Just nu i M3-nätverket
Jump to content

Behöver hjälp med att få bort virus/Skadligt program


muggeby

Recommended Posts

Hej.

Nu har jag fått något som inte är bra i min dator.

Jag har scannat och 7 objekt las i karantän som jag tog bort.

Har kört window Defender och telia Säker Surf.

Det som hittats tog bort men det öppnas hela tiden nya fönster med reklam och annat.

 

Jag hade SuperAntiSpyware men det slutade fungera och det går inte installera igen.

 

Har efter mycket strul lyckats få till en Hijackthis log.

 

finns det någon som kan hjälpa mej?

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:45:28, on 2009-01-20

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\FSGK32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMB32.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FCH32.EXE

C:\WINDOWS\system32\PSIService.exe

c:\Program\Delade filer\Protexis\License Service\PsiService_2.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FAMEH32.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsqh.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsav32.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE

C:\Program\Windows Defender\MSASCui.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\fsguidll.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\RALINK\Common\RaUI.exe

C:\Program\iPod\bin\iPodService.exe

C:\Documents and Settings\demo\Skrivbord\HJTInstall.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superstart.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://se.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: e-kort Browser Helper Object - {1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} - C:\Program\ekort\Bhoekort.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.2.8.7.dll

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7DB2C2A7-F750-4794-9151-504E130C2F0D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9758ed3c-650c-4acb-8a29-56c6f97c5420} - C:\WINDOWS\system32\wigudozi.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

O2 - BHO: {197e7c81-af0d-f418-6dc4-a35dfffbb2be} - {eb2bbfff-d53a-4cd6-814f-d0fa18c7e791} - C:\WINDOWS\system32\nxdjef.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [pewugayefi] Rundll32.exe "C:\WINDOWS\system32\vuranune.dll",s

O4 - HKLM\..\Run: [64c3d9f7] rundll32.exe "C:\WINDOWS\system32\yayosiyi.dll",b

O4 - HKLM\..\Run: [CPM67f0ea6b] Rundll32.exe "c:\windows\system32\vajoneyo.dll",a

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [pewugayefi] Rundll32.exe "C:\WINDOWS\system32\vuranune.dll",s (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: e-kort - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program\ekort\ekort.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx

O16 - DPF: {5CE72DD0-4695-4D18-A4D3-3367ACD37578} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229892791343

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229892772593

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.gordinegenbok.se/photos/upload/ImageUploader4.cab

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\nukizani.dll nxdjef.dll c:\windows\system32\vajoneyo.dll

O20 - Winlogon Notify: jkkHyXQK - jkkHyXQK.dll (file missing)

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vajoneyo.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vajoneyo.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program\Delade filer\Protexis\License Service\PsiService_2.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

 

--

End of file - 12000 bytes

[/log]

 

Link to comment
Share on other sites

  • Replies 110
  • Created
  • Last Reply

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

(Om det inte går att ladda ner så säg till.)

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg. [/log]

 

Link to comment
Share on other sites

Jag ser i Hijack-loggen att ddet finns en gammal java-version med

säkerhetshål i datorn.Jag rekommenderar att du laddar hem och

installerar uppdaterad version http://www.java.com/sv/ Avinstallera

sedan den gamla i Kontrollpanelen Lägg till /ta bort program

 

 

[inlägget ändrat 2009-01-20 18:59:38 av Brynäsarn]

Link to comment
Share on other sites

Jag har lyckats ladda ner och installera Malware MBAM men det går inte öppna programmet. Något är helfel i datorn. Det händer inget om jag dubbelklickar, inte heller när jag skulle installera. Jag fick högerklicka och köra som och dör välja adimistratör men nu när jag ska öppna programmet så händer det inget sedan.

 

Provar nu avinstallera och välja den andra länken du hade skrivit.

 

Link to comment
Share on other sites

Starta Enhetshanteraren på det här viset:

 

Start - Program - Tillbehör - Kommandotolken

Skriv:

set DEVMGR_SHOW_DETAILS=1

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

start devmgmt.msc

 

och välj att visa Dolda enheter i Visa-menyn. Leta efter Tdssserv.

XP: Högerklicka på den och välj Inaktivera

Vista: Högerklicka på den och välj Egenskaper. I det nya fönstret välj fliken Drivrutiner och där sätt Autostart till Inaktiverad.

Starta om datorn.

 

Se om det nu går att köra MBAM.

 

Link to comment
Share on other sites

Nu har jag kommit så långt att jag har valt att visa Dolda enheter i Visa-menyn men det finns inget Tdssserv.

XP... Jag har lusletat 2 ggr nu men det finns inte.

kan det heta något annat? (jag har klickat in mej på alla + och letat

 

Link to comment
Share on other sites

Det är kanske någon ny variant med annat namn än det har varit senaste månaden eller också något helt annat. Försök med det här:

Ladda ner SDFix till Skrivbordet:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Dubbelklicka på SDFix.exe och en ny mapp skapas, C:\SDFix.

 

[log]Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Öppna den nya mappen C:\SDFix och dubbelklicka på RunThis.bat för att starta programmet.

Tryck OK och senare Y följt av Enter för att fortsätta.

Det arbetar ett tag och när det är klart så kommer det upp en fråga om du vill starta om datorn.

Tryck på godtycklig tangent för att omstarten ska påbörjas.

Datorn kommer att ta lång tid på sig under uppstarten eftersom programmet kommer att gå igång och fixa till en massa.

När det är klart visas Finished.

Tryck på valfri tangent för att avsluta programmet.

 

Om SDFix inte startar automatiskt efter omstarten av datorn så startar du Runthis.bat som förut men trycker F i stället för Y.

 

Om loggen inte kommer upp automatiskt så öppna mappen SDFix och öppna filen Report.txt i Anteckningar.

Klistra in innehållet i loggen i ditt svar här.[/log]

 

Link to comment
Share on other sites

Sådär då har jag kört SDFix och här nedan är loggen.

Det kommer upp varning att jag har spyware i min dator från något som heter Antivirus 2009 som vill att jag ska ladda ner något.

Jag avbryter hela tiden med krysset men det börjar scanna någon sec innan jag hinner få ner. Nya tomma sidor öppnas i FF oxå.

 

[log]

SDFix: Version 1.240

Run by demo on 2009-01-20 at 23:35

 

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\Documents and Settings\demo\Skrivbord\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\169055~1 - Deleted

C:\DOCUME~1\demo\LOKALA~1\Temp\TMP23.tmp - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-21 00:05:15

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

disk error: C:\WINDOWS\system32\config\system, 0

scanning hidden registry entries ...

 

disk error: C:\WINDOWS\system32\config\software, 0

disk error: C:\Documents and Settings\demo\ntuser.dat, 0

scanning hidden files ...

