Just nu i M3-nätverket
Jump to content

IE7 startar inte här heller


Kjell S

Recommended Posts

På min bärbara med XP vill inte IE7 starta från skrivbordet, får upp meddelande om att filen iexplorer.exe inte hittas.

Har installerat om, inget resultat.

Försöker starta genom att klicka en .html fil, går inte.

Programfilen finns där den ska, allt ser bra ut men inget fungerar.

 

 

 

 

Link to comment
Share on other sites

Det har varit 4 trådar i Eforum i år där det beror på skadliga program i datorn. Vi kan se vad HijackThis visar till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

 

Link to comment
Share on other sites

Och här kommer den

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:46, on 2009-03-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

C:\PROGRAM\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program\Launch Manager\QtZgAcer.EXE

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe

C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eniro.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: D - {C6698ED7-4949-3CF8-B3A1-7CF8533B4D97} - C:\WINDOWS\system32\wtx76319.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [EEventManager] C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart16.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

 

--

End of file - 10430 bytes

[/log]

 

 

 

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg. [/log]

 

Link to comment
Share on other sites

Då har vi nya resultat, det hittades tydligen en del.

 

[log]Malwarebytes' Anti-Malware 1.34

Databasversion: 1822

Windows 5.1.2600 Service Pack 3

 

2009-03-05 22:20:07

mbam-log-2009-03-05 (22-20-07).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 78831

Förfluten tid: 3 minute(s), 27 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 6

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 5

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c6698ed7-4949-3cf8-b3a1-7cf8533b4d97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{c6698ed7-4949-3cf8-b3a1-7cf8533b4d97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{76bdc20e-e0fc-3b33-9505-cb37900f473d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{5c9ffd2e-1820-3d32-825c-80da252e14ca} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c6698ed7-4949-3cf8-b3a1-7cf8533b4d97} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\wtx76319.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa765593.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\xa765859.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\tx76319.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program\KB51537.exe (Trojan.Agent) -> Quarantined and deleted successfully.

[/log]

 

Och ny Hijack

 

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:22:24, on 2009-03-05

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

C:\PROGRAM\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\CyberLink\PowerDVD\PDVDServ.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program\Launch Manager\QtZgAcer.EXE

C:\Program\Microsoft IntelliPoint\point32.exe

C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

C:\Program\Delade filer\ACD Systems\EN\DevDetect.exe

C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eniro.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [EEventManager] C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart16.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

 

--

End of file - 10324 bytes

[/log]

 

 

Link to comment
Share on other sites

Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

[log]Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.[/log]

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

 

Link to comment
Share on other sites

Nästa log

 

[log]ComboFix 09-03-04.01 - Kjell Svensson 2009-03-05 23:49:50.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.510.151 [GMT 1:00]

Körs från: c:\documents and settings\Kjell Svensson\Skrivbord\ComboFix.exe

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated)

* Skapade en ny återställningspunkt

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program\INSTALL.LOG

c:\windows\system32\autorun.ini

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-02-05 till 2009-03-05 ))))))))))))))))))))))))))))))

.

 

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\documents and settings\Kjell Svensson\Application Data\Malwarebytes

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-05 22:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-05 22:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-05 22:12 . 2009-03-05 22:08 2,876,720 --a------ c:\temp\mbam-setup.exe

2009-03-05 17:06 . 2009-03-05 17:06 <KAT> d-------- c:\program\Trend Micro

2009-03-05 17:05 . 2009-03-05 17:01 812,344 --a------ c:\temp\HJTInstall.exe

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Start-meny

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Start-meny

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER.000\Skrivbord

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER.000\Skrivbord

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Skrivare

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Skrivare

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Nätverket

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Nätverket

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Mina dokument

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Mina dokument

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Mallar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Mallar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Lokala inställningar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Lokala inställningar

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Favoriter

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Favoriter

2009-03-01 23:06 . 2009-03-01 23:06 <KAT> d-------- c:\documents and settings\Administratör.ACER.000

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER\Start-meny

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER\Skrivbord

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Skrivare

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Nätverket

2009-03-01 18:31 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER\Mina dokument

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Mallar

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Lokala inställningar

2009-03-01 18:31 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER\Favoriter

2009-03-01 18:31 . 2009-03-01 18:31 <KAT> d-------- c:\documents and settings\Administratör.ACER

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör\Start-meny

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör\Skrivbord

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Skrivare

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Nätverket

2009-03-01 18:13 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör\Mina dokument

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Mallar

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Lokala inställningar

2009-03-01 18:13 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör\Favoriter

2009-03-01 18:13 . 2009-03-01 18:13 <KAT> d-------- c:\documents and settings\Administratör

2009-03-01 16:24 . 2009-03-01 16:17 14,716,960 --a------ c:\temp\IE7-WindowsXP-x86-sve.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-05 21:52 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-27 12:33 172,032 ----a-w c:\windows\system32\xwr25146.dll

2008-12-27 12:33 172,032 ----a-w c:\windows\system32\wr25146.dll

2008-12-19 09:14 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2003-02-12 10:20 28,672 ----a-w c:\program\explore.exe

2008-10-26 13:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008102620081027\index.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-07 126976]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]

"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]

"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-01-21 2889216]

"LManager"="c:\program\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]

"IntelliPoint"="c:\program\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]

"D-Link AirPlus G"="c:\program\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]

"ANIWZCS2Service"="c:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]

"EEventManager"="c:\program\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2008-03-28 413696]

"APVXDWIN"="c:\program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]

"SCANINICIO"="c:\program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Kjell Svensson\Start-meny\Program\AutostartAdobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 113664]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartMicrosoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Adobe Gamma Loader.exe.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 113664]

AutoCAD Startup Accelerator.lnk - c:\program\Delade filer\Autodesk Shared\acstart16.exe [2005-03-05 10872]

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-03 25214]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]

"Debugger"=c:\windows\system32\klomp.exe

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Navirad_UserTool\\Navirad_UserTool.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-11-27 28544]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-11-27 41144]

R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-07-22 4096]

R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-07-22 78208]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-11-27 179640]

R2 PskSvcRetail;Panda PSK service;c:\program\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2008-11-27 28928]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-11-27 13880]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S0 epstwnt;epstwnt;c:\windows\system32\Drivers\epstwnt.mpd --> c:\windows\system32\Drivers\epstwnt.mpd [?]

