Fel med 'hook', kan vara virus/program?

[jonathan_3]

Lirar en del spel på datorn och har tankat diverse program och spel för att lira och underlätta med.

 

Dock så är det en del som inte funkar, och med mina begränsade kunskaper skulle jag chansa på att det bara är de som använder sig av .dll, alltså, hookar / injicerar in i olika program.

 

Just nu lirar jag mycket Warcraft 3 och de alltid så populära banlist och custom kick osv, vill då inte injicera.

 

På banlist står det att något redan har hookat wc3, som fraps, men jag har avinstallerat de program som kan tänkas hooka för länge sedan.

Hittat lösningar för vista, men dessa går ej på xp, samt att det är fler program som ej funkar.

 

Återigen med mina kunskaper skulle jag tro att detta är felet med alla program som inte funkar korrekt för mig, att något redan har hunnit före med att hooka, även fast jag inte öppnat något annat.

 

Jag har stängt av onödiga processer på min användare, har en del 'meningslösa' program på datorn, men kan inte tänka mig att de skulle injicera sig i spelet även om jag ens skulle starta dem.

 

Känns som att det är något virus / program som försöker blockera för mig men jag har scannat datorn efter virus och inte hittat något, så om det kan vara något program som inte syns som virus, men som fortfarande är dåligt för datorn?

 

Skulle uppskatta hjälp om någon vet!

 

//MvH Jonathan

 

[Cecilia]

men jag har scannat datorn efter virus och inte hittat något

Vad har du skannat med för något?

 

[jonathan_3]

Ewido och ad-aware

 

Gjorde full scan, men allt som hittades var cookies

 

[Cecilia]

Pröva med Malwarebytes' Anti-Malware (MBAM) och Kasperskys online-skanning:

http://www.malwarebytes.org/mbam.php

http://usa.kaspersky.com/products_services/free-virus-scanner.php

 

 

[jonathan_3]

Scannade men hittade ingenting mer där =/

 

Letat runt lite mer och hittade att många inte kunde köra vissa program, för de behövde "få tillgång till processer" ungefär, så hittade ett program som tydligen kunde ge det, så att de får tillgång att sätta sig in i processer, (dvs, man gav en process/ett program, systemtillgång eller liknande, så att denna kunde koppla sig till vilken process som helst)

 

Detta funkade dock inte. >.>

 

Ser även att de enda processer jag kan stänga av är de som jag har på min användare, funkar alltså inte att stänga av systemets processer. Jag har administratör på kontot så det bör gå, men jag får inte.

Vet att detta kanske inte riktigt hör hemma här, men hur ska jag få tillgång för att stänga av systemets processer?

 

Kan det vara så att nånting blockerar min tillgång och samtidigt förhindrar att processer kopplar ihop sig?

 

Helt vilse här, tydligen verkar det inte vara virus som är det onda, så det kanske är en process som har tryckt in sig långt in i minnet eller något? (inte så skillad så bara sitter och fantiserar lite här)

 

Har en del processer som jag inte är helt säker på vad de gör, + att det sitter och går lite ipod service och apple mobile device service, och säkert något mer, som inte används alls för tillfället.

 

[Cecilia]

Ser även att de enda processer jag kan stänga av är de som jag har på min användare, funkar alltså inte att stänga av systemets processer.

En del är skyddade av Windows och/eller säkerhetsprogram så att du inte ska kunna krascha Windows. Annars så känner jag inte igen det från XP utan bara från Vista.

 

Men jag har kanske lättare att hänga med om jag får se vad som händer i datorn. Ladda ner HijackThis från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

[jonathan_3]

Sådär, kollade igenom lite och misstänker att det är vissa filer/saker som visas som inte är helt som det ska

 

kollade upp denna;

Sy21dsgate Personal Firewall playboy1.exe

 

tydligen virus, vill gärna ta bort den, men väntar tålmodigt på svar så jag inte gör något dumt

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:09:05, on 2009-01-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\com hem security\Anti-Virus\fsgk32st.exe

C:\Program\com hem security\Anti-Virus\FSGK32.EXE

C:\Program\com hem security\Common\FSMA32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\com hem security\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\com hem security\Common\FSMB32.EXE

C:\Program\com hem security\Common\FCH32.EXE

C:\Program\com hem security\Common\FAMEH32.EXE

C:\Program\com hem security\Anti-Virus\fsqh.exe

C:\Program\com hem security\FSAUA\program\fsaua.exe

C:\Program\com hem security\FWES\Program\fsdfwd.exe

C:\Program\com hem security\Anti-Virus\fsav32.exe

C:\Program\com hem security\FSAUA\program\fsus.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\vsnpstd.exe

C:\Program\com hem security\Common\FSM32.EXE

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\com hem security\FSGUI\fsguidll.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\com hem security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\com hem security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [okrw] C:\Program\DELADE~1\okrw\okrwm.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [sy21dsgate Personal Firewall] playboy1.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jullan\Start-meny\Program\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.se/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://betway.microgaming.com/betway/FlashAX2.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManagerkontroll) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E56DEBDB-FB13-4EBC-9ACF-E354E53C0A38}: NameServer = 83.255.245.10,83.255.249.10

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\com hem security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\com hem security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\com hem security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\com hem security\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10594 bytes[/log]

 

[Brynäsarn]

Jag ser i Hijack-loggen att det finns en java-version med säkerhetshål

i datorn.Jag rekommenderar att du laddar hem och installerar

uppdaterad version http://www.java.com/sv/ Avinstallera sedan

den gamla i Kontrollpanelen Lägg till/ta bort program

 

[Cecilia]

Håller med att det ser misstänkt ut.

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\Program\DELADE~1\okrw\okrwm.exe

C:\WINDOWS\System32\playboy1.exe

C:\WINDOWS\playboy1.exe

(om du själv hittar filen i datorn så skanna just den filen då behöver du ju inte pröva med två mappar)

 

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

Vet du om det är något du har ställt in själv?

 

[jonathan_3]

installerade nya java, hade redan java 6, fast inte update 11

sen tog ja bort java 2 som var installerad

 

sen när jag skulle verifiera min nya java version, så stod det att jag inte hade java runtime *nånting* och jag tänkte installera, så funkade de inte utan jag var tvungen att installera manuellt

 

Då kom det upp att jag redan hade den versionen men jag tänkte "äh det är väl en bättre då"

 

men nej, den funkade inte "Error unpacking core files"

och den avslutades

 

Felet nu är att update 11 är borta, och jag kan inte installera den jag fixade först heller; "Error unpacking core files"

 

Men jag använder inte java, det har vart fel ett par månader för mig och jag tänkte inte mer på det (förutom att vissa sidor kan man inte besöka)

 

Men ska jag ta bort de andra updates jag har och försöka på nytt kanske?

