cd9445a02b0efc6c08cb86443a16ae c:\windows\$NtUninstallKB928090$\wininet.dll

2007-01-04 15:05 665600 67cc810f4f24bbe33eda3cc2689a28e1 c:\windows\$NtUninstallKB931768$\wininet.dll

2007-02-19 16:23 666112 b0e69d997838a34e68d880e67d114bc7 c:\windows\$NtUninstallKB933566$\wininet.dll

2007-04-18 13:46 666112 d6b8e18f5f73fdeb568bed5852864ef9 c:\windows\$NtUninstallKB937143$\wininet.dll

2007-06-26 15:53 666112 c2743463d86deb7eb0e224a2b769ece1 c:\windows\$NtUninstallKB939653$\wininet.dll

2007-08-22 13:58 666112 5290463c69ddc6813fdc96aeffef14fe c:\windows\$NtUninstallKB942615$\wininet.dll

2007-10-11 07:10 666624 35b50083b6158d1d92454da40d8166a2 c:\windows\ie7\wininet.dll

2007-10-11 00:53 824832 41669fad846f6c003c1ffd8b747c6fa4 c:\windows\ie7updates\KB944533-IE7\wininet.dll

2008-03-01 14:02 826368 f51a84f3b4109769f91e6348d01e2ac1 c:\windows\ie7updates\KB950759-IE7\wininet.dll

2008-06-23 17:42 826368 ce365a16790ec5c5dddc78820949c02e c:\windows\ie7updates\KB956390-IE7\wininet.dll

2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:\windows\ie7updates\KB958215-IE7\wininet.dll

2008-04-14 17:04 666624 b8d98f0cdf9b1429cd95497ad9995078 c:\windows\ServicePackFiles\i386\wininet.dll

2008-10-16 21:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\SoftwareDistribution\Download\3f9908474c970794e94d84058074373d\SP2GDR\wininet.dll

2008-10-16 21:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\SoftwareDistribution\Download\3f9908474c970794e94d84058074373d\SP2QFE\wininet.dll

2007-10-11 00:53 824832 41669fad846f6c003c1ffd8b747c6fa4 c:\windows\SoftwareDistribution\Download\c99627c42c1096d85d802de92f1144c7\SP2GDR\wininet.dll

2007-10-11 00:42 825344 bde874a25c35a9b2648b1bf510595f12 c:\windows\SoftwareDistribution\Download\c99627c42c1096d85d802de92f1144c7\SP2QFE\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\SoftwareDistribution\Download\e68a1fbaf4b42341b9e19e583377c2f9\SP2GDR\wininet.dll

2008-10-16 20:50 827904 e54a023eeb7dcf92add34940679078e2 c:\windows\SoftwareDistribution\Download\e68a1fbaf4b42341b9e19e583377c2f9\SP2QFE\wininet.dll

2008-08-26 09:27 826368 91a76d98b206723d21612aecbc1d65ce c:\windows\SoftwareDistribution\Download\f6ee33b90aa27c711d270ccb06ad3e3b\SP2GDR\wininet.dll

2008-08-26 10:12 827904 27431705f27b772f4f7903e4bf96efb2 c:\windows\SoftwareDistribution\Download\f6ee33b90aa27c711d270ccb06ad3e3b\SP2QFE\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\system32\wininet.dll

2008-10-16 21:33 826368 046da003d4e4664ebbf9ea40b79bdc28 c:\windows\system32\dllcache\wininet.dll

.

((((((((((((((((((((((((((((( snapshot_2008-12-21_14.23.49.84 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB938464_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB938464_1$\spuninst\updspapi.dll

- 2008-04-14 16:04:42 82,944 -c----w c:\windows\$NtUninstallKB946648$\msgsc.dll

+ 2008-04-14 16:04:42 82,944 -c----w c:\windows\$NtUninstallKB946648_1$\msgsc.dll

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB946648_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB946648_1$\spuninst\updspapi.dll

+ 2008-04-13 18:55:08 202,624 -c----w c:\windows\$NtUninstallKB950762_1$\rmcast.sys

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB950762_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB950762_1$\spuninst\updspapi.dll

+ 2008-04-14 16:04:38 246,272 -c----w c:\windows\$NtUninstallKB950974_1$\es.dll

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB950974_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB950974_1$\spuninst\updspapi.dll