S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\Drivers\sharshtl.sys --> c:\windows\system32\Drivers\sharshtl.sys [?]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-10-22 15576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe

HKLM-Run-Device Detector - DevDetect.exe

 

 

.

------- Extra genomsökning -------

.

uStart Page = hxxp://eniro.se/

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-05 23:51:18

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\epstwnt]

"ImagePath"="System32\Drivers\epstwnt.mpd"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(484)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\windows\SYSTEM32\Ati2evxx.dll

c:\windows\SYSTEM32\avldr.dll

c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Sluttid: 2009-03-05 23:52:27

ComboFix-quarantined-files.txt 2009-03-05 22:52:26

 

Före genomsökningen: 2 342 961 152 byte ledigt

Efter genomsökningen: 2,818,605,056 byte ledigt

 

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

 

206 --- E O F --- 2009-03-01 22:53:00

[/log]

 

Link to comment
Share on other sites

Kopiera alla rader i rutan (använd markera kod)

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=-

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Link to comment
Share on other sites

Och nummer 2

 

[log]ComboFix 09-03-04.01 - Kjell Svensson 2009-03-06 1:43:04.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.510.194 [GMT 1:00]

Körs från: c:\documents and settings\Kjell Svensson\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\Kjell Svensson\Skrivbord\CFScript.txt

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated)

* Skapade en ny återställningspunkt

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-02-06 till 2009-03-06 ))))))))))))))))))))))))))))))

.

 

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\documents and settings\Kjell Svensson\Application Data\Malwarebytes

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-05 22:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-05 22:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-05 22:12 . 2009-03-05 22:08 2,876,720 --a------ c:\temp\mbam-setup.exe

2009-03-05 17:06 . 2009-03-05 17:06 <KAT> d-------- c:\program\Trend Micro

2009-03-05 17:05 . 2009-03-05 17:01 812,344 --a------ c:\temp\HJTInstall.exe

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Start-meny

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Start-meny

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER.000\Skrivbord

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER.000\Skrivbord

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Skrivare

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Skrivare

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Nätverket

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Nätverket

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Mina dokument

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Mina dokument

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Mallar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Mallar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Lokala inställningar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Lokala inställningar

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Favoriter

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Favoriter

2009-03-01 23:06 . 2009-03-01 23:06 <KAT> d-------- c:\documents and settings\Administratör.ACER.000

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER\Start-meny

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER\Skrivbord

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Skrivare

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Nätverket

2009-03-01 18:31 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER\Mina dokument

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Mallar

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Lokala inställningar

2009-03-01 18:31 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER\Favoriter

2009-03-01 18:31 . 2009-03-01 18:31 <KAT> d-------- c:\documents and settings\Administratör.ACER

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör\Start-meny

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör\Skrivbord

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Skrivare

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Nätverket

2009-03-01 18:13 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör\Mina dokument

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Mallar

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Lokala inställningar

2009-03-01 18:13 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör\Favoriter

2009-03-01 18:13 . 2009-03-01 18:13 <KAT> d-------- c:\documents and settings\Administratör

2009-03-01 16:24 . 2009-03-01 16:17 14,716,960 --a------ c:\temp\IE7-WindowsXP-x86-sve.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-06 00:37 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-27 12:33 172,032 ----a-w c:\windows\system32\xwr25146.dll

2008-12-27 12:33 172,032 ----a-w c:\windows\system32\wr25146.dll

2008-12-19 09:14 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2003-02-12 10:20 28,672 ----a-w c:\program\explore.exe

2008-10-26 13:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008102620081027\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-05_23.51.38,67 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-06 00:37:12 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_134.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-07 126976]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]

"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]

"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-01-21 2889216]

"LManager"="c:\program\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]

"IntelliPoint"="c:\program\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]

"D-Link AirPlus G"="c:\program\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]

"ANIWZCS2Service"="c:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]

"EEventManager"="c:\program\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2008-03-28 413696]

"APVXDWIN"="c:\program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]

"SCANINICIO"="c:\program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Kjell Svensson\Start-meny\Program\AutostartAdobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 113664]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartMicrosoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Adobe Gamma Loader.exe.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 113664]

AutoCAD Startup Accelerator.lnk - c:\program\Delade filer\Autodesk Shared\acstart16.exe [2005-03-05 10872]

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-03 25214]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Navirad_UserTool\\Navirad_UserTool.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-11-27 28544]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-11-27 41144]

R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-07-22 4096]

R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-07-22 78208]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-11-27 179640]

R2 PskSvcRetail;Panda PSK service;c:\program\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2008-11-27 28928]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-11-27 13880]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S0 epstwnt;epstwnt;c:\windows\system32\Drivers\epstwnt.mpd --> c:\windows\system32\Drivers\epstwnt.mpd [?]

S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\Drivers\sharshtl.sys --> c:\windows\system32\Drivers\sharshtl.sys [?]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-10-22 15576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://eniro.se/

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-06 01:45:38

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\epstwnt]

"ImagePath"="System32\Drivers\epstwnt.mpd"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(484)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\avldr.dll

c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Sluttid: 2009-03-06 1:46:48

ComboFix-quarantined-files.txt 2009-03-06 00:46:46

ComboFix2.txt 2009-03-05 22:52:30

 

Före genomsökningen: 2 790 965 248 byte ledigt

Efter genomsökningen: 2,778,087,424 byte ledigt

 

195 --- E O F --- 2009-03-01 22:53:00

[/log]

 

 

Link to comment
Share on other sites

Startar Internet Explorer 7 nu?

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

c:\windows\system32\xwr25146.dll

c:\windows\system32\wr25146.dll

c:\windows\system32\dllcache\ie4uinit.exe

c:\windows\system32\dllcache\ieudinit.exe

c:\windows\system32\dllcache\iexplore.exe

c:\windows\system32\dllcache\ieakui.dll

c:\program\explore.exe

 

Link to comment
Share on other sites

Det går inte, det är ju IE7 som inte fungerar.

 

Då måste jag först installera någon annan webläsare, om det nu fungerar.