Har update 5 och 7 tror ja det var.

 

[jonathan_3]

C:\Program\DELADE~1\okrw\okrwm.exe

 

den filen finns ej, finns okrwm.lck (LCK)

 

men den ligger på 0 byte, finns även 2 andra .lck filer där men de är båda 2 på 0 byte

 

så den kan inte söka igenom tydligen

 

Den är inte dold heller, dock hittade jag en okrw-mapp i \WINDOWS, men det fanns ingen sådan fil där

 

playboy1.exe verkar inte finnas, hittar ingenstans och när jag använde sök så hittades den ej, kan det vara så att den ligger djupt inrotad eller att den maskerar sig, fast hjt hittar rätt namn?

 

 

 

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

Vet du om det är något du har ställt in själv?

 

nej, inte ställt in det, fast jag använder aldrig msn search heller, men ska man göra något åt det, om det kan vara problematiskt dvs.

 

[Cecilia]

Hijackthis-loggen listar referenser till filer som finns i registret, så det kan vara så att det bara finns referenser men filerna är borta sedan länge. Men vi kollar väl upp det för säkerhets skull. Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

O1-raderna kan lätt fixas när vi vet att inget annat döljer sig i datorn.

 

Man ska ta bort alla gamla Java-versioner, men inte akut så vänta tills vi vet att datorn är ren.

 

[jonathan_3]

sådär ja, mycket text, verkar dock som att filen är borta

 

[log]OTViewIt Extras logfile created on: 2009-01-14 00:39:42 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jax\Skrivbord

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511,36 Mb Total Physical Memory | 150,09 Mb Available Physical Memory | 29,35% Memory free

1,22 Gb Paging File | 0,78 Gb Available in Paging File | 64,04% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 127,99 Gb Total Space | 44,61 Gb Free Space | 34,86% Space Free | Partition Type: NTFS

Drive D: | 591,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HEM

Current User Name: Jax

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004-08-04 09:34:42 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-08-12 11:22:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[2006-10-10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004-08-04 09:34:42 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server

File not found -- C:\Program\BitLord\BitLord.exe:*:Enabled:BitLord

File not found -- C:\Documents and Settings\Jax\Skrivbord\ventrilo_2_1_2_server_windows\ventrilo_srv.exe:*:Enabled:ventrilo_srv

[2006-05-23 14:46:44 | 00,081,920 | ---- | M] (Valve) -- C:\Program\Steam\SteamApps\jaxzor\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher

[2006-05-23 19:39:04 | 00,081,920 | ---- | M] (Valve) -- C:\Program\Steam\SteamApps\jaxzor\condition zero\hl.exe:*:Enabled:Half-Life Launcher

File not found -- C:\Program\Steam\SteamApps\jaxzor\counter-strike\hl.exe:*:Enabled:Half-Life Launcher

File not found -- C:\Program\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader

File not found -- C:\Program\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-enGB-downloader.exe:*:Enabled:Blizzard Downloader

File not found -- C:\Program\EA GAMES\Slaget om Midgård\game.dat:*:Enabled:Slaget om Midgård

File not found -- C:\Program\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-enGB-downloader.exe:*:Enabled:Blizzard Downloader

[2006-10-10 14:15:26 | 01,544,192 | ---- | M] () -- C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++

File not found -- C:\Program\Soulseek\slsk.exe:*:Enabled:SoulSeek

File not found -- C:\Program\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-enGB-downloader.exe:*:Enabled:Blizzard Downloader

File not found -- C:\Program\Electronic Arts\Slaget om Midgård II\game.dat:*:Enabled:Slaget om Midgård™ II

File not found -- C:\Program\THQ\Dawn of War\W40k.exe:*:Enabled:W40K

File not found -- C:\Program\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enGB-downloader.exe:*:Enabled:Blizzard Downloader

[2004-10-13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2004-08-04 09:34:22 | 00,768,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe:*:Enabled:Fjärrhjälp - Windows Messenger och tal

[2008-10-15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

File not found -- C:\Program\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enGB-downloader.exe:*:Enabled:Blizzard Downloader

[2007-08-12 11:22:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

File not found -- C:\Documents and Settings\Katarina.HEM\Lokala inställningar\Temporary Internet Files\Content.IE5\M0TE7HOX\incredimail_install[1].exe:*:Enabled:IncrediMail Installer

[2007-08-28 11:46:09 | 00,517,472 | ---- | M] (IncrediMail Ltd.) -- C:\Documents and Settings\Katarina.HEM\Lokala inställningar\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer

File not found -- C:\Program\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail

File not found -- C:\Program\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail

[2007-08-21 10:41:16 | 00,090,161 | ---- | M] (IncrediMail, Ltd.) -- C:\Program\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail

[2007-01-25 21:54:50 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne

[2007-01-25 21:54:50 | 00,274,432 | ---- | M] (Blizzard Entertainment) -- C:\Program\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III

[2006-10-10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

File not found -- C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-02-04 14:18:34 | 19,926,824 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

File not found -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player

[2008-12-25 23:21:12 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\Program\com hem security\FSPS\program\fslsp.dll (F-Secure Corporation)

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-12 11:22:10 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [backWeb GA Pluggable Protocol])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2004-08-04 09:33:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2004-08-04 09:33:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2004-08-04 09:33:44 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001041D-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Professional

"{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}"=iTunes

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{1207DF3C-D72C-492F-8643-D96D1500641D}"=USB Printer Server Driver

"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{344856C1-4621-49DB-B5E4-728FDB08F82D}"=PowerLister

"{350C97BC-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}"=MVision

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}"=Oblivion

"{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION

"{51C91B84-7B46-4FE7-8999-8228CFA75F89}"=Intel® Integrated Performance Primitives RTI 4.0

"{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74}"=ArcSoft PhotoImpression 4

"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}"=The Sims 2

"{7689CA7A-1270-425A-9959-EB4CB25EA29A}"=Sony Ericsson PC Suite 1.20.224

"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III

"{7D2370AC-D8E6-4996-986A-19824F8A167C}"=Logitech QuickCam

"{8A16A4FC-B43F-46A6-8DB5-C42B145EBFBD}"=Windows Live Writer

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8E1DCD15-C9F1-49CE-807B-198C8241EB6B}"=ULi USB2.0 Controller Driver

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger

"{9EE54C1F-FC99-44D6-916A-0CA2D45E740F}"=Digimax Viewer 2.1

"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}"=Rome - Total War

"{AC76BA86-7AD7-1033-7B44-A00000000001}"=Adobe Reader 6.0.1

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B0C0F5E6-10B1-11D6-9296-0050BA073EEC}"=Presto! VideoWorks 6 (VCD Version)