+ 2008-04-14 16:04:40 691,712 -c----w c:\windows\$NtUninstallKB951066_1$\inetcomm.dll

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB951066_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB951066_1$\spuninst\updspapi.dll

+ 2008-04-14 16:00:41 272,128 -c----w c:\windows\$NtUninstallKB951376-v2_1$\bthport.sys

+ 2007-11-30 11:21:42 232,824 -c----w c:\windows\$NtUninstallKB951376-v2_1$\spuninst\spuninst.exe

+ 2007-11-30 11:21:48 392,568 -c----w c:\windows\$NtUninstallKB951376-v2_1$\spuninst\updspapi.dll

+ 2008-04-14 15:37:03 273,024 -c----w c:\windows\$NtUninstallKB951376_1$\bthport.sys

+ 2007-11-30 11:21:42 232,824 -c----w c:\windows\$NtUninstallKB951376_1$\spuninst\spuninst.exe

+ 2007-11-30 11:21:48 392,568 -c----w c:\windows\$NtUninstallKB951376_1$\spuninst\updspapi.dll

+ 2008-04-14 16:04:47 1,290,240 -c----w c:\windows\$NtUninstallKB951698_1$\quartz.dll

+ 2007-11-30 11:21:42 232,824 -c----w c:\windows\$NtUninstallKB951698_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB951698_1$\spuninst\updspapi.dll

+ 2008-04-13 19:19:23 138,112 -c----w c:\windows\$NtUninstallKB951748_1$\afd.sys

+ 2008-04-14 16:04:36 147,968 -c----w c:\windows\$NtUninstallKB951748_1$\dnsapi.dll

+ 2008-04-14 16:04:44 247,296 -c----w c:\windows\$NtUninstallKB951748_1$\mswsock.dll

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB951748_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB951748_1$\spuninst\updspapi.dll

+ 2008-04-13 19:20:16 361,344 -c----w c:\windows\$NtUninstallKB951748_1$\tcpip.sys

+ 2008-04-13 19:00:02 225,664 -c----w c:\windows\$NtUninstallKB951748_1$\tcpip6.sys

+ 2008-05-01 14:33:36 331,776 -c----w c:\windows\$NtUninstallKB952287_1$\msadce.dll

+ 2007-11-30 11:21:42 232,824 -c----w c:\windows\$NtUninstallKB952287_1$\spuninst\spuninst.exe

+ 2007-11-30 11:21:48 392,568 -c----w c:\windows\$NtUninstallKB952287_1$\spuninst\updspapi.dll

+ 2008-04-14 16:04:42 73,728 -c----w c:\windows\$NtUninstallKB952954_1$\mscms.dll

+ 2007-11-30 12:40:57 232,824 -c----w c:\windows\$NtUninstallKB952954_1$\spuninst\spuninst.exe

+ 2007-11-30 12:41:00 392,568 -c----w c:\windows\$NtUninstallKB952954_1$\spuninst\updspapi.dll

+ 2007-03-06 03:38:55 214,752 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe

+ 2007-03-06 03:40:05 381,152 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll

+ 2007-08-13 17:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll

- 2008-08-26 08:26:56 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2008-10-16 19:50:30 132,608 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll

+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat

- 2008-08-27 09:27:02 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-27 13:57:02 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll

+ 2008-08-27 13:57:02 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll.001

+ 2007-03-06 03:38:48 22,752 -c----w c:\windows\ie7updates\KB958215-IE7\spcustom.dll

+ 2007-03-06 03:38:50 15,072 -c----w c:\windows\ie7updates\KB958215-IE7\spmsg.dll

+ 2007-03-06 03:38:55 214,752 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst.exe

- 2007-03-06 03:38:55 214,752 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe

- 2007-03-06 03:40:05 381,152 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll

+ 2007-03-06 03:39:14 719,584 -c----w c:\windows\ie7updates\KB958215-IE7\update.exe

+ 2007-03-06 03:40:05 381,152 -c----w c:\windows\ie7updates\KB958215-IE7\updspapi.dll

+ 2009-01-02 10:35:05 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe

+ 2009-01-02 10:35:05 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2009-01-02 10:35:06 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

+ 2009-01-02 10:35:06 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2009-01-02 10:35:06 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