För jag förmodar att det senaste förslaget du gett gör så att det går in och analyserar mina filer på plats.

 

 

 

Link to comment
Share on other sites

Provade att starta om datorn idag igen och då startar IE7 helt plötsligt.

 

Analys enligt ditt förslag går nu att göra, återkommer.

 

 

 

Link to comment
Share on other sites

Körde analysen av filerna.

 

Skräp hittades i två

 

c:\windows\system32\xwr25146.dll

c:\windows\system32\wr25146.dll

 

Uppdaterade mitt Panda, som sen hittade och tog bort trojaner i tre filer, de två ovan samt i

 

c:\windows\system32\qdbon.dll

 

Kör just nu om Panda analys.

 

Verkar ha löst problemet.

 

 

 

Link to comment
Share on other sites

Låter bra, klistra in en ny ComboFix-logg så får jag se hur det ser ut nu. Kanske bäst att kolla med något mer också eftersom ComboFix inte ser filer som kommit in för mer än en månad sedan. Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Låt andra bockar vara.

Välj 90 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

Då ska vi se om vi kan fortsätta

här är då en nykörd Combofil

 

[log]ComboFix 09-03-06.02 - Kjell Svensson 2009-03-08 12:32:09.3 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1053.18.510.215 [GMT 1:00]

Körs från: c:\documents and settings\Kjell Svensson\Skrivbord\ComboFix.exe

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated)

* Skapade en ny återställningspunkt

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-02-08 till 2009-03-08 ))))))))))))))))))))))))))))))

.

 

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\program\Malwarebytes' Anti-Malware

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\documents and settings\Kjell Svensson\Application Data\Malwarebytes

2009-03-05 22:13 . 2009-03-05 22:13 <KAT> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-03-05 22:13 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-05 22:13 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-05 22:12 . 2009-03-05 22:08 2,876,720 --a------ c:\temp\mbam-setup.exe

2009-03-05 17:06 . 2009-03-05 17:06 <KAT> d-------- c:\program\Trend Micro

2009-03-05 17:05 . 2009-03-05 17:01 812,344 --a------ c:\temp\HJTInstall.exe

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Start-meny

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Start-meny

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER.000\Skrivbord

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER.000\Skrivbord

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Skrivare

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Skrivare

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Nätverket

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Nätverket

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Mina dokument

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Mina dokument

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Mallar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Mallar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Lokala inställningar

2009-03-01 23:06 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER.000\Lokala inställningar

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Favoriter

2009-03-01 23:06 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER.000\Favoriter

2009-03-01 23:06 . 2009-03-01 23:06 <KAT> d-------- c:\documents and settings\Administratör.ACER.000

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör.ACER\Start-meny

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör.ACER\Skrivbord

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Skrivare

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Nätverket

2009-03-01 18:31 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER\Mina dokument

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Mallar

2009-03-01 18:31 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör.ACER\Lokala inställningar

2009-03-01 18:31 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör.ACER\Favoriter

2009-03-01 18:31 . 2009-03-01 18:31 <KAT> d-------- c:\documents and settings\Administratör.ACER

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> dr------- c:\documents and settings\Administratör\Start-meny

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d-------- c:\documents and settings\Administratör\Skrivbord

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Skrivare

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Nätverket

2009-03-01 18:13 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör\Mina dokument

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Mallar

2009-03-01 18:13 . 2004-12-29 12:59 <KAT> d--h----- c:\documents and settings\Administratör\Lokala inställningar

2009-03-01 18:13 . 2005-01-14 09:51 <KAT> dr------- c:\documents and settings\Administratör\Favoriter

2009-03-01 18:13 . 2009-03-01 18:13 <KAT> d-------- c:\documents and settings\Administratör

2009-03-01 16:24 . 2009-03-01 16:17 14,716,960 --a------ c:\temp\IE7-WindowsXP-x86-sve.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-08 11:06 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-01-16 20:31 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-19 09:14 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys

2003-02-12 10:20 28,672 ----a-w c:\program\explore.exe

2008-10-26 13:44 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokala inställningar\Tidigare\History.IE5\MSHist012008102620081027\index.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2009-03-05_23.51.38,67 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-03-08 11:06:16 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_5a4.dat

+ 2009-03-08 11:12:16 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_f24.dat

.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]

"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-07 126976]

"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 32768]

"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-07 344064]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-01-25 180224]

"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-01-21 2889216]

"LManager"="c:\program\Launch Manager\QtZgAcer.EXE" [2004-12-09 311296]

"IntelliPoint"="c:\program\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]

"D-Link AirPlus G"="c:\program\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616]

"ANIWZCS2Service"="c:\program\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]

"EEventManager"="c:\program\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 102400]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]

"QuickTime Task"="c:\program\QuickTime\QTTask.exe" [2008-03-28 413696]

"APVXDWIN"="c:\program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]

"SCANINICIO"="c:\program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"AdobeCS4ServiceManager"="c:\program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\Kjell Svensson\Start-meny\Program\AutostartAdobe Gamma.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 113664]

 

c:\documents and settings\All Users\Start-meny\Program\AutostartMicrosoft Office.lnk - c:\program\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

Adobe Gamma Loader.exe.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-28 113664]

AutoCAD Startup Accelerator.lnk - c:\program\Delade filer\Autodesk Shared\acstart16.exe [2005-03-05 10872]

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-04-03 25214]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 c:\program\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.ACDV"= ACDV.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program\\Navirad_UserTool\\Navirad_UserTool.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program\\Delade filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

 

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-11-27 28544]

R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2006-10-10 5632]

R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 32256]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-11-27 41144]

R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2005-07-22 4096]

R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-07-22 78208]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-11-27 179640]

R2 PskSvcRetail;Panda PSK service;c:\program\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2008-11-27 28928]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-11-27 13880]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S0 epstwnt;epstwnt;c:\windows\system32\Drivers\epstwnt.mpd --> c:\windows\system32\Drivers\epstwnt.mpd [?]

S2 SHARSHTL;Shuttle Sharer;c:\windows\system32\Drivers\sharshtl.sys --> c:\windows\system32\Drivers\sharshtl.sys [?]

