Det började med MSN...

[Koj Oi]

Okej, tack Malou. Är inne på att försöka ändra behörigheten till nyckeln som ger mig nekad åtkomst men det är lite komplicerat. Har precis samma problem som den här personen http://www.techtalkz.com/windows-live-messenger/132054-cant-uninstall-update-wlm-8-5-beta.html

 

[Koj Oi]

Det står att jag ska

Click Start, then Run, enter "regedit" and find that key in question. Right click on UIPlugins and choose Permissions. Click

the Add button, then type Everyone and click OK.

men när jag klickar på "Lägg till" står det: "Ange det objektnamn som ska väljas" Men den godtar ju inte "Everyone" och jag vet inte vad jag ska skriva på svenska? Vill inte skriva fel.

 

[inlägget ändrat 2009-10-12 16:20:03 av Koj Oi]

[Laston]

Hej!Det måste vara nåt helgalet i din dator så vi går vidare med ComboFix för att se vad den vill åtgärda i din dator istället!!

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, bifoga den till ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

I ditt svar bifogar du ComboFix-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[/log]Mvh Laston

 

[Koj Oi]

Ok, jag laddar ned Combo nu... hold on.

 

Combofix har upptäckt att följande realtidsskannrar är aktiva: Norton Internet Security.

 

Åh neeeej. Men jag har ju inte kvar det på datorn överhuvudtaget?? Jag avinstallerade det för ett halvår sedan. Ingen ikon finns heller vid klockan... Vad händer?

 

Om ni kan hjälpa mig ändra behörigheten för nyckeln som pajar att jag kan avinstallera msn så tror jag det kanske kan lösa en del?

 

Malou, Laston, Brynäsarn... Where you at?

[inlägget ändrat 2009-10-12 16:52:48 av Koj Oi]

[Laston]

Ok kör Norton Removal Tool då innan du skannar med ComboFix.

http://majorgeeks.com/Norton_Removal_Tool_d4749.html

 

[Koj Oi]

Ok, då börjar vi med att avinstallera osynliga Norton då.

 

[Laston]

ja gör det för det finns rester av Norton kvar i din dator:)

 

[Koj Oi]

Okej. Nu har jag avinstallerat Norton. Stängt av datorn. Startat om den. Kört ComboFix. Postar loggen nedan.

 

[log]

ComboFix 09-10-11.03 - EGAB 2009-10-12 17:08.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.2037.1235 [GMT 2:00]

Körs från: c:\users\EGAB\Desktop\Egna program\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1351 [VPS 091011-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1354183982-2139175017-2442922524-500

c:\$recycle.bin\S-1-5-21-334325608-2620173930-4221703787-500

c:\program files\Mozilla Firefox\searchplugins\search.xml

c:\windows\Installer\6db4a.msi

c:\windows\system32\AutoRun.inf

c:\windows\system32\KBL.LOG

 

.

(((((((((((((((((((((((( Filer Skapade från 2009-09-12 till 2009-10-12 ))))))))))))))))))))))))))))))

.

 

2009-10-12 15:15 . 2009-10-12 15:15 -------- d-----w- c:\users\EGAB\AppData\Local\temp

2009-10-12 15:15 . 2009-10-12 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-12 13:44 . 2009-10-12 13:44 -------- d-----w- c:\users\EGAB\AppData\Roaming\PeerNetworking

2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\program files\VS Revo Group

2009-09-23 20:07 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-23 20:07 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-23 20:07 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-23 20:07 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-23 20:07 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-23 20:07 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-23 20:07 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-23 20:07 . 2009-09-23 20:07 -------- d-----w- c:\program files\Alwil Software

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\program files\VS Revo Group

2009-10-12 09:07 . 2009-08-04 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-27 17:50 . 2008-07-21 09:40 432392 ----a-w- c:\users\EGAB\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-10 12:54 . 2009-08-04 09:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2009-08-04 09:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-07 07:12 . 2009-03-25 22:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\BitTorrent

2009-08-30 22:12 . 2008-07-27 21:46 13394 ----a-w- c:\users\EGAB\AppData\Roaming\wklnhst.dat

2009-08-27 11:55 . 2009-08-27 11:11 -------- d-----w- c:\programdata\Microsoft Help

2009-08-27 11:55 . 2008-07-21 09:35 -------- d-----w- c:\program files\Microsoft Works

2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\programdata\FirstClass

2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\FirstClass

2009-08-14 19:02 . 2009-02-13 15:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\Skype