+ 2009-01-02 10:35:06 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe

- 2008-09-28 19:50:24 16,384 ------w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-01-07 20:46:32 16,384 ------w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-09-28 19:50:24 32,768 ------w c:\windows\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

+ 2009-01-07 20:46:32 32,768 ------w c:\windows\system32\config\systemprofile\Lokala inställningar\Temporary Internet Files\Content.IE5\index.dat

- 2008-09-28 19:50:24 32,768 ------w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2009-01-07 20:46:32 32,768 ------w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\index.dat

+ 2009-01-07 20:46:24 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012009010720090108\index.dat

- 2008-04-14 16:04:35 35,328 ------w c:\windows\system32\corpol.dll

+ 2008-04-14 20:34:36 35,328 ------w c:\windows\system32\corpol.dll

+ 2006-09-23 12:13:04 1,022,976 ------w c:\windows\system32\dllcache\browseui.dll

+ 2007-08-13 17:42:54 17,408 ------w c:\windows\system32\dllcache\corpol.dll

+ 2007-08-13 17:45:18 78,336 ------w c:\windows\system32\dllcache\ieencode.dll

+ 2006-09-23 12:13:04 1,497,088 ------w c:\windows\system32\dllcache\shdocvw.dll

+ 2006-09-23 12:13:04 474,112 ------w c:\windows\system32\dllcache\shlwapi.dll

- 2007-07-12 23:32:34 765,952 ------w c:\windows\system32\dllcache\vgx.dll

+ 2008-05-27 17:30:36 765,952 ----a-w c:\windows\system32\dllcache\vgx.dll

+ 2008-12-12 03:29:18 255,536 ----a-w c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys

+ 2009-01-07 16:28:26 362,544 ----a-w c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys

+ 2008-12-12 03:29:18 306,736 ----a-w c:\windows\system32\drivers\NIS\1002000.007\srtsp.sys

+ 2008-12-12 03:29:18 43,696 ----a-w c:\windows\system32\drivers\NIS\1002000.007\srtspx.sys

+ 2008-12-12 03:29:18 12,976 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symdns.sys

+ 2008-12-12 03:29:19 309,296 ----a-w c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys

+ 2008-12-12 03:29:19 89,904 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symfw.sys

+ 2008-12-12 03:29:19 34,608 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symids.sys

+ 2008-12-12 03:29:20 37,424 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symndis.sys

+ 2008-12-12 03:29:20 40,496 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symndisv.sys

+ 2008-12-12 03:29:20 24,624 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symredrv.sys

+ 2008-12-12 03:29:20 198,192 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symtdi.sys

- 2008-10-16 13:16:31 70,656 ------w c:\windows\system32\ie4uinit.exe

+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe

- 2007-07-01 03:31:33 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat

+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat

- 2008-04-14 16:04:39 81,920 ----a-w c:\windows\system32\ieencode.dll

+ 2008-04-14 20:34:40 81,920 ----a-w c:\windows\system32\ieencode.dll

- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe

+ 2009-01-06 17:53:11 144,792 ----a-w c:\windows\system32\java.exe

- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2009-01-06 17:53:11 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2009-01-06 17:53:11 148,888 ----a-w c:\windows\system32\javaws.exe

+ 2008-10-05 03:24:02 3,695,008 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32.dll

+ 2008-10-05 03:24:04 235,936 ----a-w c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

+ 2009-01-07 16:08:57 84,661 ----a-w c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

- 2008-10-26 07:46:38 54,416 ----a-w c:\windows\system32\perfc009.dat

+ 2009-01-01 14:47:58 54,416 ----a-w c:\windows\system32\perfc009.dat

- 2008-10-26 07:46:38 64,822 ----a-w c:\windows\system32\perfc01D.dat

+ 2009-01-01 14:47:58 64,822 ----a-w c:\windows\system32\perfc01D.dat

- 2008-10-26 07:46:38 384,732 ----a-w c:\windows\system32\perfh009.dat

+ 2009-01-01 14:47:58 384,732 ----a-w c:\windows\system32\perfh009.dat

- 2008-10-26 07:46:38 387,910 ----a-w c:\windows\system32\perfh01D.dat

+ 2009-01-01 14:47:58 387,910 ----a-w c:\windows\system32\perfh01D.dat

+ 2008-10-16 20:33:34 172,032 ----a-w c:\windows\system32\qdbon.dll

+ 2008-04-14 15:40:21 40,320 ----a-w c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\intelppm.sys