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update

"{BAA6BD76-9B5A-4ED3-98BE-0127E8F14541}"=Windows Live Photo Gallery

"{BACBC990-8681-4D00-9227-F3A32123BB7A}"=Half-Life®

"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}"=Presto! Mr.Photo 3

"{BEF726DD-4037-4214-8C6A-E625C02D2870}"=Logitech Audio Echo Cancellation Component

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime

"{C140E041-CE7E-4947-87ED-630A2FEF6921}"=Dual Mode Digital Camera 3.0M

"{C151CE54-E7EA-4804-854B-F515368B0798}"=Athlon 64 Processor Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}"=Apple Mobile Device Support

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{EA516024-D84D-41F1-814F-83175A6188F2}"=Logitech Video Enumerator

"{EC16B64A-38A7-4D7D-BA2E-671ED441304F}"=ULi PCI to AGP Controller Driver

"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX

"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1"=WC3Banlist

"{F6D63A65-BD23-46F3-B9A3-87F442423481}"=SweetIM For Internet Explorer 3.0b

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin

"Adobe Shockwave Player"=Adobe Shockwave Player

"AdobeESD"=Adobe Download Manager 1.2 (endast avinstallation)

"All ATI Software"=ATI - Hjälp för avinstallation av program

"ATI Display Driver"=ATI Display Driver

"BetssonPoker"=Betsson Poker (remove only)

"Betway.com Poker"=Betway.com Poker

"DC++"=DC++ 0.698

"Diablo II"=Diablo II

"Everest Poker"=Everest Poker (Remove Only)

"Fallout Tactics"=Fallout Tactics

"FruityLoops Studio Producer Edition v5.02"=FruityLoops Studio Producer Edition v5.02

"F-Secure Product 277"=Com Hem Säkerhetspaket

"Guild Wars"=Guild Wars

"Hamachi"=Hamachi 1.0.1.5

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}"=iPod for Windows 2006-01-10

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}"=Age of Empires III

"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}"=Rome - Total War

"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}"=Vampire - The Masquerade Bloodlines

"Lame MP3 Codec (for the ACM)"=Lame ACM MP3 Codec

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"mIRC"=mIRC

"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Personal"=Personal 4.4.1

"PokerStars"=PokerStars

"QcDrv"=Drivrutiner till Logitech® Camera

"Snapfish Fotobok"=Snapfish Fotobok 3.06

"Steam"=Steam

"Sunplus CA533A"=Icatch(IV) Camera Driver

"The Rosetta Stone"=The Rosetta Stone

"TRUST 120 SPACEC@M"=TRUST 120 SPACEC@M

"ULi LAN Driver"=ULi PCI 10-100 Fast Ethernet Controller Driver

"ULi M5289 SATA Controller Driver"=ULi M5289 SATA Controller Driver

"VentriloMIX"=VentriloMIX

"WIC"=Windows Imaging Component

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 2

"WinPcapInst"=WinPcap 3.1

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6b

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"VobSub"=VobSub v2.23 (Remove Only)

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"XviD_is1"=XviD MPEG-4 Video Codec

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

"Warcraft III"=Warcraft III: All Products

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

"Warcraft III"=Warcraft III: All Products

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2009-01-13 14:34:33 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 14:52:38 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 16:25:23 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 16:56:40 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 16:58:03 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 18:44:47 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 18:54:42 | Computer Name = HEM | Source = F-Secure Anti-Virus | ID = 103

Description =

 

Error - 2009-01-13 18:55:01 | Computer Name = HEM | Source = MsiInstaller | ID = 10005

Description = Product: Java 6 Update 11 -- Error 25099. Unzipping core files

failed.

 

Error - 2009-01-13 18:57:55 | Computer Name = HEM | Source = MsiInstaller | ID = 10005

Description = Product: Java 6 Update 11 -- Error 25099. Unzipping core files

failed.

 

Error - 2009-01-13 18:58:49 | Computer Name = HEM | Source = MsiInstaller | ID = 10005

Description = Product: Java 6 Update 11 -- Error 25099. Unzipping core files

failed.

 

[ System Events ]

Error - 2009-01-08 17:20:07 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{7D8C9B6E-B0A6-433A-90D7-D44D080013D8}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe"

-Embedding

 

Error - 2009-01-08 17:20:54 | Computer Name = HEM | Source = F-Secure Gatekeeper | ID = 327681

Description =

 

Error - 2009-01-08 17:22:55 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{CD89D352-5A13-49F8-9EB5-7E6D1FB0CD57}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe"

-Embedding

 

Error - 2009-01-08 17:23:07 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{CD89D352-5A13-49F8-9EB5-7E6D1FB0CD57}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe"

-Embedding

 

Error - 2009-01-08 17:23:08 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{CD89D352-5A13-49F8-9EB5-7E6D1FB0CD57}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe"

-Embedding

 

Error - 2009-01-08 17:23:22 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{CD89D352-5A13-49F8-9EB5-7E6D1FB0CD57}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe"

-Embedding

 

Error - 2009-01-08 17:23:26 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{D0B7C734-2D1B-461D-93C6-8264DA4F038B}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe"

-Embedding

 

Error - 2009-01-08 17:46:15 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\Microsoft Shared\Windows

Live\WLLoginProxy.exe" -Embedding

 

Error - 2009-01-08 17:48:07 | Computer Name = HEM | Source = DCOM | ID = 10000

Description = Det gick inte att starta en DCOM-server:{CD79C623-E1B7-47CF-A685-2E8A882BA3F8}.

Felet:

%2

Inträffade

när det här kommandot startade: "C:\Program\Delade filer\Microsoft Shared\Windows

Live\WLLoginProxy.exe" -Embedding

 

Error - 2009-01-13 14:21:58 | Computer Name = HEM | Source = Service Control Manager | ID = 7000

Description = Tjänsten Dual Mode Video Camera Device kunde inte startas på grund

av följande fel: %%1058

 

 

< End of report >[/log]

 

 

[log]OTViewIt logfile created on: 2009-01-14 00:39:42 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jax\Skrivbord

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511,36 Mb Total Physical Memory | 150,09 Mb Available Physical Memory | 29,35% Memory free

1,22 Gb Paging File | 0,78 Gb Available in Paging File | 64,04% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 127,99 Gb Total Space | 44,61 Gb Free Space | 34,86% Space Free | Partition Type: NTFS

Drive D: | 591,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HEM

Current User Name: Jax

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2005-05-13 03:09:02 | 00,368,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program\Lavasoft\Ad-Aware\aawservice.exe

[2007-02-06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe

[2008-01-15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-02-13 11:38:08 | 00,049,664 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Anti-Virus\fsgk32st.exe