2009-08-14 14:09 . 2009-02-13 15:32 -------- d-----w- c:\users\EGAB\AppData\Roaming\skypePM

2009-08-14 11:49 . 2009-03-25 22:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\DNA

2009-08-07 10:21 . 2009-04-03 10:33 151831 ----a-w- c:\windows\hpoins14.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bredbandsbolaget Servicecenter"="c:\program files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2008-11-07 443752]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartupHP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1354183982-2139175017-2442922524-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{09CC599E-72EE-4659-A979-248A298BC2AD}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{55F1B10A-640A-4644-A13F-35F75D8B4080}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1DA3E4C5-E2C3-4A5E-A2F4-CE932A0AF219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{F617A130-72DE-40A3-A1C9-6F301B47CDF9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{D50FF0DA-77E7-48E5-BCE3-0CECD5513271}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6637D3B8-A7DA-43D2-8BE1-4DA6BC597D0C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{629AEF5C-319D-4CCE-AFD7-7F7D216F6AAA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3D3C2819-9BEC-4DDB-B852-378651A35B10}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3A72F74C-DD5A-4C5D-BE4E-32FA1A0ACEED}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3657392C-6C1B-4BAD-898C-6313E0F22E3B}"= %ProgramFiles%\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe:Bredbandsbolaget Servicecenter

"TCP Query User{A4472AB9-1A0E-484B-AE37-C47DA93B84AC}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{D9B32557-F4EF-463D-AF0F-E4C11C14E2D0}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++

"TCP Query User{2D85585C-AF4F-4A03-BFDC-058BD5E3D33D}c:\\users\\egab\\desktop\\ny mapp\\dcplusplus.exe"= UDP:c:\users\egab\desktop\ny mapp\dcplusplus.exe:dcplusplus.exe

"UDP Query User{8AB0B51C-6546-478D-8FFC-AFCA7C55266C}c:\\users\\egab\\desktop\\ny mapp\\dcplusplus.exe"= TCP:c:\users\egab\desktop\ny mapp\dcplusplus.exe:dcplusplus.exe

"{8C9A477D-DAF7-4946-AD9D-1503AE01C970}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{B8C6C957-4688-47D7-B4E2-4ECC0650F907}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{105FBE92-F618-4251-A47F-535C01AEA083}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{4D1CC8BE-8AF5-4907-A1D0-5EA19080C7EC}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"TCP Query User{9A8B3422-212F-4EAC-96E9-E325A604B4E1}c:\\users\\egab\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\egab\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe

"UDP Query User{9F1BCAD4-F6B6-4CC0-B607-DF3336634949}c:\\users\\egab\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\egab\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe

"TCP Query User{8979E1AA-CE5D-4B19-A78E-39487A651381}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{778A0A04-05CD-48AC-BE18-8EA88EA58943}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1D3A16BA-22BB-49EB-88D0-639278419196}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary

"UDP Query User{5D7BBE79-8000-4E35-8B1A-4E5021D328E6}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary

"TCP Query User{C7B6033B-B7C8-4A31-97E8-40386CB8FBDC}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\day of defeat\hl.exe:Half-Life Launcher

"UDP Query User{387AD42B-75B4-4CAD-A53A-CA2136BCFF60}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\day of defeat\hl.exe:Half-Life Launcher

"{3082C3DA-2CA6-4E15-A838-831160C44368}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

"{498A6C29-AF1C-4134-A011-646EEA2E979E}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

"TCP Query User{2F1367CA-7E51-4656-8975-2A31953871C2}c:\\program files\\soldat\\soldat.exe"= UDP:c:\program files\soldat\soldat.exe:http://soldat.pl

"UDP Query User{44CEF40F-89E4-4195-A382-9C5C0CC4D4F0}c:\\program files\\soldat\\soldat.exe"= TCP:c:\program files\soldat\soldat.exe:http://soldat.pl

"TCP Query User{B2BFD8D2-2FF7-452E-9FCE-7461CF6C4BF4}c:\\users\\egab\\desktop\\amir\\cs\\cs2d_dedicated.exe"= UDP:c:\users\egab\desktop\amir\cs\cs2d_dedicated.exe:cs2d_dedicated.exe

"UDP Query User{A82B4602-A4E4-48F7-84D6-F1913C7837F2}c:\\users\\egab\\desktop\\amir\\cs\\cs2d_dedicated.exe"= TCP:c:\users\egab\desktop\amir\cs\cs2d_dedicated.exe:cs2d_dedicated.exe