- 2008-01-03 17:13:47 172,612 ------w c:\windows\system32\Restore\rstrlog.dat

+ 2009-01-05 12:52:42 350,148 ----a-w c:\windows\system32\Restore\rstrlog.dat

- 2008-04-14 16:05:20 7,680 ----a-w c:\windows\system32\spdwnwxp.exe

+ 2008-04-14 20:35:22 7,680 ----a-w c:\windows\system32\spdwnwxp.exe

- 2007-08-10 18:54:46 26,488 ----a-w c:\windows\system32\spupdsvc.exe

+ 2007-08-10 19:54:46 26,488 ----a-w c:\windows\system32\spupdsvc.exe

+ 2009-01-01 14:58:13 59,392 ------r c:\windows\system32\streamhlp.dll

+ 2009-01-08 15:52:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_3f8.dat

+ 2009-01-08 15:54:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_490.dat

+ 2008-04-14 16:02:44 1,724,416 ----a-w c:\windows\WinSxS\InstallTemp\17939787\GdiPlus.dll

+ 2008-04-14 16:02:45 1,054,208 ----a-w c:\windows\WinSxS\InstallTemp\17950935\comctl32.dll

- 2008-04-14 16:02:44 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2008-04-14 20:32:46 74,802 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

- 2008-04-14 16:02:44 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

+ 2008-04-14 20:32:46 995,383 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

- 2008-04-14 16:02:45 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

+ 2008-04-14 20:32:46 1,011,774 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

- 2008-04-14 16:02:45 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

+ 2008-04-14 20:32:46 401,462 ----a-w c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

- 2008-04-14 16:02:45 1,054,208 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

+ 2008-04-14 20:32:46 1,054,208 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

- 2008-04-14 16:02:45 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll

+ 2008-04-14 20:32:46 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll

- 2008-04-14 16:02:45 343,040 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

+ 2008-04-14 20:32:46 343,040 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll

- 2008-04-14 16:02:44 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll

+ 2008-04-14 20:32:46 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\GdiPlus.dll

- 2008-04-14 16:02:44 852,992 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll

+ 2008-04-14 20:32:46 852,992 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll

- 2008-04-14 16:02:44 990,720 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll

+ 2008-04-14 20:32:46 990,720 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll

- 2008-04-14 15:42:59 132,608 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_sv_7e5e60c6\rtcres.dll

+ 2008-04-14 20:13:00 132,608 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_sv_7e5e60c6\rtcres.dll

.

-- Snapshot återställt till dagens datum --

.

(((((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* tomma poster & legitima standardposter visas inte

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

"updateMgr"="c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]

"CTDVDDET"="c:\program\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]

"VolPanel"="c:\program\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 122880]

"AudioDrvEmulator"="c:\program\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 49152]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"HPHUPD08"="c:\program\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"PCMService"="c:\program\CyberLink\PowerCinema\PCMService.exe" [2006-02-24 147456]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\program\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2005-01-01 180269]

"Net iD"="c:\windows\system32\iid.exe" [2008-02-22 74992]

"AppleSyncNotifier"="c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-03 116040]

"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2008-05-27 413696]

"iTunesHelper"="c:\program\iTunes\iTunesHelper.exe" [2008-07-30 289064]

"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-01-06 136600]

"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2005-08-08 c:\windows\CTHELPER.EXE]

"CTxfiHlp"="CTXFIHLP.EXE" [2005-08-08 c:\windows\system32\CTXFIHLP.EXE]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartAdobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

HP Digital Imaging Monitor.lnk - c:\program\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

Personal.lnk - c:\program\Personal\bin\Personal.exe [2006-08-17 438272]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 12:41 294912 c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aeydcsgs]

2008-12-31 16:34 400404 c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]

"Debugger"=c:\windows\system32\wkgszvx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program\\uTorrent\\uTorrent.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

 

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-07 255536]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-07 362544]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081220.001\IDSxpx86.sys [2009-01-07 274808]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]

R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-01-01 2799488]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-07 99376]

R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

R4 Norton Internet Security;Norton Internet Security;c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-07 115560]

R4 PWSYSDRV;PWSYSDRV;c:\windows\system32\drivers\pwsysdrv.sys [2006-10-12 17072]

S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2005-01-01 468768]

S4 Automatisk LiveUpdate-schemaläggare;Automatisk LiveUpdate-schemaläggare;"c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\program\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]

.