[2008-10-24 15:46:04 | 00,432,224 | ---- | M] (F-Secure Corp.) -- C:\Program\com hem security\Anti-Virus\fsgk32.exe

[2008-02-13 11:38:56 | 00,115,168 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Common\FSMA32.EXE

[2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program\Analog Devices\SoundMAX\SMAgent.exe

[2008-10-24 15:46:04 | 00,514,656 | ---- | M] (F-Secure Corp.) -- C:\Program\com hem security\Anti-Virus\fssm32.exe

[2008-02-04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe

[2008-02-13 11:38:56 | 00,233,952 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Common\FSMB32.EXE

[2008-02-13 11:38:54 | 00,127,456 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Common\FCH32.EXE

[2008-02-13 11:38:54 | 00,393,640 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Common\FAMEH32.EXE

[2008-02-13 11:38:10 | 00,045,544 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Anti-Virus\fsqh.exe

[2008-02-13 11:37:14 | 00,463,272 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\FSAUA\program\fsaua.exe

[2008-02-13 11:38:20 | 00,455,080 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\FWES\program\fsdfwd.exe

[2008-02-13 11:38:08 | 00,326,056 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Anti-Virus\fsav32.exe

[2008-02-22 13:16:54 | 00,176,552 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\FSAUA\program\fsus.exe

[2005-05-12 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

[2003-12-31 15:39:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

[2008-02-13 11:38:54 | 00,184,800 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Common\FSM32.EXE

[2003-07-30 09:08:58 | 00,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program\Analog Devices\SoundMAX\SMTray.exe

[2008-02-13 11:38:44 | 00,467,368 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\FSGUI\fsguidll.exe

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe

[2009-01-13 23:58:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2009-01-14 00:35:57 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jax\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])

[2008-01-15 02:40:04 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005-05-13 03:09:02 | 00,368,640 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2005-05-12 21:05:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008-02-13 11:38:08 | 00,049,664 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])

[2008-02-13 11:37:14 | 00,463,272 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Running])

[2008-02-13 11:38:20 | 00,455,080 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\FWES\program\fsdfwd.exe -- (FSDFWD [On_Demand | Running])

[2008-02-13 11:38:56 | 00,115,168 | ---- | M] (F-Secure Corporation) -- C:\Program\com hem security\Common\FSMA32.EXE -- (FSMA [Auto | Running])

[2005-04-03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008-02-04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2007-02-06 17:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])

[2007-02-06 17:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])

[2005-08-02 22:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])

[2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-10-18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[2009-01-13 23:58:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

 

========== Driver Services ==========

 

[2004-02-11 14:34:46 | 00,016,855 | ---- | M] (An Chen Computer Co., Ltd.) -- C:\WINDOWS\system32\drivers\Achernar.sys -- (Achernar [boot | Running])

[2002-04-01 22:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])

[2004-02-11 14:34:50 | 00,021,808 | ---- | M] (An Chen Computer Co., Ltd.) -- C:\WINDOWS\system32\drivers\Aldebaran.sys -- (Aldebaran [On_Demand | Running])

[2005-02-21 15:09:28 | 00,083,596 | ---- | M] (ULi Corporation) -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD [Auto | Running])

[2005-02-21 15:32:04 | 00,010,326 | ---- | M] (ULi Corporation) -- C:\WINDOWS\system32\drivers\AliGP.sys -- (aligp [On_Demand | Running])

[2001-09-28 13:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2005-02-21 15:12:24 | 00,005,331 | ---- | M] (ULi Corporation) -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub [On_Demand | Running])

[2004-05-08 10:22:14 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2005-05-13 03:15:08 | 01,198,080 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2002-10-21 10:37:16 | 00,515,803 | ---- | M] (Digital Camera) -- C:\WINDOWS\system32\drivers\Ca533av.sys -- (Ca533av [Auto | Stopped])

[2006-06-27 19:55:06 | 00,223,128 | ---- | M] () -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Running])

[2008-02-13 11:38:10 | 00,041,640 | ---- | M] () -- C:\Program\com hem security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter [Disabled | Stopped])

[2008-02-13 11:38:10 | 00,063,912 | ---- | M] () -- C:\Program\com hem security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])

[2008-05-12 14:57:45 | 00,041,184 | ---- | M] () -- C:\Program\com hem security\HIPS\fshs.sys -- (F-Secure HIPS [system | Running])

[2008-02-13 11:38:10 | 00,027,048 | ---- | M] () -- C:\Program\com hem security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer [Disabled | Stopped])

[2008-05-12 14:58:00 | 00,051,072 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW [boot | Running])

[2006-09-19 14:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2008-02-22 19:32:20 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped])

[2007-02-06 17:42:40 | 01,691,808 | ---- | M] () -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap [On_Demand | Running])

[2007-02-06 17:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv [On_Demand | Running])

[2007-02-03 10:30:58 | 01,507,232 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt [On_Demand | Running])

[2007-02-06 17:45:04 | 00,025,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])

[2006-06-22 23:29:43 | 00,055,984 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus [On_Demand | Stopped])

[2007-02-03 10:32:36 | 00,041,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Running])

[2007-02-03 10:32:46 | 01,939,360 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Running])

[2004-12-01 10:49:18 | 00,051,840 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\drivers\m5289.sys -- (m5289 [boot | Running])

[2004-08-04 06:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])

[2005-08-02 22:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2004-04-01 15:30:46 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])

[2001-09-28 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005-11-17 17:19:28 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2001-09-28 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])

[2006-05-01 12:16:22 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2004-04-19 15:42:52 | 00,602,880 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])

[2004-02-19 13:12:34 | 00,299,776 | ---- | M] () -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd [On_Demand | Stopped])

[2006-06-27 19:51:44 | 00,642,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2001-09-06 19:12:12 | 00,006,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam [On_Demand | Running])

[2004-12-31 15:24:16 | 00,028,160 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\drivers\ULILAN.SYS -- (ULI5261 [On_Demand | Running])

[2004-07-08 15:58:50 | 00,044,928 | ---- | M] (ULi Electronics Inc.) -- C:\WINDOWS\system32\drivers\AGPKX.SYS -- (uliagpkx [boot | Running])

[2004-08-04 07:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])

[2002-12-04 13:38:26 | 00,011,144 | ---- | M] (USB BULK) -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera [On_Demand | Stopped])

[2001-09-28 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://home.sweetim.com

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.google.com/ie

"SearchAssistant"=http://www.google.com/ie

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Start Page"=http://www.google.se/

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://www.google.com/ie

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://www.google.com/search?q=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"=about:blank