 

disk error: C:\WINDOWS

please note that you need administrator rights to perform deep scan

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\\Program\\LimeWire\\LimeWire.exe"="C:\\Program\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\Pando Networks\\Pando\\pando.exe"="C:\\Program\\Pando Networks\\Pando\\pando.exe:*:Enabled:Pando Application"

"C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"="C:\\Program\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\\Program\\Bonjour\\mDNSResponder.exe"="C:\\Program\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program\\INCREDIMAIL\\bin\\IMApp.exe"="C:\\Program\\INCREDIMAIL\\bin\\IMApp.exe:*:Enabled:IncrediMail"

"C:\\Program\\INCREDIMAIL\\bin\\IncMail.exe"="C:\\Program\\INCREDIMAIL\\bin\\IncMail.exe:*:Enabled:IncrediMail"

"C:\\Program\\INCREDIMAIL\\bin\\ImpCnt.exe"="C:\\Program\\INCREDIMAIL\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Enabled:Explorer"

"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"

"C:\\Program\\Telia\\Supportassistent\\bin\\sprtsvc.exe"="C:\\Program\\Telia\\Supportassistent\\bin\\sprtsvc.exe:*:Enabled:sprtsvc"

"C:\\WINDOWS\\system32\\lsass.exe"="C:\\WINDOWS\\system32\\lsass.exe:*:Enabled:lsass"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\DOCUME~1\demo\SKRIVB~1\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Thu 14 Sep 2006 88 ..SH. --- "C:\WINDOWS\system32\9A53DD19E0.sys"

Sun 18 Jan 2009 3,610 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\nukizani.dll"

Tue 20 Jan 2009 133,758 A.SH. --- "C:\WINDOWS\system32\nxdjef.dll"

Tue 20 Jan 2009 133,758 A.SH. --- "C:\WINDOWS\system32\tukuhegu.dll"

Tue 20 Jan 2009 100,598 A.SH. --- "C:\WINDOWS\system32\vajoneyo.dll"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\vuranune.dll"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\wigudozi.dll"

Tue 20 Jan 2009 87,286 A.SH. --- "C:\WINDOWS\system32\yayosiyi.dll"

Sat 13 Dec 2008 8 ..SHR --- "C:\Documents and Settings\All Users\Application Data\8F17593C1D.sys"

Mon 15 Dec 2008 2,516 A.SH. --- "C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys"

Thu 24 Aug 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Fri 23 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

 

Finished!

 

[/log]

 

Link to comment
Share on other sites

Har gjort som du sa men det fanns flera installerade

 

Om du har fler gamla java-versioner i Kontrollpanelen Lägg till/

ta bort program,avinstallera dem eftersom dom innehåller

säkerhetshål.

 

Link to comment
Share on other sites

Tog bort dom och sparade bara den senaste. Detta med Java är en historia för sig för det uppdaterar och jag har inte en aning om vad som inte ska uppdateras eller inte. Men jag får som tur är reda på det här inne. Tack

 

Link to comment
Share on other sites

Antivirus 2009 är ett skadligt program som ska bort, troligen bäst med MBAM om det bara kommer igång.

 

Se om du kan hitta 9A53DD19E0 i Enhetshanteraren (startad som tidigare) och inaktivera den, och samma sak med 8F17593C1D.

 

Kör SDFix som förut i felsäkert läge, men högerklicka på RunThis.bat och välj Kör som administratör så får vi se om SDFix kan göra lite mer.

Sedan kan du provköra MBAM i felsäkert läge också, och eventuellt med Kör som administratör också.

 

Link to comment
Share on other sites

menar du att jag ska köra via komandotolken?

Jag har provat köra MBAM i felsäkert läge men inget jag gör kan öppna det programmet. Nu använder jag IE7 för FF eller Opera kan inte användas, det bara ploppar upp sidor.

 

Jag hittade något i Autostart under Systemkonfiguration som jag tror är något galet.

 

NASEHOGI Rundll32.exe

vuranune rundll32.exe

zafufovi rundll32.exe

 

 

[inlägget ändrat 2009-01-21 01:37:10 av muggeby]

1116717_thumb.jpg

Link to comment
Share on other sites

menar du att jag ska köra via komandotolken?
Jag vet inte, det kanske behövs för att köra som administratör på bat-fil. I så fall högerklicka på Kommandotolken i Startmenyn och välj Kör som administratör och så kör RunThis därifrån.

 

Jo, de tre filerna är en del av infektionen. Du kan se om det möjligen går att ta bort de filerna i felsäkert läge eller om det går att stänga dem från Aktivitetshanteraren (om den kommer igång). Det finns några filer till som syns i SDFix-loggen:

--- 63,571 A.SH. --- "C:\WINDOWS\system32\nukizani.dll"

Tue 20 Jan 2009 133,758 A.SH. --- "C:\WINDOWS\system32\nxdjef.dll"

Tue 20 Jan 2009 133,758 A.SH. --- "C:\WINDOWS\system32\tukuhegu.dll"

Tue 20 Jan 2009 100,598 A.SH. --- "C:\WINDOWS\system32\vajoneyo.dll"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\vuranune.dll"

--- 63,571 A.SH. --- "C:\WINDOWS\system32\wigudozi.dll"

Tue 20 Jan 2009 87,286 A.SH. --- "C:\WINDOWS\system32\yayosiyi.dll"

 

De skadliga filerna har ändrat så att du inte har fullständiga administratörsrättigheter i datorn.

 

Link to comment
Share on other sites

det här låter då inte bra.

Jag sitter just och tittar i Aktivitetshanterren och där finns lustiga namn som jag inte känner igen men är ytterst osäker.

Jag har provat att söka på dom men en del hittar inget.

 

Inget av dom som du hittat finns i Aktivitetshanteraren.

 

Jag har ju inte en aning vad dom kan heta men dom jag undrar över heter

 

Jag skriver av alla som finns så får du se:

 

taskmgr.exe

OBroker.exe

iexplore.exe

fsav32.exe

fsus.exe

fsguidll.exe

ctfmon.exe

rundll32.exe

WLLoginProxy.exe

QTTask.exe

MSASCui.exe

gnotify.exe

FSM32.exe

VTTimer.exe

jusched.exe

alg.exe

fsdfwd.exe

fsorsp.exe

fssm32.exe

fsaua.exe

FAMEH32.exe

PsiService_2.exe

PSIService.exe

HPZipm12.exe

FCH32.exe

MDM.exe

jqs.exe

svchost.exe

FSMB32.exe

fsgk32.exe

mDNSResponder.exe

AppleMobileDeviceService.exe

spoolsv.exe

svchost.exe

svchost.exe

RaUI.exe

svchost.exe

svchost.exe

MsMpEng.exe

svchost.exe

svchost.exe

Iass.exe

service.exe

wmpnetwk.exe

winlogon.exe

csrss.exe

explorer.exe

smss.exe

svchost.exe

sprtsvc.exe

fsqh.exe

System

Systemets vänteprosess

 

Provade nu at köra som adimistratör i komandotolken men det kommer up att ag inte har prvilegie att göra det.