S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-10-22 15576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://eniro.se/

uInternet Settings,ProxyOverride = *.local

IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\program\MICROS~2\Office10\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-08 12:35:29

Windows 5.1.2600 Service Pack 3 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\epstwnt]

"ImagePath"="System32\Drivers\epstwnt.mpd"

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(484)

c:\program\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\avldr.dll

c:\program\Delade filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Sluttid: 2009-03-08 12:37:44

ComboFix-quarantined-files.txt 2009-03-08 11:37:42

ComboFix3.txt 2009-03-05 22:52:30

ComboFix2.txt 2009-03-06 00:46:50

 

Före genomsökningen: 2 716 221 440 byte ledigt

Efter genomsökningen: 2,714,828,800 byte ledigt

 

196 --- E O F --- 2009-03-01 22:53:00

[/log]

 

Link to comment
Share on other sites

Och här har vi OTV

 

Extras

[log]OTViewIt Extras logfile created on: 2009-03-08 12:49:11 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kjell Svensson\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

510,05 Mb Total Physical Memory | 180,47 Mb Available Physical Memory | 35,38% Memory free

1,22 Gb Paging File | 0,85 Gb Available in Paging File | 70,13% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 26,38 Gb Total Space | 2,54 Gb Free Space | 9,64% Space Free | Partition Type: FAT32

Drive D: | 26,55 Gb Total Space | 5,72 Gb Free Space | 21,56% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACER

Current User Name: Kjell Svensson

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 90 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-04-10 17:42:26 | 00,581,632 | ---- | M] (Navirad) -- C:\Program\Navirad_UserTool\Navirad_UserTool.exe:*:Enabled:Navirad UserTool

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-08-14 07:58:34 | 00,611,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

NameSpace_Catalog5\Catalog_Entries\000000000005 [bluetooth-namnområde] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001-01-22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL (cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} (HKLM) [Microsoft PKM KnowledgePluggable Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2001-02-12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\OLE DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2001-02-12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\OLE DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2001-02-12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\OLE DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001-02-23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) C:\Program\DELADE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}"=Adobe Color NA Recommended Settings CS4

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}"=Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}"=Adobe Extension Manager CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}"=kuler

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}"=Adobe Color JA Extra Settings CS4

"{0EA44599-1E9D-4517-A088-9588A9FAB211}"=AirPlus G

"{0F723FC1-7606-4867-866C-CE80AD292DAF}"=Adobe CSI CS4

"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}"=Adobe SGM CS4

"{1618734A-3957-4ADD-8199-F973763109A8}"=Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}"=Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}"=AdobeColorCommonSetRGB

"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{18FF8DB9-922C-41C9-AA29-6DA648D6B071}"=Acer GridVista

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR

"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}"=Adobe InDesign CS4

"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}"=Adobe InDesign CS4 Icon Handler

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email

"{25569723-DC5A-4467-A639-79535BF01B71}"=Adobe Help Center 2.1

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant

"{2BAF2B96-7560-48B4-87D4-10178DDBE217}"=Adobe InDesign CS4 Application Feature Set Files (Roman)

"{2EEE18E7-5C87-4506-A7E4-A42A6191B03E}"=Panda Antivirus Pro 2009

"{314F6D08-A8B7-11D8-8446-0050BA1D384D}"=EPSON Image Clip Palette

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}"=PDF Settings CS4

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}"=Adobe Media Player

"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}"=Adobe XMP Panels CS4

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3

"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}"=Adobe WinSoft Linguistics Plugin

"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}"=EPSON Event Manager

"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}"=Adobe Service Manager Extension

"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}"=Adobe SING CS4

"{4C590030-7469-453E-8589-D15DA9D03F52}"=ANIWZCS2 Service

"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}"=NTI Backup NOW! 3

"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}"=Adobe Premiere Elements 3.0

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}"=Adobe Color EU Extra Settings CS4

"{5783F2D7-4001-0409-0002-0060B0CE6BBA}"=AutoCAD 2006 - English

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}"=Acer ePowerManagement

"{67EDD823-135A-4D59-87BD-950616D6E857}"=EPSON Copy Utility 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6EA6D4E3-134D-4A11-AF2A-7986F61BB2F6}"=ImageRescue3

"{6F00F343-7562-4F03-B3C3-F9360E2DA333}"=DiMAGE Scan Dual4 ver.1.0

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}"=ANIO Service

"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}"=Adobe InDesign CS4 Common Base Files

"{7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2

"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3

"{808FAA20-4C3A-11D4-8A57-00201853C903}"=PC-Linq

"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}"=Adobe Type Support CS4

"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}"=Adobe Bridge CS4

"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}"=Suite Shared Configuration CS4

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8EDBA74D-0686-4C99-BFDD-F894678E5102}"=Adobe Common File Installer

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{90280409-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Professional with FrontPage

"{9112041D-6000-11D3-8CFE-0050048383C9}"=Microsoft Office XP Standard

"{931AB7EA-3656-4BB7-864D-022B09E3DD67}"=Adobe Linguistics CS4

"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}"=Adobe CMaps CS4

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific

"{AC76BA86-1033-0000-7760-000000000002}"=Adobe Acrobat 7.0 Professional

"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}"=ABBYY FineReader 6.0 Sprint

"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}"=Ipswitch WS_FTP Pro

"{B29AD377-CC12-490A-A480-1452337C618D}"=Connect

"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}"=ACDSee 9 Photo Manager

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}"=Adobe Illustrator CS2

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0

"{BB4E33EC-8181-4685-96F7-8554293DEC6A}"=Adobe Output Module

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2

"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}"=NTI CD & DVD-Maker

"{C52E3EC1-048C-45E1-8D53-10B0C6509683}"=Adobe Default Language CS4

"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}"=Adobe Setup

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}"=Photoshop Camera Raw

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{E55FB276-73C9-4776-AB53-BC028C0509ED}"=Panda Antivirus Pro 2009

"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}"=AdobeColorCommonSetCMYK

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}"=TIxx21/x515

"{E86BC406-944E-41F6-ADE6-2C136734C96B}"=EPSON File Manager

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}"=PL-2303 USB-to-Serial

"{EECDDEA0-DB76-4488-8E52-0EF1DF63700A}"=Microsoft IntelliPoint 5.4

"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}"=Adobe Search for Help

"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}"=Adobe ExtendScript Toolkit CS4