"First Home Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}

"Local Page"=C:\WINDOWS\System32\blank.htm

"Search Page"=about:blank

"Start Page"=about:blank

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]

"provider"=

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"=about:blank

"First Home Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&ar=runonce&pver={SUB_PVER}&plcid={SUB_CLSID}

"Local Page"=C:\WINDOWS\System32\blank.htm

"Search Page"=about:blank

"Start Page"=about:blank

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]

"provider"=

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Start Page"=http://www.google.se/

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://www.google.com/ie

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\Software\Microsoft\Internet Explorer\SearchURL]

""=http://www.google.com/search?q=%s

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (2337 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

127.0.0.1 sds-qckads.com

127.0.0.1 status.qckads.com

127.0.0.1 www.qoolaid.com

127.0.0.1 www.qoologic.com

127.0.0.1 www.CLKPrecision.com

127.0.0.1 www.urllogic.com

127.0.0.1 www.clkoptimizer.com

127.0.0.1 www.isearch.com

127.0.0.1 isearch.com

127.0.0.1 www.idownload.com

127.0.0.1 idownload.com

127.0.0.1 www.mytotalsearch.com

127.0.0.1 mytotalsearch.com

127.0.0.1 www.lop.com

127.0.0.1 lop.com

127.0.0.1 www.websearch.com

127.0.0.1 websearch.com

127.0.0.1 www.page-not-found.net

127.0.0.1 page-not-found.net

127.0.0.1 www.isearchhere.com

127.0.0.1 isearchhere.com

127.0.0.1 as.adwave.com

127.0.0.1 sr.adwave.com

127.0.0.1 www.adwave.com

30 more lines...

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

""= File not found

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"F-Secure Manager"="C:\Program\com hem security\Common\FSM32.EXE" /splash (F-Secure Corporation)

"F-Secure TNB"="C:\Program\com hem security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"LogitechCommunicationsManager"="C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" (Logitech Inc.)

"LogitechQuickCamRibbon"="C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide ()

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" -atboottime (Apple Inc.)

"smapp"=C:\Program\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)

"snpstd"=C:\WINDOWS\vsnpstd.exe ()

"Sony Ericsson PC Suite"="C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions (Sony Ericsson Mobile Communications AB)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"=C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

"Skype"="C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized File not found

"Steam"="C:\Program\Steam\Steam.exe" -silent (Valve Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"okrw"=C:\Program\DELADE~1\okrw\okrwm.exe File not found

"services32"=C:\Program\Delade filer\Windows\mc-110-12-0000141.exe File not found

"Sy21dsgate Personal Firewall"=playboy1.exe File not found

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

"okrw"=C:\Program\DELADE~1\okrw\okrwm.exe File not found

"services32"=C:\Program\Delade filer\Windows\mc-110-12-0000141.exe File not found

"Sy21dsgate Personal Firewall"=playboy1.exe File not found

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"=C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

"msnmsgr"="C:\Program\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)

"Skype"="C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized File not found

"Steam"="C:\Program\Steam\Steam.exe" -silent (Valve Corporation)

 

========== (O4) Startup Folders ==========

 

[2004-08-20 13:58:24 | 00,634,880 | ---- | M] (STOIK Imaging (www.stoik.com)) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Digimax Viewer 2.1.lnk = C:\Program\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

[2007-08-12 11:22:10 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[2000-01-21 09:15:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

[2006-06-29 11:22:06 | 00,438,272 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Blogga detta -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Blogga detta i Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)

{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2008-08-28 16:45:34 | 00,603,416 | ---- | M] (PokerStars)

{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9}: Button: Betway.com Poker -- %ProgramFiles%\Betway\Poker\MPPoker.exe [2008-03-12 14:40:26 | 00,011,264 | ---- | M] (Microgaming)

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe File not found

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe File not found

{d9288080-1baa-4bc4-9cf8-a92d743db949}: Button: Run IMVU -- %SystemDrive%\Documents and Settings\Jullan\Start-meny\Program\IMVU\Run IMVU.lnk File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006-10-10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} [HKLM] -> %ProgramFiles%\Betway\Poker\MPPoker.exe [betway.com Poker] -> [2008-03-12 14:40:26 | 00,011,264 | ---- | M] (Microgaming)

CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %SystemDrive%\Documents and Settings\Jullan\Start-meny\Program\IMVU\Run IMVU.lnk [Run IMVU] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

 

[HKEY_USERS\S-1-5-21-725345543-1229272821-2147133589-1009\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} [HKLM] -> %ProgramFiles%\Betway\Poker\MPPoker.exe [betway.com Poker] -> [2008-03-12 14:40:26 | 00,011,264 | ---- | M] (Microgaming)

CmdMapping\\{d9288080-1baa-4bc4-9cf8-a92d743db949} [HKLM] -> %SystemDrive%\Documents and Settings\Jullan\Start-meny\Program\IMVU\Run IMVU.lnk [Run IMVU] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

media-motor.net: * in Tillförlitliga platser

73 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

media-motor.net: * in Tillförlitliga platser

73 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

73 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

73 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{02BCC737-B171-4746-94C9-0D8A0B2C0089}: http://office.microsoft.com/templates/ieawsdc.cab -- Microsoft Office Template and Media Control

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab -- Office Genuine Advantage Validation Tool

{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}: http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab -- DjVuCtl Class

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control

{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool

{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www3.snapfish.se/SnapfishActivia.cab -- Snapfish Activia

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{5C051655-FCD5-4969-9182-770EA5AA5565}: http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab -- Solitaire Showdown Class

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}: http://go.divx.com/plugin/DivXBrowserPlugin.cab -- Reg Error: Key does not exist or could not be opened.

{6E5E167B-1566-4316-B27F-0DDAB3484CF7}: http://www.fujidirekt.se/aurigma/ImageUploader4.cab -- Image Uploader Control

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}: http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab -- MsnMessengerSetupDownloadControl Class

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Java Plug-in 1.6.0_06

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab -- Minesweeper Flags Class

{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}: https://betway.microgaming.com/betway/FlashAX2.cab -- Flash Casino Helper Object

{FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}: http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab -- DownloadManagerkontroll

Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

 

========== (O17) DNS Name Servers ==========

 

{19E984D8-039D-4BA8-A476-870E6711AE56} (Servers: | Description: )

{86C83FEB-8220-49CD-9661-E776783488BF} (Servers: | Description: )

{E56DEBDB-FB13-4EBC-9ACF-E354E53C0A38} (Servers: 83.255.245.10,83.255.249.10 | Description: ULi PCI Fast Ethernet Controller)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2006-02-04 10:02:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