 

Så det går inte det heller.

Sjutton, ska detta inte gå att fixa? Blir lite orolig nu

 

 

 

 

 

 

 

 

 

 

[inlägget ändrat 2009-01-21 02:27:11 av muggeby]

Link to comment
Share on other sites

så vitt jag kan se så är det inga skadliga program där i listan.

 

Pröva med det här programmet:

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar (kom ihåg LOG-knappen). Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Men nu går jag och lägger mig.

 

Link to comment
Share on other sites

God morgon igen.

Laddade ner Combofix, men det går inte starta

 

Jag undrar en sak: När jag öppnar CCleaner så kan jag via knappen "uppstart" där inne hitta :

 

CPM67f0ea6b Rundll32.exe "c:\windows\system32\nazehogi.dll",a

pewugayefi Rundll32.exe "C:\WINDOWS\system32\vuranune.dll",s

 

Det går att Avaktivera eller välja Ta bort nyckel.

Är det något jag kan göra om det är dessa 2 skadliga filer???

[inlägget ändrat 2009-01-21 09:34:30 av muggeby]

Link to comment
Share on other sites

Ja, det är två skadliga filer. Om det går att avaktivera så är det bra.

 

Du måste ställa in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

för att kunna hitta de skadliga filerna för de är markerade som både dolda filer och operativsystemfiler.

Det kan också vara så att de byter namn när du startar om datorn, men de som SDFix består av filnamn som är 6 eller 8 tecken långa och helt slumpmässiga.

 

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

OTViewlt.txt

 

[log]OTViewIt logfile created on: 2009-01-21 12:18:47 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\demo\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

959,48 Mb Total Physical Memory | 504,86 Mb Available Physical Memory | 52,62% Memory free

1,51 Gb Paging File | 0,88 Gb Available in Paging File | 58,51% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 233,75 Gb Total Space | 139,68 Gb Free Space | 59,76% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ÅSA

Current User Name: demo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MsMpEng.exe

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2008-09-23 14:35:14 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe

[2008-09-23 14:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE

[2009-01-16 18:52:59 | 00,440,448 | ---- | M] (F-Secure Corp.) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32.exe

[2009-01-20 19:31:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7Debug\MDM.EXE

[2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[2006-12-12 13:10:10 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

[2007-07-24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program\Delade filer\Protexis\License Service\PsiService_2.exe

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe

[2009-01-16 18:53:00 | 00,519,816 | ---- | M] (F-Secure Corp.) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fssm32.exe

[2005-03-07 20:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MSASCui.exe

[2005-07-29 16:56:54 | 00,598,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Program\RALINK\Common\RaUI.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2008-09-23 14:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe

[2008-09-23 14:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FWES\program\fsdfwd.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

[2008-10-15 08:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2007-05-10 09:35:50 | 00,102,400 | ---- | M] () -- C:\WINDOWS\system32\OBroker.exe

[2008-09-23 14:37:18 | 00,051,864 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSLAUNCHER0.EXE

[2009-01-21 12:17:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2008-09-23 14:35:14 | 00,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter [Auto | Running])

[2009-01-12 14:16:02 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008-09-23 14:34:32 | 00,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FSAUA\program\fsaua.exe -- (FSAUA [On_Demand | Stopped])

[2008-09-23 14:35:40 | 00,510,560 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\FWES\program\fsdfwd.exe -- (FSDFWD [On_Demand | Stop_Pending])

[2008-09-23 14:37:18 | 00,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\Common\FSMA32.EXE -- (FSMA [Auto | Running])

[2008-09-23 14:37:54 | 00,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\ORSP Client\fsorsp.exe -- (FSORSPClient [On_Demand | Stop_Pending])

File not found -- -- (gusvc [Disabled | Stopped])

[2005-05-20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])

[2004-10-16 05:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])

[2009-01-20 19:31:48 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2003-06-19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7Debug\MDM.EXE -- (MDM [Auto | Running])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [unknown | Running])

[2006-12-12 13:10:10 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])

[2007-07-24 11:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program\Delade filer\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe -- (sprtsvc_telia [Auto | Running])

[2008-10-16 10:07:04 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Auto | Stopped])

[2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

 

========== Driver Services ==========

 

[2006-12-28 12:18:37 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])

[2005-08-19 10:31:52 | 03,644,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2008-09-23 14:35:18 | 00,039,776 | ---- | M] () -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter [Disabled | Stopped])

[2009-01-16 18:53:15 | 00,084,096 | ---- | M] () -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper [On_Demand | Running])

[2008-09-23 14:37:06 | 00,066,720 | ---- | M] (F-Secure Corporation) -- C:\Program\Telia\Telias Sakerhetstjanster\HIPS\drivers\fshs.sys -- (F-Secure HIPS [system | Running])

[2008-09-23 14:35:18 | 00,025,184 | ---- | M] () -- C:\Program\Telia\Telias Sakerhetstjanster\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer [Disabled | Stopped])

[2005-03-18 09:39:04 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV [On_Demand | Stopped])

[2001-08-17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Stopped])

[2008-10-31 10:29:35 | 00,030,856 | ---- | M] () -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts [boot | Running])

[2008-09-23 14:35:38 | 00,079,904 | ---- | M] (F-Secure Corporation) -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW [boot | Running])

[2008-04-13 23:06:42 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx [boot | Running])

[2006-04-13 01:04:39 | 00,049,664 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2006-04-13 01:04:39 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2006-04-13 01:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2005-08-15 10:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv [boot | Running])

[2005-08-15 10:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv [boot | Running])

[2008-04-14 20:11:36 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008-02-18 16:29:16 | 00,096,256 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])

[2007-06-10 23:58:48 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin [On_Demand | Running])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-03-08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2005-07-29 11:44:08 | 00,340,992 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61 [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,090,536 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,122,152 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm [On_Demand | Stopped])

[2008-05-27 10:41:44 | 00,115,496 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt [On_Demand | Stopped])

[2008-05-27 10:41:44 | 00,025,768 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5 [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,111,912 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex [On_Demand | Stopped])

[2008-05-27 10:41:46 | 00,117,672 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic [On_Demand | Stopped])

[2006-05-01 12:16:22 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])

[2006-05-01 12:17:12 | 00,009,360 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])

[2006-05-01 12:17:16 | 00,097,184 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])

[2006-05-01 12:18:04 | 00,088,688 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Emgmt.sys -- (SE2Emgmt [On_Demand | Stopped])