"TCP Query User{AC1FF164-BAB2-4051-A737-3B58CF92256E}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{8C1CF3D6-FF1B-423C-AF4C-5232ED08A7FD}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"TCP Query User{BFF36548-5106-4399-813E-086DFBB2243F}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\half-life\hl.exe:Half-Life Launcher

"UDP Query User{4CD5E3C0-EA84-48AA-82B2-DF1B289CC684}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\half-life\hl.exe:Half-Life Launcher

"TCP Query User{4C66CABC-8953-464A-BF22-1306F47F6FB1}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{147C125C-371B-4BF5-AC2E-607E1BFB47B5}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\counter-strike\hl.exe:Half-Life Launcher

"{B51056EB-C4CB-44A0-98C3-93A9DE333C0F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{5B3DD8A4-AE82-4D48-BF1A-A500BB00BF4D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{D356BD56-33E6-4AE0-BB83-49100426A180}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{571A81D0-FB17-4809-814E-8E9518D64B43}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{575D96AB-BF52-4164-A415-DE9CCDB1A6D2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{1DB90D44-C514-4EC0-BCB3-8C0D02AD9B3D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{20BE40D4-ABD4-4B12-91D6-1E7D70430FF0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"UDP Query User{845605DC-9DC3-4A1B-BA2D-DFEF0BFA6F5D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"{A3CFAFFE-1F7B-4C90-9CBC-56E799E8349F}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{9AAC35C0-C7B3-4A2E-8C8F-19B9D295685F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{ABBC1992-7F29-44BE-8405-9C087ECB3F2C}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{57C15C2F-ABAD-4BFC-9740-EA6C0BDAB73C}c:\\users\\egab\\desktop\\amir\\launcher.exe"= UDP:c:\users\egab\desktop\amir\launcher.exe:launcher.exe

"UDP Query User{D50D86E6-4EEE-46FD-B0E1-94367D0A6961}c:\\users\\egab\\desktop\\amir\\launcher.exe"= TCP:c:\users\egab\desktop\amir\launcher.exe:launcher.exe

"{3C1C0129-76E2-41FF-8853-D27DE589E5F6}"= UDP:6881:Blizzard Downloader: 6881

"{278A7134-419F-4360-9933-232EDA3DEA8F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{23EAB444-06D4-4EF4-AF4F-8E2B3C37CFA9}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{8EE9DE18-95AC-4FE7-BC71-A71862005E6F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{740C0BC1-6EB7-4ADB-9700-6C1143610FFC}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{C39288F9-8AC5-443A-B88D-1B00B517119A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{688EAD67-8AE1-4CB2-80AC-D79B9F898453}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{24A2350B-2A2D-46E2-83CD-362127681C59}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{94C5CC54-DAC4-427A-94BC-AF34E2884718}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{9C11FAEE-7C4C-4439-8072-0822CF4B01F4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{39F81E8D-D40A-4A63-B16C-3D7F952C235B}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{B3F9082D-4CAF-407E-826F-9B698136E5DA}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{1D7F8886-AAFF-4E92-BEB4-BCB4463CBFF2}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-09-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-09-23 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-09-23 53328]

S2 gupdate1c9a2e82e8e81e7;Tjänsten Google Update (gupdate1c9a2e82e8e81e7);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [2009-05-09 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [2009-05-09 79104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 07:57]

 

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 07:57]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://ali213.126.com

uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\EGAB\AppData\Roaming\Mozilla\Firefox\Profiles\u7yy9etg.defaultFF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\users\EGAB\AppData\Roaming\Mozilla\Firefox\Profiles\u7yy9etg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-12 17:15

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

 

[HKEY_USERS\S-1-5-21-1354183982-2139175017-2442922524-1000\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\.htm\OpenWithList\Microsoft Office Excel\shell]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\.mht\OpenWithList\Microsoft Office Excel\shell]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\LocalServer32]

@DACL=(02 0000)

@="c:\\Program Files\\Nokia\\Nokia PC Suite 7\\ConnectionManager.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\ProgID]

@DACL=(02 0000)

@="ConnectionManager2.CM2App.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\TypeLib]

@DACL=(02 0000)

@="{07958A64-4537-4D5A-A640-4447BD918636}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2A6CE3EF-9D1B-4CB3-9221-9ACFAEAA42A6}\VersionIndependentProgID]

@DACL=(02 0000)