Innehållet i mappen 'Schemalagda aktiviteter'

 

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2009-01-08 c:\windows\Tasks\Google Software Updater.job

- c:\program\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 10:30]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.newsnow.co.uk/newsfeed/?name=Liverpool

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\OFFICE11\EXCEL.EXE/3000

Trusted Zone: www.apple.com

Trusted Zone: www.extrafilm.se

Trusted Zone: www.postfoto.se

Trusted Zone: www.svt.se

Trusted Zone: cve.trust.telia.com

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll

 

O16 -: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://solid.seb.se/exchweb/controls/,DanaInfo=skcc020a.sebank.se,CT=java+DAX.cab

c:\windows\Downloaded Program Files\DAX.inf

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-08 17:33:57

Windows 5.1.2600 Service Pack 3 NTFS

 

genomsöker dolda processer ...

 

genomsöker dolda autostartpunkter ...

 

genomsöker dolda filer ...

 

genomsökningen avslutades lyckosamt

dolda filer: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program\Norton Internet Security\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"

.

--------------------- DLLer installerade under pågående processer ---------------------

 

- - - - - - - > 'winlogon.exe'(888)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

.

Sluttid: 2009-01-08 17:37:29

ComboFix-quarantined-files.txt 2009-01-08 16:37:27

ComboFix2.txt 2008-12-21 13:24:16

ComboFix3.txt 2007-10-16 16:27:25

ComboFix4.txt 2007-10-15 19:07:34

 

Före genomsökningen: 181,218,504,704 byte ledigt

Efter genomsökningen: 181,336,752,128 byte ledigt

 

395 --- E O F --- 2009-01-07 22:01:28

 

 

[/log]

 

Link to comment
Share on other sites

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\000001_.tmp

c:\windows\system32\mlfcache.dat

c:\windows\d3dx.dat

c:\windows\system32\xa19524250.exe

c:\windows\system32\xa19522671.exe

c:\windows\system32\xwr20356.dll

c:\windows\system32\wr20356.dll

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

c:\documents and settings\HP_Ägaren\Application Data\cwdsiwvk.dll

c:\windows\system32\usootjpmfcuqdzm.exe

c:\windows\system32\wkgszvx.exe

 

Vad finns i mappen C:\games?

 

Link to comment
Share on other sites

Det tog lång tid...Tydligen hade jag en kopia av en fil som verkar vara lite skum. Den låg bla i gamesmappen och är ett dataspel. Eftersom den filen låg dubbelt så verkar följfelen också ha blivit dubbla.

 

 

[log]Fil 003167_.tmp

Antivirus Resultat

a-squared -

AhnLab-V3 -

AntiVir -

Authentium -

Avast -

AVG -

BitDefender -

CAT-QuickHeal -

ClamAV -

Comodo -

DrWeb -

eSafe -

eTrust-Vet -

Ewido -

F-Prot -

F-Secure -

Fortinet -

GData -

Ikarus -

K7AntiVirus -

Kaspersky -

McAfee -

McAfee+Artemis -

Microsoft -

NOD32 -

Norman -

Panda -

PCTools -

Prevx1 Malicious Software

Rising -

SecureWeb-Gateway -

Sophos -

Sunbelt -

Symantec -

TheHacker -

TrendMicro -

VBA32 -

ViRobot -

VirusBuster -

 

mlfcache.dat samt för d3dx.dat hittades det inga konstigheter

 

c:\windows\system32\xa19524250.exe

c:\windows\system32\xa19522671.exe

Ovanstående två filer är samma fil, de var för stora för att köras.