Autorun.inf [[autorun] | open=autorun.exe | icon=autorun.exe | Name=AOE III Disk 1 | | shell\setup=&Install Age of Empires III | shell\setup\command=setup.exe | | shell\directx=Install &DirectX 9.0c | shell\directx\command=DirectX9\dxsetup.exe | ]

[2005-08-01 16:44:27 | 00,000,225 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

 

autorun.exe [MZ� | ]

[2005-09-16 20:51:12 | 00,999,424 | R--- | M] (Microsoft Corporation) -- D:\autorun.exe -- [ CDFS ]

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{664ec75f-0d39-11dd-af35-0015f22cc023}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{664ec75f-0d39-11dd-af35-0015f22cc023}\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8122a1b4-a9b7-11dd-afd9-0015f22cc023}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8122a1b4-a9b7-11dd-afd9-0015f22cc023}\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]

""=E:\LaunchU3.exe -- File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009-01-14 00:35:53 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jax\Skrivbord\OTViewIt.exe

[2009-01-13 23:08:28 | 00,001,323 | ---- | C] () -- C:\Documents and Settings\Jax\Skrivbord\HijackThis.lnk

[2009-01-13 23:07:49 | 00,000,000 | ---D | C] -- C:\hjt

[2009-01-13 23:06:41 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jax\Skrivbord\HJTInstall.exe

[2009-01-13 21:51:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jax\Skrivbord\bMap_v1.22

[2009-01-13 21:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jax\Skrivbord\permedit(2)

[2009-01-13 21:23:08 | 00,013,196 | ---- | C] () -- C:\Documents and Settings\Jax\Skrivbord\permedit(2).zip

[2009-01-13 20:46:33 | 00,198,800 | ---- | C] () -- C:\Documents and Settings\Jax\Skrivbord\TyranoReveal7.zip

[2009-01-13 19:49:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jax\Skrivbord\D3SceneMH_FULL(DETECTED)

[2009-01-08 19:23:37 | 00,001,546 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk

[2009-01-08 18:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jax\Skrivbord\d3d8

[2009-01-08 16:42:54 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Ad-Watch.lnk

[2009-01-08 16:42:54 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Ad-Aware.lnk

[2009-01-08 16:42:22 | 00,000,000 | ---D | C] -- C:\Program\Lavasoft

[2009-01-08 16:42:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2008-12-25 22:44:16 | 00,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Fallout Tactics.lnk

[2008-12-25 22:40:27 | 00,000,000 | ---D | C] -- C:\Program\14 Degrees East

[2008-12-15 19:51:21 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm

[2008-12-15 19:51:20 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm

 

========== Files - Modified Within 30 Days ==========

 

[8 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-01-14 00:35:57 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jax\Skrivbord\OTViewIt.exe

[2009-01-13 23:24:15 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\Jax\Mina dokument\Mina delade mappar.lnk

[2009-01-13 23:08:29 | 00,001,323 | ---- | M] () -- C:\Documents and Settings\Jax\Skrivbord\HijackThis.lnk

[2009-01-13 23:06:41 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jax\Skrivbord\HJTInstall.exe

[2009-01-13 22:53:15 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2009-01-13 22:51:29 | 02,108,704 | -H-- | M] () -- C:\Documents and Settings\Jax\Lokala inställningar\Application Data\IconCache.db

[2009-01-13 21:23:10 | 00,013,196 | ---- | M] () -- C:\Documents and Settings\Jax\Skrivbord\permedit(2).zip

[2009-01-13 20:46:34 | 00,198,800 | ---- | M] () -- C:\Documents and Settings\Jax\Skrivbord\TyranoReveal7.zip

[2009-01-13 19:21:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-01-13 19:21:34 | 00,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-01-13 19:21:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-01-13 19:21:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2009-01-08 19:23:37 | 00,001,546 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Mozilla Firefox.lnk

[2009-01-08 16:42:54 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Ad-Watch.lnk

[2009-01-08 16:42:54 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Ad-Aware.lnk

[2009-01-07 16:39:09 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-12-26 00:34:53 | 00,077,312 | ---- | M] () -- C:\Documents and Settings\Jax\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-25 22:44:16 | 00,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Fallout Tactics.lnk

[2008-12-15 19:51:21 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm

[2008-12-15 19:51:20 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

< End of report >[/log]

 

[Cecilia]

[2009-01-13 23:58:46 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.c

ab -- Java Plug-in 1.6.0_11

En hel del av den nya java-versionen har kommit in i alla fall ser det ut som.

 

I Windows-brandväggen så finns det diverse program som inte finns längre i datorn, det kan ju vara lämpligt att ta bort dem:

Teamspeak2, BitLord, Ventrilo, WoW, Slaget om Midgård, Soulseek, Dawn of War

 

Internet Explorer - Internetalternativ - Avancerat

Leta upp MS Java och ta bort bocken för den.

 

Enligt loggen så ligger media-motor.net i Tillförlitliga platser för Default-användaren och för en annan användare (S-1-5-18), det är en skadlig webbplats.

 

Skanna med HijackThis och bocka för:

 

[log]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O1 - Hosts: 66.98.148.65 auto.search.msn.com

O1 - Hosts: 66.98.148.65 auto.search.msn.es

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKUS\S-1-5-18\..\Run: [okrw] C:\Program\DELADE~1\okrw\okrwm.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [sy21dsgate Personal Firewall] playboy1.exe (User 'SYSTEM')

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jullan\Start-meny\Program\IMVU\Run IMVU.lnk (file missing)[/log]

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Eftersom det finns flera användarkonton på datorn så kan det vara bäst med en HijackThis-logg från varje konto.

 

[jonathan_3]

sådär, var borta ett par dagar, men har fixat med hjt.

 

Den nya loggen så är filerna borta, dock så finns det 2 st java filer som (file missing)

 

ska man göra något åt det?

 

vet inte om du menade att ja skulle kolla om det var lika eller om du ville ha alla logar ^-^

men här får du de, såg att det var något program som inte fanns på de andra, även någon (no file) på 'URLSearchHook'

men de kanske inte är farligt

 

Konto 1;

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:52:32, on 2009-01-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\com hem security\Anti-Virus\fsgk32st.exe

C:\Program\com hem security\Anti-Virus\FSGK32.EXE

C:\Program\com hem security\Common\FSMA32.EXE

C:\WINDOWS\Explorer.EXE

C:\Program\com hem security\Common\FSMB32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\com hem security\Common\FCH32.EXE

C:\Program\com hem security\Common\FAMEH32.EXE

C:\Program\com hem security\Anti-Virus\fsqh.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\vsnpstd.exe

C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\com hem security\Common\FSM32.EXE

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Steam\Steam.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\com hem security\FSAUA\program\fsaua.exe

C:\Program\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\com hem security\FWES\Program\fsdfwd.exe