[2006-05-01 12:15:50 | 00,018,704 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2End5.sys -- (se2End5 [On_Demand | Stopped])

[2006-05-01 12:18:54 | 00,086,560 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE2Eobex.sys -- (SE2Eobex [On_Demand | Stopped])

[2006-05-01 12:15:44 | 00,090,800 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se2Eunic.sys -- (se2Eunic [On_Demand | Stopped])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2008-07-06 09:11:37 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2005-06-09 11:30:52 | 00,227,712 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])

[2006-03-13 15:49:54 | 00,060,800 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300bus.sys -- (w300bus [On_Demand | Stopped])

[2006-03-13 15:50:00 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mdfl.sys -- (w300mdfl [On_Demand | Stopped])

[2006-03-13 15:50:02 | 00,096,352 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mdm.sys -- (w300mdm [On_Demand | Stopped])

[2006-03-13 15:50:06 | 00,087,824 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300mgmt.sys -- (w300mgmt [On_Demand | Stopped])

[2006-03-13 15:50:08 | 00,085,696 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w300obex.sys -- (w300obex [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://se.msn.com/

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Secondary Start Pages"=

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchDefaultBranded"=

"Start Page"=http://www.superstart.se/

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"Default_Search_URL"=http://www.google.com/ie

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://www.google.com/search?q=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} (HKLM) -- C:\Program\ekort\Bhoekort.dll (Orbiscom Ltd. All rights reserved.)

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program\BitComet\tools\BitCometBHO_1.2.8.7.dll (BitComet)

{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{7DB2C2A7-F750-4794-9151-504E130C2F0D} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{86c26a60-6194-48d8-9811-1ec35ad844b3} (HKLM) -- C:\WINDOWS\system32\echiuh.dll ()

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{9758ed3c-650c-4acb-8a29-56c6f97c5420} (HKLM) -- C:\WINDOWS\system32\wigudozi.dll ()

{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program\Google\Gmail Notifier\gnotify.exe (Google Inc.)

"CPM67f0ea6b"=Rundll32.exe "c:\windows\system32\nazehogi.dll",a ()

"F-Secure Manager"="C:\Program\Telia\Telias Sakerhetstjanster\Common\FSM32.EXE" /splash (F-Secure Corporation)

"F-Secure TNB"="C:\Program\Telia\Telias Sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)

"pewugayefi"=Rundll32.exe "C:\WINDOWS\system32\vuranune.dll",s ()

"Windows Defender"="C:\Program\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

 

========== (O4) Startup Folders ==========

 

[2005-07-29 16:56:54 | 00,598,016 | ---- | M] (Ralink Technology, Corp.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Ralink Wireless Utility.lnk = C:\Program\RALINK\Common\RaUI.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=255

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=36

"NoDriveAutoRun"=FF FF FF FF [binary data]

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&D&ownload &with BitComet: C:\Program\BitComet\BitComet.exe [2006-06-23 18:00:33 | 03,394,048 | ---- | M] (www.BitComet.com)

&D&ownload all video with BitComet: C:\Program\BitComet\BitComet.exe [2006-06-23 18:00:33 | 03,394,048 | ---- | M] (www.BitComet.com)

&D&ownload all with BitComet: C:\Program\BitComet\BitComet.exe [2006-06-23 18:00:33 | 03,394,048 | ---- | M] (www.BitComet.com)

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

E&xportera till Microsoft Excel: C:\Program\MICROS~2\OFFICE11\EXCEL.EXE File not found

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [2009-01-20 19:31:48 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 09:12:14 | 00,656,696 | ---- | M] (BitComet)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)

{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6}: Button: e-kort -- %ProgramFiles%\ekort\ekort.exe [2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre6\bin\npjpi160_11.dll [sun Java-konsol] -> [2009-01-20 19:31:48 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{300DB664-75B5-47c0-8B45-A44ACCF73C00} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 20:35:14 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

33 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

36 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0000000A-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB -- Reg Error: Key does not exist or could not be opened.

{02BCC737-B171-4746-94C9-0D8A0B2C0089}: http://office.microsoft.com/templates/ieawsdc.cab -- Microsoft Office Template and Media Control

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}: http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab -- QuickTime Object

{149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx -- SpinTop DRM Control

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Reg Error: Key does not exist or could not be opened.

{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool

{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control

{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}: http://www.tvlution.com/KooPlayer.ocx -- KooPlayer Control

{5CE72DD0-4695-4D18-A4D3-3367ACD37578}: http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab -- F-Secure Health Check 1.0

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229892791343 -- WUWebControl Class

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229892772593 -- MUWebControl Class

{6E5E167B-1566-4316-B27F-0DDAB3484CF7}: http://www.gordinegenbok.se/photos/upload/ImageUploader4.cab -- Image Uploader Control

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CC450D71-CC90-424C-8638-1F2DBAC87A54}: -- ArmHelper Control

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}: http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab -- CTAdjust Class

{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}: http://chat.msn.com/controls/msnchat45.cab -- MSN Chat Control 4.5

 

========== (O17) DNS Name Servers ==========

 

{01F61E3A-02B5-4888-A695-A62082B3C9E7} (Servers: | Description: Ralink Turbo Wireless LAN Card)

{02146876-DE64-4D9E-9677-5E6642BB959A} (Servers: | Description: VIA Rhine II Fast Ethernet Adapter)

{07F7F18E-CEDB-4EC1-B8AA-57AF14721DE4} (Servers: | Description: )

{AC3C8547-D8E9-425F-9BD3-B5665985E778} (Servers: | Description: Sony Ericsson Device 046 USB Ethernet Emulation (NDIS 5))

{D96B03E5-B687-4816-AD6D-D4713A31EDAB} (Servers: | Description: Sony Ericsson Device 0017 USB Ethernet Emulation (NDIS 5))

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=C:\WINDOWS\system32\nukizani.dll echiuh.dll c:\windows\system32\nazehogi.dll

>[1601-01-01 01:12:31 | 00,063,571 | -HS- | M] () -- C:\WINDOWS\system32\nukizani.dll

>[2009-01-21 00:06:29 | 00,133,225 | -HS- | M] () -- C:\WINDOWS\system32\echiuh.dll

>[2009-01-21 00:06:29 | 00,100,086 | -HS- | M] () -- c:\WINDOWS\system32\nazehogi.dll

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

jkkHyXQK: "DllName" = jkkHyXQK.dll -- File not found

 

========== (O21) SSODL Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- CLSID or file not found.