 

 

Fil xwr20356.dll samt c:\windows\system32\wr20356.dll är samma fil

Antivirus Resultat

a-squared -

AhnLab-V3 -

AntiVir -

Authentium -

Avast -

AVG -

BitDefender -

CAT-QuickHeal -

ClamAV -

Comodo -

DrWeb -

eSafe -

eTrust-Vet -

F-Prot -

F-Secure -

Fortinet -

GData -

Ikarus -

K7AntiVirus -

Kaspersky -

McAfee -

McAfee+Artemis -

Microsoft Trojan:Win32/Chepdu.F

NOD32 -

Norman -

Panda -

PCTools -

Prevx1 Cloaked Malware

Rising -

SecureWeb-Gateway -

Sophos -

Sunbelt -

TheHacker -

TrendMicro -

VBA32 -

ViRobot -

VirusBuster -

 

Fil byukybhs.dll samt c:\documents and settings\HP_Ägaren\Application Data\cwdsiwvk.dll är samma fil

Antivirus Resultat

a-squared -

AhnLab-V3 -

AntiVir -

Authentium W32/AdAgent.B.gen!Eldorado

Avast -

AVG -

BitDefender -

CAT-QuickHeal -

ClamAV -

Comodo -

DrWeb BACKDOOR.Trojan

eTrust-Vet -

Ewido -

F-Prot W32/AdAgent.B.gen!Eldorado

F-Secure -

Fortinet -

GData -

Ikarus -

K7AntiVirus -

Kaspersky -

McAfee -

McAfee+Artemis -

Microsoft -

NOD32 probably a variant of Win32/Adware.SecToolbar

Norman -

Panda -

PCTools -

Prevx1 -

Rising -

SecureWeb-Gateway -

Sophos Mal/Behav-027

Sunbelt -

Symantec -

TheHacker -

TrendMicro -

VBA32 -

ViRobot -

VirusBuster -

 

Fil usootjpmfcuqdzm.exe

Antivirus Resultat

a-squared -

AhnLab-V3 -

AntiVir -

Authentium -

Avast -

AVG -

BitDefender -

CAT-QuickHeal -

ClamAV -

Comodo -

DrWeb -

eSafe -

eTrust-Vet -

F-Prot -

F-Secure -

Fortinet -

GData -

Ikarus -

K7AntiVirus -

Kaspersky -

McAfee -

McAfee+Artemis -

Microsoft -

NOD32 -

Norman -

Panda -

PCTools Adware.Adrotator.GEN

Prevx1 -

Rising -

SecureWeb-Gateway -

Sophos -

Sunbelt -

Symantec -

TheHacker Adware/AdRotator

TrendMicro -

VBA32 -

ViRobot -

VirusBuster -

 

Den sista filen c:\windows\system32\wkgszvx.exe hittas ej?

[/log]

 

Lagt till LOG-taggar

När du har klistrat in en logg eller annat långt textstycke så var vänlig och markera loggen och tryck sedan på LOG-knappen som finns på samma rad som :thumbsdown::thumbsup: i inläggsfönstret.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-01-08 22:35:17 av Cecilia]

Link to comment
Share on other sites

Vad heter filen i games-mappen? Kan du skanna den också på virustotal?

 

Tillägg:

Vet du varifrån du har laddat ner detta, vad det är för dataspel?

 

Vet du hur du gör en zip-fil?

I så fall så gör en zip-fil av dessa filer:

c:\windows\system32\xa19524250.exe

c:\windows\system32\xwr20356.dll

c:\documents and settings\HP_Ägaren\Application Data\aeydcsgs.dll

c:\windows\system32\usootjpmfcuqdzm.exe

 

Zippa hela games-mappen också.

 

Ladda upp zip-filerna på http://www.skickafilen.se/ och som e-post-adress anger du min som du ser när du trycker på Anv.info i underkanten av detta inlägg.

Jag kommer då att ladda ner filerna och sedan skicka dem vidare till antivirusföretagen så att de kan uppdatera sina program.

 

[inlägget ändrat 2009-01-08 22:55:14 av Cecilia]

Link to comment
Share on other sites

Sorry ang den långa texten.

 

c:\windows\system32\xa19524250.exe

c:\windows\system32\xa19522671.exe

Ovanstående filer var själva installationsfilen, som det var två av, den som ligger i gamesmappen var inte exakt samma fil såg jag nu utan det var själva startfilen för spelet. Där hittades följande;

 

SecureWeb-Gateway 6.7.6 2008.12.22 Win32.Malware.gen#PECompact!92 (suspicious)

 

Är det läge o ta bort spelet o hoppas på ett under att det andra löser sig?:)

 

 

 

 

 

Link to comment
Share on other sites

Jag gjorde ett tillägg i mitt förra inlägg, du såg nog inte det.

Först zippa filer och mapp som jag skrev där sedan kan du avinstallera spelet (om det går) och sedan en ny ComboFix-logg.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...