@="ConnectionManager2.CM2App"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32]

@DACL=(02 0000)

@="\"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\ProgID]

@DACL=(02 0000)

@="PDFShellServer.PDFShellInfo.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\TypeLib]

@DACL=(02 0000)

@="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\VersionIndependentProgID]

@DACL=(02 0000)

@="PDFShellServer.PDFShellInfo"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32]

@DACL=(02 0000)

@="c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\plug_ins\\Accessibility.api"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID]

@DACL=(02 0000)

@="AcroAccess.AcrobatAccess.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib]

@DACL=(02 0000)

@="{C523F390-9C83-11D3-9094-00104BD0D535}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID]

@DACL=(02 0000)

@="AcroAccess.AcrobatAccess"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\LocalServer32]

@DACL=(02 0000)

@="\"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32Info.exe\" /PDFShell"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\ProgID]

@DACL=(02 0000)

@="PDFShellServer.PDFShellInfo2.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\TypeLib]

@DACL=(02 0000)

@="{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\VersionIndependentProgID]

@DACL=(02 0000)

@="PDFShellServer.PDFShellInfo2"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBEF812C-294F-4714-8154-56BA7BA6C2BB}\InprocServer32]

@DACL=(02 0000)

@="c:\\Program Files\\Common Files\\HP\\\\Digital Imaging\\\\Bin\\\\hpqimgr2.dll"

"ThreadingModel"="Both"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBEF812C-294F-4714-8154-56BA7BA6C2BB}\ProgID]

@DACL=(02 0000)

@="RImageManager.RImageMgr.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBEF812C-294F-4714-8154-56BA7BA6C2BB}\TypeLib]

@DACL=(02 0000)

@="{AF327E49-EA68-4D66-8EFA-A25FE5D62E51}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FBEF812C-294F-4714-8154-56BA7BA6C2BB}\VersionIndependentProgID]

@DACL=(02 0000)

@="RImageManager.RImageMgr"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B0B35DEDC76B4424EAA66DDFC3821DFE\SourceList\Media]

@DACL=(02 0000)

"DiskPrompt"="[ProductName] [1]"

"1"=";LABEL"

 

[HKEY_LOCAL_MACHINE\software\Classes\Installer\Products\B0B35DEDC76B4424EAA66DDFC3821DFE\SourceList\Net]

@DACL=(02 0000)

"1"=expand:"c:\\Program Files\\Common Files\\Wise Installation Wizard\\"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid]

@DACL=(02 0000)

@="{00020420-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\ProxyStubClsid32]

@DACL=(02 0000)

@="{00020420-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{46B89F5A-769D-4792-AD9A-E3755915CBC3}\TypeLib]

@DACL=(02 0000)

"Version"="1.0"

@="{47A7A4B0-2723-41BA-865E-EBBB7081A602}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{912E56FA-0E44-45A3-B433-5EB1098A1147}\NumMethods]

@Class="REG_SZ"

@DACL=(02 0000)

@="4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{912E56FA-0E44-45A3-B433-5EB1098A1147}\ProxyStubClsid32]

@Class="REG_SZ"

@DACL=(02 0000)

@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects]

@DACL=(02 0000)

@="Layout Manager Objects"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PlayerUpgrade]

@DACL=(02 0000)

"EnableAutoUpgrade"="no"

"PlayerVersion"="11,0,6000,6336"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Plugins]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Preferences]

@DACL=(02 0000)

"OEMServiceOverride11"=""

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup]

@DACL=(02 0000)

"Install ID"="{EFCF4460-E083-484B-AE67-2E84D84B9112}"

"ResetAutoPlay"="11,0,6000,6336"

"LibraryMigrated"="yes"

"Progress_MaxDialog"=dword:0000000a

"Progress_CurrentInstall"=dword:00000000

"Progress_MaxInstall"=dword:00000001

"Progress_CurrentDialog"=dword:0000000a

"InstallResult"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\MozillaPlugins\@idsoftware.com/QuakeLive\MimeTypes]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ATPUD]

@DACL=(02 0000)

"ATPUD"=hex:02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Blst]

@DACL=(02 0000)

"FLAG"=hex:00,00,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\CSD]

@DACL=(02 0000)

"EnableKmixer"=hex:01,00,00,00

"KMixerDataInitialDelay"=hex:0d,00,00,00

"KMixerSpkpInitialDelay"=hex:0c,00,00,00

"MaxSampleValue"=hex:e8,03,00,00

"UnMuteTimerDuration"=hex:d0,07,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\DspInfo]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\EnableCallerID]