C:\Program\com hem security\Anti-Virus\fssm32.exe

C:\Program\Delade filer\Teleca Shared\CapabilityManager.exe

C:\Program\com hem security\FSGUI\fsguidll.exe

C:\Program\com hem security\FSAUA\program\fsus.exe

C:\Program\Delade filer\LogiShrd\LComMgr\LVComSX.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Teleca Shared\Generic.exe

C:\Program\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program\com hem security\Anti-Virus\fsav32.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\com hem security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\com hem security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab'>http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab'>http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204'>http://go.microsoft.com/fwlink/?linkid=39204'>http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.se/SnapfishActivia.cab'>http://www3.snapfish.se/SnapfishActivia.cab'>http://www3.snapfish.se/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab'>http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab'>http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab'>http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab'>http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab'>http://go.divx.com/plugin/DivXBrowserPlugin.cab'>http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader4.cab'>http://www.fujidirekt.se/aurigma/ImageUploader4.cab'>http://www.fujidirekt.se/aurigma/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab'>http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab'>http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab'>http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab'>http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab'>http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://betway.microgaming.com/betway/FlashAX2.cab'>https://betway.microgaming.com/betway/FlashAX2.cab'>https://betway.microgaming.com/betway/FlashAX2.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManagerkontroll) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab'>http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab'>http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E56DEBDB-FB13-4EBC-9ACF-E354E53C0A38}: NameServer = 83.255.245.10,83.255.249.10

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\com hem security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\com hem security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\com hem security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\com hem security\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10242 bytes[/log]

 

Konto 2;

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:06:09, on 2009-01-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\com hem security\Anti-Virus\fsgk32st.exe

C:\Program\com hem security\Anti-Virus\FSGK32.EXE

C:\Program\com hem security\Common\FSMA32.EXE

C:\Program\com hem security\Common\FSMB32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\com hem security\Common\FCH32.EXE

C:\Program\com hem security\Common\FAMEH32.EXE

C:\Program\com hem security\Anti-Virus\fsqh.exe

C:\Program\com hem security\FSAUA\program\fsaua.exe

C:\Program\com hem security\FWES\Program\fsdfwd.exe

C:\Program\com hem security\Anti-Virus\fssm32.exe

C:\Program\com hem security\FSAUA\program\fsus.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\com hem security\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\vsnpstd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\com hem security\Common\FSM32.EXE

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\com hem security\FSGUI\fsguidll.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superstart.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.se/0SESVSE/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\com hem security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\com hem security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-725345543-1229272821-2147133589-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jax')

O4 - HKUS\S-1-5-21-725345543-1229272821-2147133589-1009\..\Run: [skype] "C:\Program\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Jax')

O4 - HKUS\S-1-5-21-725345543-1229272821-2147133589-1009\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Jax')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: IMVU.lnk = C:\Program\IMVU\IMVUClient.exe

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: *.media-motor.net

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.se/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://betway.microgaming.com/betway/FlashAX2.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManagerkontroll) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E56DEBDB-FB13-4EBC-9ACF-E354E53C0A38}: NameServer = 83.255.245.10,83.255.249.10

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\com hem security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\com hem security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\com hem security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\com hem security\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10424 bytes

[/log]

 

Konto 3;

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:10:56, on 2009-01-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\com hem security\Anti-Virus\fsgk32st.exe

C:\Program\com hem security\Anti-Virus\FSGK32.EXE

C:\Program\com hem security\Common\FSMA32.EXE

C:\Program\com hem security\Common\FSMB32.EXE

C:\Program\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\com hem security\Common\FCH32.EXE

C:\Program\com hem security\Common\FAMEH32.EXE

C:\Program\com hem security\Anti-Virus\fsqh.exe

C:\Program\com hem security\FSAUA\program\fsaua.exe

C:\Program\com hem security\FWES\Program\fsdfwd.exe

C:\Program\com hem security\Anti-Virus\fssm32.exe

C:\Program\com hem security\FSAUA\program\fsus.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\com hem security\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\vsnpstd.exe

C:\Program\QuickTime\qttask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Logitech\QuickCam10\QuickCam10.exe

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\com hem security\Common\FSM32.EXE

C:\Program\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\com hem security\FSGUI\fsguidll.exe

C:\hjt\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://se.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (file missing)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam10\QuickCam10.exe" /hide

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\com hem security\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\com hem security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [smapp] C:\Program\Analog Devices\SoundMAX\SMTray.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-725345543-1229272821-2147133589-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jullan')

O4 - HKUS\S-1-5-21-725345543-1229272821-2147133589-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Jax')

O4 - HKUS\S-1-5-21-725345543-1229272821-2147133589-1009\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'Jax')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: *.media-motor.net

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.se/SnapfishActivia.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujidirekt.se/aurigma/ImageUploader4.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://betway.microgaming.com/betway/FlashAX2.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManagerkontroll) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E56DEBDB-FB13-4EBC-9ACF-E354E53C0A38}: NameServer = 83.255.245.10,83.255.249.10

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program\com hem security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\com hem security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\com hem security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program\com hem security\Common\FSMA32.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program\delade filer\logishrd\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program\WinPcap\rpcapd.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10394 bytes[/log]

 

[jonathan_3]

får inte uppdatera mitt inlägg..

 

men men, jag missade det med brandväggen, använder inte windows brandvägg utan jag kör med f-secure, men det behövs väl ingen ny log när jag tagit bort programmen därifrån?

 

[Cecilia]

Nä, jag behöver inte kolla att du har ändrat i Windows-brandväggen. Bra att du inte använder den utan F-secures i stället.

 

Från konto 3:

Du kan bocka för och fixa följande i HijackThis:

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (file missing)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)

O4 - HKCU\..\Run: [sweetIM] C:\Program\Macrogaming\SweetIM\SweetIM.exe

O15 - Trusted Zone: *.media-motor.net

 

Inget skadligt utan rester efter avinstallationer.

Det borde räcka med att fixa det från det kontot för att det ska bli bra även på de andra.

 

Har du fått ordning på Java-installationen?

Fungerar datorn bra?

 

[jonathan_3]

Sådär ja, nu är det fixat

 

Nu funkar nya java updaten också, innan så kraschade internetfönstret när ja besökte java-sidor, (spel och dyl.) men nu laddar allt som det ska med java.