"SSODL"={EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} (HKLM) -- c:\WINDOWS\system32\nazehogi.dll ()

 

========== (O22) Shared Task Scheduler ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" (HKLM) = STS -- c:\WINDOWS\system32\nazehogi.dll ()

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program\Windows Defender\MpShHook.dll (Microsoft Corporation)

"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

========== LSA *Authentication Packages* ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=msv1_0,C:\WINDOWS\system32\byXNfFyX,

>File not found --

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2005-01-01 01:54:15 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

File not found -- C:\Documents and Settings\demo\Skrivbord\FW_ VB_ Städning...

[2009-01-21 12:17:20 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\demo\Skrivbord\OTViewIt.exe

[2009-01-21 08:02:09 | 03,048,327 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\demo\Skrivbord\ComboFix.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2009-01-21 01:22:17 | 00,113,940 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\Virus.jpg

[2009-01-21 00:43:47 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-01-21 00:43:47 | 00,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-01-21 00:43:43 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-01-21 00:29:41 | 00,000,423 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Program.lnk

[2009-01-21 00:08:08 | 01,399,263 | -HS- | C] () -- C:\WINDOWS\System32\ivofufaz.ini

[2009-01-21 00:06:30 | 00,133,225 | -HS- | C] () -- C:\WINDOWS\System32\echiuh.dll

[2009-01-20 23:32:52 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009-01-20 22:38:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2009-01-20 22:25:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Skrivbord\SDFix

[2009-01-20 22:09:52 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\SDFix.exe

[2009-01-20 19:25:05 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2009-01-20 19:23:28 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Program\mbam-setup(2).exe

[2009-01-20 19:17:38 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Program\mbam-setup.exe

[2009-01-20 17:45:07 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\HijackThis.lnk

[2009-01-20 17:44:05 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall(2).exe

[2009-01-20 17:34:53 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall.exe

[2009-01-20 16:02:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2009-01-20 12:06:22 | 01,374,353 | -HS- | C] () -- C:\WINDOWS\System32\iyisoyay.ini

[2009-01-20 12:06:20 | 00,133,758 | -HS- | C] (SoftComplete Development) -- C:\WINDOWS\System32\nxdjef.dll

[2009-01-20 11:17:47 | 01,423,596 | -HS- | C] () -- C:\WINDOWS\System32\pjawwjuq.ini

[2009-01-20 11:17:31 | 01,423,596 | -HS- | C] () -- C:\WINDOWS\System32\fsajnqxj.ini

[2009-01-20 11:16:39 | 01,126,294 | -HS- | C] () -- C:\WINDOWS\System32\XyFfNXyb.ini2

[2009-01-20 11:16:39 | 01,126,007 | -HS- | C] () -- C:\WINDOWS\System32\XyFfNXyb.ini

[2009-01-20 11:01:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Application Data\cogad

[2009-01-20 11:00:59 | 00,000,314 | ---- | C] () -- C:\WINDOWS\tasks\uhfwqauh.job

[2009-01-20 11:00:57 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\wvUoMcaa.dll

[2009-01-20 10:54:46 | 00,000,000 | ---D | C] -- C:\Program\INCREDIMAIL

[2009-01-17 19:34:09 | 00,000,043 | ---- | C] () -- C:\WINDOWS\System32\screenSaver.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\sound.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\nFrame.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\JkmFile.tra

[2009-01-17 19:34:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\files.tra

[2009-01-17 17:44:23 | 00,000,000 | ---D | C] -- C:\Program\3D Sea Aquarium

[2009-01-17 13:48:45 | 02,910,208 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\31 - Various Artists - Lutricia McNeal - Perfect Love.mp3

[2009-01-13 14:41:29 | 00,000,000 | ---D | C] -- C:\Program\QuickTime

[2009-01-13 14:38:12 | 00,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-01-13 14:38:02 | 00,000,000 | ---D | C] -- C:\Program\Apple Software Update

[2009-01-12 14:25:31 | 00,000,000 | ---D | C] -- C:\Program\Bonjour

[2009-01-12 14:16:02 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Macrovision Shared

[2009-01-12 07:51:32 | 00,792,197 | ---- | C] () -- C:\Program\MozBackup-1.4.8-EN.exe

[2009-01-11 13:17:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Mina dokument\Media Now

[2009-01-03 15:43:19 | 00,000,478 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Mina Filmer.lnk

[2008-12-29 18:15:11 | 00,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2008-12-28 15:53:08 | 00,000,000 | ---D | C] -- C:\SWEDEK

[2008-12-27 13:24:32 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008-12-27 13:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\demo\Application Data\skypePM

[2008-12-27 13:23:07 | 00,000,000 | ---D | C] -- C:\Program\Skype

[2008-12-27 13:23:05 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Skype

[2008-12-27 13:21:24 | 22,260,008 | ---- | C] (Skype Technologies S.A.) -- C:\Program\SkypeSetup.exe

[2008-12-22 21:12:01 | 00,000,000 | ---D | C] -- C:\Program\Uppdaterade program

[2008-12-22 21:03:19 | 00,000,000 | ---D | C] -- C:\Downloads

[2008-12-22 20:03:11 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\demo\Skrivbord\Utforskaren.lnk

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

File not found -- C:\Documents and Settings\demo\Skrivbord\FW_ VB_ Städning...

[2009-01-21 12:17:28 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\demo\Skrivbord\OTViewIt.exe

[2009-01-21 12:00:01 | 00,000,314 | ---- | M] () -- C:\WINDOWS\tasks\uhfwqauh.job

[2009-01-21 09:13:17 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tumupopo

[2009-01-21 08:41:15 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009-01-21 08:18:40 | 00,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009-01-21 08:02:20 | 03,048,327 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\ComboFix.exe

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\demo\Skrivbord\ComboFix.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

[2009-01-21 07:59:24 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-01-21 07:58:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-01-21 07:58:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-01-21 07:55:11 | 00,000,898 | ---- | M] () -- C:\WINDOWS\win.ini

[2009-01-21 07:55:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-01-21 07:55:11 | 00,000,211 | -HS- | M] () -- C:\boot.ini

[2009-01-21 07:50:01 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-01-21 01:44:11 | 01,399,263 | -HS- | M] () -- C:\WINDOWS\System32\ivofufaz.ini

[2009-01-21 01:22:17 | 00,113,940 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\Virus.jpg

[2009-01-21 01:00:22 | 00,000,570 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job

[2009-01-21 00:43:47 | 00,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-01-21 00:29:41 | 00,000,423 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Program.lnk

[2009-01-21 00:20:27 | 00,000,631 | ---- | M] () -- C:\Documents and Settings\demo\Mina dokument\Mina delade mappar.lnk

[2009-01-21 00:06:29 | 00,133,225 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\kodesalo.dll

[2009-01-21 00:06:29 | 00,133,225 | -HS- | M] () -- C:\WINDOWS\System32\echiuh.dll

[2009-01-21 00:06:29 | 00,100,086 | -HS- | M] () -- C:\WINDOWS\System32\nazehogi.dll