"{F93C84A6-0DC6-42AF-89FA-776F7C377353}"=Adobe PDF Library Files CS4

"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}"=Adobe Fonts All

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup

"Adobe Acrobat 7.0 Professional"=Adobe Acrobat 7.1.0 Professional

"Adobe AIR"=Adobe AIR

"Adobe Illustrator CS2"=Adobe Illustrator CS2

"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}"=Adobe InDesign CS2

"Adobe PageMaker 6.5"=Adobe PageMaker 6.5

"Adobe SVG Viewer"=Adobe SVG Viewer 3.0

"Adobe_1710d324011afc3e7658e969025f4ba"=Adobe InDesign CS4

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3

"All ATI Software"=ATI - Hjälp för avinstallation av program

"ATI Display Driver"=ATI Display Driver

"Autodesk DWF Viewer"=Autodesk DWF Viewer

"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025"=SoftV92 Data Fax Modem with SmartCP

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player

"Conexant PCI Audio"=Conexant AC-Link Audio

"EPSON Scanner"=EPSON Scan

"getPlus®_ocx"=getPlus®_ocx

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{0EA44599-1E9D-4517-A088-9588A9FAB211}"=AirPlus G

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email

"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}"=NTI Backup NOW! 3

"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}"=NTI CD & DVD-Maker Gold

"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}"=Texas Instruments PCIxx21/x515 drivers.

"LManager"=Launch Manager

"MAGIX audio cleaning lab 2005 deLuxe"=MAGIX audio cleaning lab 2005 deLuxe

"MAGIX Media Manager silver"=MAGIX Media Manager silver

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Navirad v4 UserTool_is1"=Navirad v4 UserTool 1.3

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"PERF4490P Användarhandbok"=PERF4490P Användarhandbok

"PremElem30"=Adobe Premiere Elements 3.0

"SynTPDeinstKey"=Synaptics Pointing Device Driver

"Uninstall Presto! BizCard 4.1 Eng"=Presto! BizCard 4.1 Eng

"Windows Media Format Runtime"=Windows Media Format Runtime

"Windows XP Service Pack"=Windows XP Service Pack 3

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2009-03-01 13:52:14 | Computer Name = ACER | Source = Application Error | ID = 1001

Description = Fel-bucket 392463877.

 

Error - 2009-03-01 18:02:05 | Computer Name = ACER | Source = Application Error | ID = 1000

Description = Felaktigt program devdetect.exe, version 3.1.43.1, felaktig modul

mfc71.dll, version 7.10.3077.0, felaktig adress 0x00010e8d.

 

Error - 2009-03-01 18:02:46 | Computer Name = ACER | Source = Application Error | ID = 1001

Description = Fel-bucket 392463877.

 

Error - 2009-03-01 18:22:24 | Computer Name = ACER | Source = Application Error | ID = 1000

Description = Felaktigt program devdetect.exe, version 3.1.43.1, felaktig modul

mfc71.dll, version 7.10.3077.0, felaktig adress 0x00010e8d.

 

Error - 2009-03-01 18:22:56 | Computer Name = ACER | Source = Application Error | ID = 1001

Description = Fel-bucket 392463877.

 

Error - 2009-03-01 18:42:39 | Computer Name = ACER | Source = Application Error | ID = 1000

Description = Felaktigt program loaddefault.exe, version 0.0.0.0, felaktig modul

loaddefault.exe, version 0.0.0.0, felaktig adress 0x0000129e.

 

Error - 2009-03-01 18:42:49 | Computer Name = ACER | Source = Application Error | ID = 1001

Description = Fel-bucket 144632965.

 

Error - 2009-03-05 17:52:32 | Computer Name = ACER | Source = Application Error | ID = 1000

Description = Felaktigt program devdetect.exe, version 3.1.43.1, felaktig modul

mfc71.dll, version 7.10.3077.0, felaktig adress 0x00010e8d.

 

Error - 2009-03-05 17:53:55 | Computer Name = ACER | Source = Application Error | ID = 1001

Description = Fel-bucket 392463877.

 

Error - 2009-03-05 18:49:45 | Computer Name = ACER | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: The server name or address could not be resolved

 

[ System Events ]

Error - 2009-03-01 18:06:54 | Computer Name = ACER | Source = DCOM | ID = 10005

Description = DCOM fick felet %1084 vid försök att starta tjänsten netman med argumenten

för att köra servern: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Tjänsten DHCP Client är beroende av tjänsten NetBios over Tcpip. Den

sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Tjänsten DNS Client är beroende av tjänsten TCP/IP Protocol Driver.

Den sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Tjänsten TCP/IP NetBIOS Helper är beroende av tjänsten AFD. Den sistnämnda

kunde inte starta på grund av följande fel: %%31

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Tjänsten Apple Mobile Device är beroende av tjänsten TCP/IP Protocol

Driver. Den sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Tjänsten ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## är beroende

av tjänsten TCP/IP Protocol Driver. Den sistnämnda kunde inte starta på grund av

följande fel: %%31

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Tjänsten IPSEC Services är beroende av tjänsten IPSEC driver. Den

sistnämnda kunde inte starta på grund av följande fel: %%31

 

Error - 2009-03-01 18:07:06 | Computer Name = ACER | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV

SASKUTIL

ShldDrv

Tcpip

 

Error - 2009-03-01 18:07:13 | Computer Name = ACER | Source = DCOM | ID = 10005

Description = DCOM fick felet %1084 vid försök att starta tjänsten netman med argumenten

för att köra servern: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 2009-03-01 18:20:16 | Computer Name = ACER | Source = DCOM | ID = 10005

Description = DCOM fick felet %1084 vid försök att starta tjänsten EventSystem med

argumenten för att köra servern: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

 

< End of report >

[/log]

 

OTV

 

 

[log]OTViewIt logfile created on: 2009-03-08 12:49:11 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Kjell Svensson\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

510,05 Mb Total Physical Memory | 180,47 Mb Available Physical Memory | 35,38% Memory free

1,22 Gb Paging File | 0,85 Gb Available in Paging File | 70,13% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 26,38 Gb Total Space | 2,54 Gb Free Space | 9,64% Space Free | Partition Type: FAT32