 

Tack för hjälpen

 

Dock så är ursprungsproblemet fortfarande kvar hehe, att det inte kopplar riktigt mellan olika program, som då Banlist till Wc3, Dll-injection failed kommer det upp, och "maybe another application like fraps or x-fire has already hooked"

men vad jag ser på processer och andra program jag har på datan så hittar jag ingenting som kan göra det, men det gäller inte bara wc3, utan även andra spel så funkar inte dll-injection

 

Tack för att du hjälpte mig fixa bort lite skit från datorn dock

 

[Cecilia]

Tack för alla poäng! :)

 

Det är kanske en säkerhetsfunktion i F-secure, för det låter ju inte normalt att program ska tillåtas att kroka in sig i andra hur som helst. Finns det någon möjlighet att inaktivera vissa säkerhetsfunktioner i F-secure eller tillåta program att göra mer?

 

[jonathan_3]

Nja, skulle väl kunna vara det, men jag har samma virusskydd & brandvägg på en annan dator, och där funkar det problemfritt med hook'sen

Skillnaden är det ena från telia och denna från com hem

 

Får väl kanske testa och stänga av brandväggen lr så lite kort medan jag startar programmen för att se, men hinner inte just nu.

 

Kollade runt en del för att se hur folk löste problem, men hittade vara folk som använde sig av vista och då körde man programmen med administratörsrättigheter eller vad de nu heter, men så hittade jag ett program som ger processer tillgång till allt, dvs, de får sätta sig in i andra program, men det funkade inte heller (och nej, det var inget virus eller något med, kollade noga), och jag har själv administratörskonto, både på datorn det funkar och denna där det inte funkar.

 

Så någonstans är det fel i datorn känns det som =/

 

[Cecilia]

Nja, skulle väl kunna vara det, men jag har samma virusskydd & brandvägg på en annan dator, och där funkar det problemfritt med hook'sen

Skillnaden är det ena från telia och denna från com hem

Samma programversion?

 

[/Thomas]

Hej!

 

Du behöver nog konfigurera ditt virusskydd korrekt...

 

[log]Högerklicka på den blå skölden vid klockan,

Välj "Öppna F-secure ...."

Klicka på "länken" "Avancerat"

 

Öppna "Virusskydd & SpionProgram"

välja "ändra" och ändra "Val av virus & spionskyddsnivå" till Anpassad!

 

Klicka på "Realtidsgenomsökning"

Se till att realtidsavsökningen är AKTIVERAD!

Välj "Avsök ALLA FILER" (dvs. avsöker alla FilTyper)

Markera "Sök efter spionprogram"

Om du har många komprimerade filer (typ filmer etc.) välj då att ange de komprimerade filernas filändelser som "Undantag"

 

från realtidsavsökningen, vilket minskar datorns belastning

Markera "Sök igenom webbtrafik"

 

Under "åtgärder" välj:

När virus hittas = "Ta bort automatiskt" (Varför behålla nya smittade filer)

När spionprogram hittas= "Ta bort automatiskt" (Varför behålla nya spionprogram!)

 

Välj även att blockera Spårningscookies

samt att visa meddelande vid genomsökning av webbtrafik

 

Gå därefter till Manuell genomsökning

Upprepa ovan Men AKTIVERA GENOMSÖKNING AV ALLA KOMPRIMERADE FILER (=inga undantag)

 

Gå därefter till E-postgenomsökning

Aktivera genomsökning av såväl inkommande som utgående e-post

Välj att genomsöka ALLA bilagor och genomsök komprimerade filer

 

Ange åtgärder:

Välj att bekämpa inkommande angripna bilagor

Blockera utgående angripna bilagor

samt lämna blockerad e-post i utkorgen

Visa givetvis ev. rapport!

 

Aktivera schemalagd genomsökning

varje "Valfri veckodag" varje vecka när datorn varit inaktiv i 15minuter

 

Aktivera även ev. Webbläsarkontroll + ev. systemkontroll (systemstartsändringar samt kritiska systemändringar)[/log]

 

Om den smittade filen finns i "System restore" se:

http://support.f-secure.se/swe/corporate/virusproblem/howtoclean/cleansystemrestore.shtml för en detaljerad beskrivning av hur du då går tillväga..

 

Notera dock att det bästa skyddet mot alla typer av angrepp är att ALDRIG logga in med administrativt konto utan istället ALLTID logga alltid in med "begränsat konto" och vid behov använda "Shift" och högerklick samt "Kör som.." för att köra programinstallationer osv. med administrativa behörigheter.

Helst bör man även kombinera detta med att förstärka windows grundsäkerhetsinställningar t.ex. genom att installera via

www.WinGuider.se, som både optimerar prestandan och kraftigt förstärker säkerheten och samtidigt gör att du kan logga in som

användare helt utan problem!

 

EDIT: Gör även en kontroll av datorn som visar ifall du har fler sårbara program som behöver uppdateras, via F-secure HealthCheck:

http://support.f-secure.com/enu/home/onlineservices/fshc.shtml

 

 

/Thomas

Få ut maximalt av datorns prestanda samt slipp ideliga rensningar, ominstallationer & problem! Se http://www.WinGuider.se för gratis installationsanvisningar. Endast för XP Pro

[inlägget ändrat 2009-01-16 16:26:10 av /Thomas]

 

Lagt till LOG-taggar efter anmälan om att inlägget är irriterande långt för alla som inte är intresserade av antiviruskonfigurering för ett visst antivirusprogram.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-01-16 17:31:01 av Cecilia]

[jonathan_3]

Har inte tillgång till den andra datorn för tillfället, på en annan plats.

Men båda är uppdaterade till senaste så skulle tro att det är samma version, har även samma inställningar på båda så jag tvivlar starkt på att det är inställningar som Thomas förklarade, tack ändå.

 

Antagligen har det heller inget med portar att göra i brandvägg osv, eftersom dessa programmen ska bara gå genom datorn till andra program.

 

Ska kolla lite nu om jag stänger av brandvägg osv och se om det funkar, tvivlar dock, har för mig att jag testade för ett tag sedan, men man vet aldrig, Plötsligt händer det!

 

[Cecilia]

Nä, själva brandväggen tror jag inte är inblandad, utan det brukar vara andra delar som övervakar vad processerna har för sig så de inte beter sig skumt, och att försöka hooka in sig i någon annan process är ju typiskt något som kan uppfattas som skumt. Skulle kunna vara en del av det som kallas för DeepGuard:

http://www.f-secure.se/estore/internetsecurity2009.html

 

 

[jonathan_3]

Jo ser ut som att det skulle kunna blocka program så, dock så har jag inte DeepGuard med i mitt f-secure.

Tydligen så har jag inte 'senaste' versionen av f-secure, men jag kan inte uppdatera den något mer.

 

Tog bort en del meningslösa program i hopp om att de satt och jäklades med mig, rensade upp en del installationsfiler för program, stängde av brandvägg, och försökte åter igen med att fixa programmet, men samma dumma fel fortfarande.

 

Tror jag ger upp nu, det vill sig helt enkelt inte.