[2009-01-21 00:06:28 | 00,087,227 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\zafufovi.dll

[2009-01-20 23:39:33 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2009-01-20 23:32:52 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll

[2009-01-20 22:09:56 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\SDFix.exe

[2009-01-20 17:45:07 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\HijackThis.lnk

[2009-01-20 17:44:08 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall(2).exe

[2009-01-20 17:41:21 | 00,133,144 | ---- | M] () -- C:\Documents and Settings\demo\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2009-01-20 17:40:49 | 01,737,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009-01-20 17:34:54 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\demo\Skrivbord\HJTInstall.exe

[2009-01-20 17:31:30 | 01,374,353 | -HS- | M] () -- C:\WINDOWS\System32\iyisoyay.ini

[2009-01-20 12:15:09 | 00,000,043 | ---- | M] () -- C:\WINDOWS\System32\screenSaver.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\sound.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\nFrame.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\JkmFile.tra

[2009-01-20 12:15:09 | 00,000,026 | ---- | M] () -- C:\WINDOWS\System32\files.tra

[2009-01-20 12:06:19 | 00,100,598 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\vajoneyo.dll

[2009-01-20 12:06:18 | 00,133,758 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\tukuhegu.dll

[2009-01-20 12:06:18 | 00,133,758 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\nxdjef.dll

[2009-01-20 12:06:18 | 00,087,286 | -HS- | M] (SoftComplete Development) -- C:\WINDOWS\System32\yayosiyi.dll

[2009-01-20 11:25:09 | 01,126,007 | -HS- | M] () -- C:\WINDOWS\System32\XyFfNXyb.ini

[2009-01-20 11:24:14 | 01,126,294 | -HS- | M] () -- C:\WINDOWS\System32\XyFfNXyb.ini2

[2009-01-20 11:17:52 | 01,423,596 | -HS- | M] () -- C:\WINDOWS\System32\pjawwjuq.ini

[2009-01-20 11:17:38 | 01,423,596 | -HS- | M] () -- C:\WINDOWS\System32\fsajnqxj.ini

[2009-01-20 11:00:57 | 00,047,104 | ---- | M] () -- C:\WINDOWS\System32\wvUoMcaa.dll

[2009-01-18 21:37:34 | 00,003,610 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009-01-17 13:56:02 | 02,910,208 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\31 - Various Artists - Lutricia McNeal - Perfect Love.mp3

[2009-01-14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-01-14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-01-07 22:47:04 | 00,296,448 | ---- | M] () -- C:\WINDOWS\Xenofex.ini

[2009-01-03 15:43:19 | 00,000,478 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\Genväg till Mina Filmer.lnk

[2008-12-27 13:24:32 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2008-12-22 20:03:11 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\demo\Skrivbord\Utforskaren.lnk

< End of report >

[/log]

 

 

Extras.Txt

 

 

 

[log]OTViewIt Extras logfile created on: 2009-01-21 12:18:47 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\demo\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

959,48 Mb Total Physical Memory | 504,86 Mb Available Physical Memory | 52,62% Memory free

1,51 Gb Paging File | 0,88 Gb Available in Paging File | 58,51% Paging File free

Paging file location(s): C:\pagefile.sys 672 1344;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 233,75 Gb Total Space | 139,68 Gb Free Space | 59,76% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ÅSA

Current User Name: demo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=1

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DisableNotifications"=0

"DoNotAllowExceptions"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-04-14 20:35:20 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-01-19 12:55:22 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

File not found -- C:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire

[2008-04-13 23:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-04-14 20:35:20 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application

[2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 05:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008-04-16 15:40:02 | 01,361,152 | ---- | M] (Sony Creative Software Inc.) -- C:\Program\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2

[2007-01-19 12:55:22 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1

[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[2006-02-17 00:19:34 | 00,192,512 | ---- | M] () -- C:\Program\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe

[2006-02-16 22:49:52 | 01,085,440 | R--- | M] (Hewlett-Packard) -- C:\Program\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe

[2006-02-19 05:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

File not found -- C:\Program\INCREDIMAIL\bin\IMApp.exe:*:Enabled:IncrediMail

File not found -- C:\Program\INCREDIMAIL\bin\IncMail.exe:*:Enabled:IncrediMail

File not found -- C:\Program\INCREDIMAIL\bin\ImpCnt.exe:*:Enabled:IncrediMail

[2008-04-14 20:35:08 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Enabled:Explorer

[2008-11-18 16:31:04 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype

[2008-04-14 20:35:24 | 00,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe:*:Enabled:sprtsvc

[2008-04-14 20:35:12 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\Program\Telia\Telias Sakerhetstjanster\FSPS\program\fslsp.dll (F-Secure Corporation)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

ipp: [HKLM - No CLSID value]

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2007-01-19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

msdaipp: [HKLM - No CLSID value]

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[2006-10-26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[2007-01-19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[2008-11-18 16:31:04 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program\Delade filer\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [iEProtocolHandler Class])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}"=CorelDRAW® Graphics Suite X4

"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}"=CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=Google Gmail Notifier

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{17014473-0098-4DF0-827D-7D582697C78C}"=Microsoft .NET Framework 2.0 Language Pack - SVE

"{174D5678-D941-433C-BD23-58A5C7B0D36D}"=Jasc Animation Shop 3

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3

"{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}"=Windows Live Messenger

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}"=Sony Ericsson PC Suite 4.005.00

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3A316611-45D1-429C-AA26-B71259C44689}"=HP Photosmart, Officejet and Deskjet 7.0.A

"{3F818569-A3A7-4D5E-AD4A-372C4A03678F}"=Adobe Setup

"{44A27085-0616-4181-A0C3-81C7ECA17F73}"=CorelDRAW Graphics Suite X4

"{49672EC2-171B-47B4-8CE7-50D7806360D7}"=Windows Live Sign-in Assistant

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8

"{643898A8-5565-49AC-B2FF-093D7A1F506C}"=Adobe Photoshop CS3

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup

"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}"=Corel Paint Shop Pro Photo X2

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All

"{6C2EDF63-C83B-4AAD-AC26-1784660F618B}"=Advanced Disk Cleaner

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings

"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}"=Microsoft Office Converter Pack

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{7078C6C2-F5A5-4A5F-86A8-CD1301CA07DF}"=Mobipocket Reader 6.1

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update

"{77D2A9D3-5800-43E3-B274-87841BC87DB2}"=Adobe ExtendScript Toolkit 2

"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}"=CorelDRAW Graphics SUite X4 - ICA

"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}"=CorelDRAW Graphics Suite X4 - Capture

"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}"=CorelDRAW Graphics Suite X4 - Draw

"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}"=CorelDRAW Graphics Suite X4 - PP