Drive D: | 26,55 Gb Total Space | 5,72 Gb Free Space | 21,56% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ACER

Current User Name: Kjell Svensson

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 90 Days

 

========== Processes ==========

 

[2004-12-07 21:59:24 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe

[2008-07-17 13:35:58 | 00,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

[2008-02-18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2008-07-16 14:45:20 | 00,181,504 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe

[2008-07-10 12:02:00 | 00,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe

[2008-02-04 17:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe

[2008-06-19 12:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe

[2008-06-25 16:43:08 | 00,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe

[2004-12-07 21:59:24 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe

[2008-04-14 17:05:20 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe

[2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe

[2008-07-04 14:28:26 | 00,288,512 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe

[2008-07-02 13:26:56 | 00,193,792 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE

[2004-10-07 22:44:24 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPLpr.exe

[2004-10-07 22:43:12 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPEnh.exe

[2008-04-14 17:05:18 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe

[2004-07-15 01:07:56 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program\CyberLink\PowerDVD\PDVDServ.exe

[2004-12-07 21:10:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

[2005-01-25 14:02:22 | 00,180,224 | ---- | M] (Acer Inc) -- C:\acer\epm\epm-dm.exe

[2004-12-09 12:50:00 | 00,311,296 | ---- | M] (Dritek System Inc.) -- C:\Program\Launch Manager\QtZgAcer.EXE

[2005-06-10 11:21:02 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft IntelliPoint\point32.exe

[2006-03-17 10:30:26 | 00,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe

[2008-04-23 02:08:14 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[2008-03-28 23:37:20 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QTTask.exe

[2008-07-24 13:42:22 | 00,197,888 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PavJobs.exe

[2008-10-16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe

[2008-04-14 17:05:14 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

[2007-08-13 18:43:56 | 00,622,080 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2008-04-14 17:05:24 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2009-03-08 12:47:20 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kjell Svensson\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2006-07-16 13:10:04 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2004-10-22 13:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Program\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])

[2008-02-18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2004-12-07 21:59:24 | 00,425,984 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2005-12-23 12:56:56 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2008-12-27 13:48:58 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008-07-16 14:45:20 | 00,181,504 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe -- (Panda Software Controller [Auto | Running])

[2008-07-10 12:02:00 | 00,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe -- (PAVFNSVR [Auto | Running])

[2008-02-04 17:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program\Delade filer\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv [Auto | Running])

[2008-07-04 14:28:26 | 00,288,512 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe -- (PAVSRV [Auto | Running])

[2008-06-19 12:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe -- (PSIMSVC [Auto | Running])

[2008-06-25 16:43:08 | 00,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe -- (PskSvcRetail [Auto | Running])

[2008-04-14 17:05:20 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])

[2008-04-14 17:05:20 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])

[2008-07-17 13:35:58 | 00,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe -- (TPSrv [Auto | Running])

[2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])

 

========== Driver Services ==========

 

[2008-08-14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])

[2004-07-27 11:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])

[2004-12-07 22:06:42 | 00,874,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2003-05-21 18:47:12 | 00,175,360 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Stopped])

[2003-09-25 18:41:12 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])

[2008-04-13 19:46:34 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\BthEnum.sys -- (BthEnum [On_Demand | Stopped])

[2008-04-13 19:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\bthpan.sys -- (BthPan [On_Demand | Stopped])

[2008-06-14 19:36:26 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHport.sys -- (BTHPORT [On_Demand | Stopped])

[2008-04-13 19:46:30 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\BTHUSB.sys -- (BTHUSB [On_Demand | Stopped])

[2004-06-24 22:29:00 | 00,034,048 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD [On_Demand | Running])

[2004-06-24 22:31:00 | 00,276,480 | ---- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA [On_Demand | Running])

[2009-03-08 12:06:44 | 00,013,880 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\COMFiltr.sys -- (ComFiltr [On_Demand | Running])

[2004-12-08 14:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\System32\Drivers\DKbFltr.sys -- (DKbFltr [On_Demand | Running])

[2004-07-19 13:10:00 | 00,004,096 | ---- | M] (Acer Value Labs, USA) -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd [Auto | Running])

[2005-01-03 11:51:22 | 00,078,208 | ---- | M] (Acer Value Labs, USA) -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd [Auto | Running])

[2004-06-09 23:00:00 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])

[2004-06-09 22:58:00 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2004-10-07 16:54:00 | 00,752,093 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])

[2005-01-13 14:46:16 | 00,069,632 | ---- | M] () -- C:\Program\acer\eRecovery\int15.sys -- (int15.sys [On_Demand | Stopped])

[2004-03-16 19:04:00 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2008-04-13 19:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Running])

[2004-12-29 13:26:20 | 00,006,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])

[2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot [boot | Running])

[2008-04-28 17:35:14 | 00,084,024 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\DRIVERS\pavdrv51.sys -- (PAVDRV [Auto | Running])

[2008-02-07 12:03:08 | 00,179,640 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\DRIVERS\PavProc.sys -- (PavProc [Auto | Running])

File not found -- -- (PavTPK.sys [On_Demand | Running])

[2006-12-06 18:25:54 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])

[2005-06-10 11:21:02 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])

[2004-08-04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-10-14 12:47:34 | 00,020,016 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -- (PxHelp20 [boot | Running])

[2008-04-13 19:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])

[2005-06-04 20:07:56 | 00,319,104 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Stopped])

[2006-10-10 13:53:48 | 00,005,632 | ---- | M] () -- C:\Program\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [system | Running])

[2006-02-16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])

[2007-02-27 12:39:26 | 00,032,256 | ---- | M] () -- C:\Program\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [system | Running])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2003-07-16 14:27:40 | 00,043,264 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys -- (Ser2pl [On_Demand | Stopped])

[2001-09-06 20:12:12 | 00,018,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\sermouse.sys -- (sermouse [On_Demand | Stopped])

[2008-03-04 15:59:42 | 00,041,144 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys -- (ShldDrv [system | Running])

[2004-10-07 22:33:46 | 00,185,824 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])

[2004-09-13 13:40:00 | 00,146,304 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

[2008-04-13 19:56:02 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\tunmp.sys -- (tunmp [On_Demand | Stopped])

[2004-12-17 17:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [system | Running])

[2004-10-29 02:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])

[2001-01-08 03:53:24 | 00,015,576 | R--- | M] () -- C:\WINDOWS\System32\Drivers\usbbc.sys -- (Wdm1 [On_Demand | Stopped])

[2004-06-09 22:58:00 | 00,684,800 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[2004-08-04 05:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://eniro.se/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://eniro.se/

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (710 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acrobat Assistant 7.0"="C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"AdobeCS4ServiceManager"="C:\Program\Delade filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (Adobe Systems Incorporated)

"ANIWZCS2Service"=C:\Program\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)

"APVXDWIN"="C:\Program\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s (Panda Security, S.L.)