"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}"=CorelDRAW Graphics Suite X4 - Content

"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}"=CorelDRAW Graphics Suite X4 - Filters

"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}"=CorelDRAW Graphics Suite X4 - FontNav

"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}"=CorelDRAW Graphics Suite X4 - Lang EN

"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3

"{8777AC6D-89F9-4793-8266-DE406F343E89}"=QFolder

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}"=Adobe Setup

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support

"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12

"{90120000-0010-041D-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Swedish) 12

"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0015-041D-0000-0000000FF1CE}"=Microsoft Office Access MUI (Swedish) 2007

"{90120000-0015-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0017-041D-0000-0000000FF1CE}"=Microsoft Office SharePoint Designer MUI (Swedish) 2007

"{90120000-0017-041D-0000-0000000FF1CE}_OMUI.sv-se_{4067F29E-5D5A-4CF2-82D5-7792C131E2DC}"=Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-041D-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Swedish) 2007

"{90120000-0019-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-041D-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Swedish) 2007

"{90120000-001A-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.sv-se_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.sv-se_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_OMUI.sv-se_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_OMUI.sv-se_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007

"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-041D-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Swedish) 2007

"{90120000-0044-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_OMUI.sv-se_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-041D-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Swedish) 2007

"{90120000-00BA-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0100-041D-0000-0000000FF1CE}"=Microsoft Office O MUI (Swedish) 2007

"{90120000-0100-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0101-041D-0000-0000000FF1CE}"=Microsoft Office X MUI (Swedish) 2007

"{90120000-0101-041D-0000-0000000FF1CE}_OMUI.sv-se_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}"=CorelDRAW Graphics Suite X4 - IPM

"{A06275F4-324B-4E85-95E6-87B2CD729401}"=Windows Defender

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings

"{AC76BA86-7AD7-1053-7B44-A81200000003}"=Adobe Reader 8.1.2 - Svenska

"{AEB9948B-4FF2-47C9-990E-47014492A0FE}"=MSXML 6.0 Parser

"{AF43B178-7DA6-4E64-917D-939416C4B91D}"=Datakokboken

"{B32B98E0-63B2-493A-BB54-A27FCDA258F4}"=Sony Ericsson Media Manager 1.2

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B61D21B6-469D-4423-B161-62DB20B8A70E}"=Visual Basic for Applications ® Core - English

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3

"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}"=e-kort

"{BF439B41-0252-48DE-8B8B-0430CB26A181}"=CorelDRAW Graphics Suite X4 - VBA

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}"=AiO_Scan_CDA

"{C93369CB-B4E9-E095-9289-E6B5AE941053}"=Nero 7 Demo

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}"=CorelDRAW® Graphics Suite X4 - Windows Shell Extension

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files

"{D9226EB1-C528-48AC-B423-BD9240E1F60B}"=Opera 9.62

"{DB81779E-7CC5-4630-BCFC-754004956444}"=Visual Basic for Applications ® Core

"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1"=AusLogics Disk Defrag

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}"=jetAudio Basic

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support

"{F3760724-B29D-465B-BC53-E5D72095BCC4}"=Scan

"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}"=Jasc Paint Shop Pro 9

"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime

"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}"=Ralink Wireless LAN Card

"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings

"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone

"1D183828-C834-484E-AE37-1E4181330C80"=Cleanup Assistant

"3D Shadow by Lokas Software"=3D Shadow by Lokas Software

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe_0569ced46d8a4bd43ea5027ac9bf923"=Adobe Photoshop CS3

"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings

"Aspell Swedish Dictionary_is1"=Aspell Swedish Dictionary-0.50-2

"Audacity_is1"=Audacity 1.2.6

"BitComet"=BitComet 0.70

"CCleaner"=CCleaner (remove only)

"DIGITAL FILM LAB 2.0 for Adobe Photoshop & Compatible Applications"=DIGITAL FILM LAB 2.0 for Adobe Photoshop & Compatible Applications

"DIGITAL FILM LAB for Adobe Photoshop & Compatible Applications"=DIGITAL FILM LAB for Adobe Photoshop & Compatible Applications

"Digital Film Lab v2.5 for Adobe Photoshop & Compatible Applications"=Digital Film Lab v2.5 for Adobe Photoshop & Compatible Applications

"DreamLight Photo Editor_is1"=DreamLight Photo Editor 2.38

"ENTERPRISE"=Microsoft Office Enterprise 2007

"Eye Candy 4000"=Eye Candy 4000

"EyeCandy5Impact"=Alien Skin Eye Candy 5 Impact

"EyeCandy5Nature"=Alien Skin Eye Candy 5 Nature

"EyeCandy5Textures"=Alien Skin Eye Candy 5 Textures

"F-Secure Product 277"=Telia Säker Surf

"GNU Aspell_is1"=GNU Aspell 0.50-3

"Harry's Filters"=Harry's Filters

"Harry's Filters 3"=Harry's Filters 3

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"ImgBurn"=ImgBurn (Remove Only)

"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.8.5

"Mahjong Escape Deluxe"=Mahjong Escape Deluxe

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Messenger Plus! Live"=Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - SVE"=Microsoft .NET Framework 2.0 Language Pack - SVE

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"MWSnap 3"=MWSnap 3

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"OMUI.sv-se"=Microsoft Office Language Pack 2007 - Swedish/svenska

"Personal"=BankID säkerhetsprogram 4.10

"RegistryBooster 2_is1"=Uniblue RegistryBooster 2

"Softener_5QM"=namesuppressed Softener

"Sqirlz Water Reflections"=Sqirlz Water Reflections

"Telia Supportassistent_is1"=Telia Supportassistent

"The Weather Channel Desktop"=The Weather Channel 44

"Ulead ArtTexture.Plugin 1.0"=Ulead ArtTexture.Plugin 1.0

"Ulead Particle.Plugin 1.0"=Ulead Particle.Plugin 1.0

"VIA/S3G UniChrome Family Win2K/XP Display"=VIA/S3G Display Driver

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=WinRAR archiver

"Virtual Painter 5 (for PSP)"=Virtual Painter 5 (for PSP)

"Vizros Plug-ins 4.1"=Vizros Plug-ins 4.1

"WMCSetup"=Windows Media Connect

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"VN_VUIns_Rhine_VIA"=VIA Rhine-Family Fast Ethernet Adapter

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xenofex 1.0"=Xenofex 1.0

"Xenofex2"=Alien Skin Xenofex 2.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2009-01-20 11:40:52 | Computer Name = ÅSA | Source = Application Error | ID = 1000

Description = Felaktigt program superantispyware.exe, version 4.25.0.1012, felaktig

modul superantispyware.exe, version 4.25.0.1012, felaktig adress 0x000039e0.

 

Error - 2009-01-20 13:01:22 | Computer Name = ÅSA | Source = Application Hang | ID = 1002

Description = Stoppat program firefox.exe, version 1.9.0.3257, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-20 16:32:02 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 1 2009-01-20 21:30:50+02:00 åsa SYSTEM F-Secure Management Agent

 

The module F-Secure Automatic Update Agent monitored by F-Secure Management Agent

has stopped responding or was terminated. An attempt to restart it will be made

later. If you see this message frequently, contact the system administrator or

reinstall F-Secure products.

 

Error - 2009-01-20 16:32:02 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 2 2009-01-20 21:30:51+02:00 åsa SYSTEM F-Secure Management Agent

 

The module F-Secure ORSP Client monitored by F-Secure Management Agent has stopped

responding or was terminated. An attempt to restart it will be made later. If you

see this message frequently, contact the system administrator or reinstall F-Secure

products.

 

Error - 2009-01-20 16:32:02 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 3 2009-01-20 21:30:52+02:00 åsa SYSTEM F-Secure Management Agent

 

The module F-Secure Anti-Virus Firewall Daemon monitored by F-Secure Management

Agent has stopped responding or was terminated. An attempt to restart it will be

made later. If you see this message frequently, contact the system administrator

or reinstall F-Secure products.

 

Error - 2009-01-21 03:18:37 | Computer Name = ÅSA | Source = MPSampleSubmission | ID = 5000

Description = EventType mptelemetry, P1 80070422, P2 updateservicemanager-_get_services,

P3 fallbackcheck, P4 1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender,

P8 NIL, P9 NIL, P10 NIL.

 

Error - 2009-01-21 04:22:48 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 1 2009-01-21 09:22:46+02:00 åsa ÅSA\demo F-Secure Management

Agent The module F-Secure ORSP Client monitored by F-Secure Management Agent has

stopped responding or was terminated. An attempt to restart it will be made later.

If you see this message frequently, contact the system administrator or reinstall

F-Secure products.

 

Error - 2009-01-21 04:22:50 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 2 2009-01-21 09:22:50+02:00 åsa ÅSA\demo F-Secure Management

Agent The module F-Secure Anti-Virus Firewall Daemon monitored by F-Secure Management

Agent has stopped responding or was terminated. An attempt to restart it will be

made later. If you see this message frequently, contact the system administrator

or reinstall F-Secure products.

 

Error - 2009-01-21 04:36:02 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 1 2009-01-21 09:36:02+02:00 åsa ÅSA\demo F-Secure Management

Agent Severity: 3 , TrapNumber: 205 , ProductOID: 1.3.6.1.4.1.2213.11 , Parameters:

(0) F-Secure Anti-Virus Firewall Daemon

 

Error - 2009-01-21 04:36:03 | Computer Name = ÅSA | Source = F-Secure Management Agent | ID = 103

Description = 2 2009-01-21 09:36:02+02:00 åsa ÅSA\demo F-Secure Management

Agent The module F-Secure ORSP Client monitored by F-Secure Management Agent has

stopped responding or was terminated. An attempt to restart it will be made later.

If you see this message frequently, contact the system administrator or reinstall

F-Secure products.

 

[ System Events ]

Error - 2009-01-21 02:50:04 | Computer Name = ÅSA | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: SASKUTIL

 

Error - 2009-01-21 02:58:35 | Computer Name = ÅSA | Source = Dhcp | ID = 1000

Description = Lånet av IP-adressen 192.168.2.100 för kortet med nätverksadressen

000E2E906194 har förlorats.

 

Error - 2009-01-21 02:58:39 | Computer Name = ÅSA | Source = Dhcp | ID = 1000

Description = Lånet av IP-adressen 192.168.2.100 för kortet med nätverksadressen

000E2E906194 har förlorats.

 

Error - 2009-01-21 02:59:56 | Computer Name = ÅSA | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: SASKUTIL

 

Error - 2009-01-21 03:00:11 | Computer Name = ÅSA | Source = MRxSmb | ID = 8003

Description = Master browser har mottagit ett meddelande från datorn JARI som tror

att den är master browser för domänen på transporten NetBT_Tcpip_{01F61E3A-02B5-4888-A695.

Master browser stannar eller ett val tvingas att göras.

 

Error - 2009-01-21 03:08:55 | Computer Name = ÅSA | Source = MRxSmb | ID = 8003

Description = Master browser har mottagit ett meddelande från datorn MITT-BB6C93BE1F

som

tror att den är master browser för domänen på transporten NetBT_Tcpip_{01F61E3A-02B.

Master browser stannar eller ett val tvingas att göras.

 

Error - 2009-01-21 03:18:36 | Computer Name = ÅSA | Source = DCOM | ID = 10005

Description = DCOM fick felet %1058 vid försök att starta tjänsten wuauserv med

argumenten för att köra servern: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 2009-01-21 03:18:36 | Computer Name = ÅSA | Source = DCOM | ID = 10005

Description = DCOM fick felet %1058 vid försök att starta tjänsten wuauserv med

argumenten för att köra servern: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 2009-01-21 04:22:17 | Computer Name = ÅSA | Source = Dhcp | ID = 1000

Description = Lånet av IP-adressen 192.168.2.100 för kortet med nätverksadressen

000E2E906194 har förlorats.

 

Error - 2009-01-21 04:22:22 | Computer Name = ÅSA | Source = Dhcp | ID = 1000

Description = Lånet av IP-adressen 192.168.2.100 för kortet med nätverksadressen

000E2E906194 har förlorats.

 

 

< End of report >

[/log]

 

Link to comment
Share on other sites

Nej,

 

Jag skulle inte ha svarat på detta!!!!! Bortse ifrån detta som jag skrivit!!!!

 

[inlägget ändrat 2009-01-21 12:54:54 av OTE]

Link to comment
Share on other sites

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\System32\dllcache\user32.dll

C:\WINDOWS\System32\user32.dll

C:\WINDOWS\system32\9A53DD19E0.sys

C:\Documents and Settings\All Users\Application Data\8F17593C1D.sys

 

Ladda ner Avenger på Skrivbordet och packa upp filen där:

http://swandog46.geekstogo.com/avenger2/download.php

Starta Avenger.

Bocka i rutan Scan for rootkits om den inte redan är ibockad.

Tryck på Execute för att starta det.

Datorn startar nu om (kanske två gånger).

Efter en liten stund så kommer loggen (C:\avenger.txt) upp, klistra in den här.

 

 

Link to comment
Share on other sites

Du en dum fråga men är det något jag kan göra med en annan dator? Eller måste det vara den infekterade?

Det är segt och ploppar upp massa grejer hela tiden

 

Alltså använda virustotal menar jag

[inlägget ändrat 2009-01-21 14:01:39 av muggeby]

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.




×
×
  • Create New...