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)

"D-Link AirPlus G"=C:\Program\D-Link\AirPlus G\AirGCFG.exe (D-Link)

"EEventManager"=C:\Program\EPSON\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

"EPM-DM"=c:\acer\epm\epm-dm.exe (Acer Inc)

"ePowerManagement"=C:\Acer\ePM\ePM.exe boot (Acer Value Labs, Taiwan)

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

"IntelliPoint"="C:\Program\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)

"LaunchApp"=Alaunch (Acer Inc.)

"LManager"=C:\Program\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"RemoteControl"=C:\Program\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

"SCANINICIO"="C:\Program\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" (Panda Security, S.L.)

"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"=C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"=C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

 

========== (O4) Startup Folders ==========

 

[2001-02-13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

[1999-11-04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.exe.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

[2005-03-05 21:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\AutoCAD Startup Accelerator.lnk = C:\Program\Delade filer\Autodesk Shared\acstart16.exe

[2008-06-03 14:06:50 | 00,025,214 | R--- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[1999-11-04 15:06:48 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Kjell Svensson\Start-meny\Program\Autostart\Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableRegistryTools"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=67108863

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=67108863

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

Convert link target to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert link target to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selected links to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selected links to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selection to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selection to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

E&xport to Microsoft Excel: C:\Program\MICROS~2\Office10\EXCEL.EXE [2001-02-16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\Software\Microsoft\Internet Explorer\MenuExt\]

Convert link target to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert link target to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selected links to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selected links to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selection to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert selection to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert to Adobe PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

Convert to existing PDF: C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)

E&xport to Microsoft Excel: C:\Program\MICROS~2\Office10\EXCEL.EXE [2001-02-16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:14 | 01,695,232 | -HS- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:14 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:14 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:14 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:14 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2518252092-1044113732-3252051378-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:14 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control

{32505657-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab -- Reg Error: Key does not exist or could not be opened.

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class

 

========== (O17) DNS Name Servers ==========

 

{47DD1305-FD24-433A-AA6E-C49C7C970BB1} (Servers: | Description: 1394 Net Adapter)

{896E3A6B-8C4E-4C74-98E1-EAC59A0EF8A4} (Servers: | Description: )

{89A89041-6B4C-40AA-B9FD-B622F47246EB} (Servers: | Description: D-Link AirPlus G DWL-G630 Wireless Cardbus Adapter(rev.E))

{D4CE68E9-AE76-4A44-9F19-293359FC62E1} (Servers: | Description: Intel® PRO/Wireless 2200BG Network Connection)

{F73FBA28-3BCB-4EFD-9129-0B15C53A99F4} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\Program\SUPERAntiSpyware\SASWINLO.dll -- C:\Program\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

avldr: "DllName" = avldr.dll -- C:\WINDOWS\system32\avldr.dll (Panda Security, S.L.)

igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2004-12-29 13:08:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

 

========== Files/Folders - Created Within 90 Days ==========

 

[2 C:\WINDOWS\*.tmp files]

[2009-03-08 12:47:19 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kjell Svensson\Skrivbord\OTViewIt.exe

[2009-03-08 12:29:03 | 02,933,448 | R--- | C] () -- C:\Documents and Settings\Kjell Svensson\Skrivbord\ComboFix.exe

[2009-03-05 23:49:24 | 00,000,194 | ---- | C] () -- C:\Boot.bak

[2009-03-05 23:49:22 | 00,260,784 | ---- | C] () -- C:\cmldr

[2009-03-05 23:49:20 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009-03-05 23:40:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009-03-05 23:40:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009-03-05 23:40:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009-03-05 23:40:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009-03-05 23:40:14 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe

[2009-03-05 23:40:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009-03-05 23:40:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009-03-05 23:40:14 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2009-03-05 23:40:14 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009-03-05 23:40:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009-03-05 23:40:07 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009-03-05 22:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Kjell Svensson\Application Data\Malwarebytes

[2009-03-05 22:13:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-03-05 22:13:54 | 00,000,572 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-03-05 22:13:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-03-05 22:13:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009-03-05 22:13:50 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2009-03-05 17:06:05 | 00,001,586 | ---- | C] () -- C:\Documents and Settings\Kjell Svensson\Skrivbord\HijackThis.lnk

[2009-03-05 17:06:05 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2009-03-01 23:21:22 | 53,489,2544 | -HS- | C] () -- C:\hiberfil.sys

[2009-03-01 14:51:20 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib

[2009-03-01 14:51:20 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib

[2009-03-01 14:51:20 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib

[2009-03-01 14:51:20 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib

[2009-03-01 14:51:20 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib

[2009-03-01 14:51:20 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib

[2009-03-01 14:51:20 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib

[2009-03-01 14:51:20 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib

[2009-03-01 14:51:20 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib

[2009-03-01 14:51:20 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib

[2009-03-01 14:51:20 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll

[2009-03-01 14:51:20 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib

[2009-03-01 14:51:20 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib

[2009-03-01 14:51:20 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib

[2009-03-01 14:51:20 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib

[2009-03-01 14:51:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll

[2009-03-01 14:51:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll

[2009-03-01 14:51:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll

[2009-03-01 14:51:20 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib

[2009-03-01 14:51:20 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib

[2009-03-01 14:51:20 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib

[2008-12-27 13:59:10 | 00,000,000 | ---D | C] -- C:\Program\Adobe Media Player

[2008-12-27 13:55:31 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Adobe AIR

 

========== Files - Modified Within 90 Days ==========

 

[2 C:\WINDOWS\*.tmp files]

[2009-03-08 12:47:20 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kjell Svensson\Skrivbord\OTViewIt.exe

[2009-03-08 12:37:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-03-08 12:35:34 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009-03-08 12:29:04 | 02,933,448 | R--- | M] () -- C:\Documents and Settings\Kjell Svensson\Skrivbord\ComboFix.exe

[2009-03-08 12:06:44 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys

[2009-03-08 12:06:42 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-03-08 12:06:26 | 00,002,309 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk

[2009-03-08 12:05:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-03-08 12:05:54 | 53,489,2544 | -HS- | M] () -- C:\hiberfil.sys

[2009-03-06 14:17:36 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat

[2009-03-05 23:49:26 | 00,000,264 | RHS- | M] () -- C:\BOOT.INI

[2009-03-05 22:13:56 | 00,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-03-05 17:06:08 | 00,001,586 | ---- | M] () -- C:\Documents and Settings\Kjell Svensson\Skrivbord\HijackThis.lnk

[2009-03-05 12:10:20 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC

[2009-03-01 23:46:42 | 00,000,006 | ---- | M] () -- C:\ISACER.ID

[2009-03-01 23:29:04 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009-03-01 18:27:16 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\Kjell Svensson\Mina dokument\Katalogtext.lnk

[2009-03-01 14:51:34 | 00,875,290 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009-03-01 14:51:34 | 00,379,300 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2009-03-01 14:51:34 | 00,375,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009-03-01 14:51:34 | 00,061,196 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2009-03-01 14:51:34 | 00,051,538 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009-03-01 14:51:08 | 00,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf

[2009-03-01 14:05:40 | 00,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\ACDSee 9 Photo Manager.lnk

[2009-03-01 13:54:26 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009-02-11 20:56:18 | 21,244,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009-02-11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-02-11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-01-29 11:43:40 | 00,017,920 | ---- | M] () -- C:\Documents and Settings\Kjell Svensson\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-01-16 21:31:18 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2009-01-16 21:31:18 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-27 14:39:32 | 02,371,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-12-27 14:11:36 | 00,086,832 | ---- | M] () -- C:\Documents and Settings\Kjell Svensson\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2008-12-21 00:03:50 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll

[2008-12-21 00:03:50 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll

[2008-12-21 00:03:50 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll

[2008-12-21 00:03:50 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll

[2008-12-21 00:03:50 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll

[2008-12-21 00:03:50 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll

[2008-12-21 00:03:50 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll

[2008-12-21 00:03:50 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll

[2008-12-21 00:03:48 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll

[2008-12-21 00:03:48 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll

[2008-12-21 00:03:48 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll

[2008-12-21 00:03:48 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll

[2008-12-21 00:03:48 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll

[2008-12-21 00:03:48 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll

[2008-12-21 00:03:48 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll

[2008-12-21 00:03:48 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll

[2008-12-21 00:03:48 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll

[2008-12-21 00:03:48 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll

[2008-12-21 00:03:44 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll

[2008-12-21 00:03:44 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2008-12-21 00:03:44 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll

[2008-12-21 00:03:44 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2008-12-21 00:03:44 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll

[2008-12-21 00:03:44 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll

[2008-12-21 00:03:42 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2008-12-21 00:03:42 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-12-21 00:03:42 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl

[2008-12-21 00:03:42 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl

[2008-12-21 00:03:42 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll

[2008-12-21 00:03:42 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2008-12-21 00:03:42 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll

[2008-12-21 00:03:42 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll

[2008-12-21 00:03:38 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll

[2008-12-21 00:03:38 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll

[2008-12-21 00:03:38 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll

[2008-12-21 00:03:38 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll

[2008-12-21 00:03:38 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll

[2008-12-21 00:03:38 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll

[2008-12-21 00:03:38 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll

[2008-12-21 00:03:38 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll

[2008-12-21 00:03:38 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll

[2008-12-21 00:03:38 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll

[2008-12-21 00:03:38 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll

[2008-12-21 00:03:38 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll

[2008-12-21 00:03:38 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll

[2008-12-21 00:03:38 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll

[2008-12-21 00:03:38 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll

[2008-12-21 00:03:38 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll

[2008-12-21 00:03:38 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll

[2008-12-21 00:03:38 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll

[2008-12-19 10:14:58 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe

[2008-12-19 10:14:58 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe

[2008-12-19 10:10:16 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe

[2008-12-19 06:25:26 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe

[2008-12-19 06:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll

[2008-12-19 06:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll

[2008-12-11 11:57:10 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys

[2008-12-11 11:57:10 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

< End of report >

[/log]

 

 

 

Link to comment
Share on other sites

Eventuellt så har du en Flash-version med säkerhetshål så kolla upp programmen på http://secunia.com/vulnerability_scanning/

 

Eftersom det ser ut som att du har gratisversionen av SUPERAntiSpyWare som inte har skydd av datorn hela tiden så är det onödigt att den startar automatiskt. Automatisk start av SUPERAntiSpyware stänger du av genom att avbocka rutan "Start SUPERAntiSpyware when Windows starts" under "Startup options" som nås genom att klicka på knappen "Preferences".

 

Hur har du det med brandvägg i datorn egentligen?

 

Link to comment
Share on other sites

Ja, det fungerar bra.

Håller på med några uppdateringar enligt förslag från Secunia.

 

Tackar för all hjälp.

 

 

 

Link to comment
Share on other sites

Här kommer några punkter som du bör gå igenom för en sista städning av datorn.

[log]1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Du gör det genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt.

Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning

 

2. Om du har använt något fix-program, t ex ComboFix så ladda ner avinstallationsprogrammet OTCleanIt till Skrivbordet.

http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

Dubbelklicka på filen för att starta programmet.

Tryck på knappen CleanUp! och de olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn. Om något fix-program är kvar efter det så fråga hur du ska ta bort det.

 

3. Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

Tryck på Exit i Main-menyn för att stänga programmet.

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

4. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer.

http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc.

 

5. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://ceblstockholm.googlepages.com/home[/log]

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...