@DACL=(02 0000)

"1"="at+vcid=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Init]

@DACL=(02 0000)

"1"="AT<cr>"

"2"="AT&FE0V1S0=0&C1&D2+MR=2;+DR=1;+ER=1;W2<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\OEM]

@DACL=(02 0000)

"SREGS"=hex:00,00,2b,0d,0a,08,04,32,02,06,0e,5f,32,ff,8a,00,00,00,00,00,00,34,

77,37,00,05,01,49,00,00,00,06,11,13,ff,ff,07,00,14,03,00,05

"AT+MS"=hex:5c,00,00,00,01,00,00,00,4b,00,00,00,80,bb,00,00,4b,00,00,00,c0,da,

00,00

"TONEPARAMS"=hex:4c,04,14,00,0a,00,00,00,cc,ff,cc,ff,04,00,00,00,2c,01,00,00,

2c,01,00,00,34,08,28,00,0a,00,00,00,cc,ff,cc,ff,0e,00,00,00,32,00,00,00,32,"CONSTTONEPARAMS"=hex:b1,08,3c,00,0a,00,00,00,cc,ff,cc,ff,02,00,00,00,32,00,00,

00,32,00,00,00,34,08,32,00,32,00,00,00,cc,ff,cc,ff,03,00,00,00,64,00,00,00,"V25TER"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,c1,00,00,00,00,00,00,00,22,"FLAGS"=hex:02,07,00,08,08,00,00,00

"SPKR_MUTE_DELAY"=hex:2c,01

"OFF_HOOK_CONVERGENCE_DURATION"=hex:c8,00

"AT_MISC_DEF"=hex:02,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00

"VOLUME_AMPLIFICATION_PARMS"=hex:00,00,00,00,fa,ff,ff,ff,18,00,00,00

"CADENCE"=hex:01,2c,01,00,00,ee,02,00,00,d0,07,00,00,80,0c,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,2c,01,00,00

"PROPERTIES"=hex:ff,ff,ff,ff

"MOD_THRESHOLD"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,"CSA_FLAGS"=hex:00,00,00,00

"DAAType"=hex:01

"SmartDAAParams"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,00,

00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,13,"SmartDAAParamsK3"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,

00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,0a,0a,14,1d,1e,0a,0e,"SmartDAAParamsHal"=hex:90,1a,00,00,39,03,00,00,18,00,00,00,32,02,00,00,4a,01,

00,00,96,00,00,00,4a,01,00,00,d0,07,00,00,03,0c,03,03,06,08,12,16,1e,06,0c,"DTMF_COMP_LEVEL"=hex:17,00,00,00,15,00,00,00,14,00,00,00,12,00,00,00,0b,00,00,

00,08,00,00,00,04,00,00,00,00,00,00,00

"HwData"=hex:00,10,00,30,01,80,10,00

"DLG_PARAMS"=hex:01,00,00,00,00

"HANDSET_PARAMS"=hex:00,00,ff,ff,ff

"WOR"=hex:00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,

ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff

"DC_CALC_PARAMS"=hex:2c,01,00,00,00,04,00,00,00,00,00,00

"CPU_FREQ_CHANGE"=hex:00,00,00,00,00,00,00,00

"CPU_FREQ_CHANGE_REVB"=hex:00,00,00,00,00,00,00,00

"FAX_PRE_LOAD_DELAY"=hex:08,00,00,00

"CONTROLLER_THREAD_TIMER_RESOLUTION_EC_CONNECTED"=hex:0a

"SOFT_RING_PARAMS"=hex:00,00,b9,0b,b8,0b,00,00,49,71,48,71,01,00,d8,59,a0,0f,

00,00,30,75,b8,0b

"JCID_RING"=hex:32,00,00,00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Profile]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Region]

@DACL=(02 0000)

"Current"=hex:ff,00

"Previous"=hex:ff,00

"COPY_CTY"=hex:00,00,00,00

"RegionList"=hex:ff,fe,7f,fe,ff,ff,ff,7f,fb,fb,ff,df,ff,ff,ff,ff,ff,ff,dd,ff,

ff,ff,ff,ff,be,ff,ff,ff,ff,fd,bf,5f

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\SdkCapable]

@DACL=(02 0000)

"Type"=hex:00

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"SpeakerVolume_Low"="L1"

"SpeakerVolume_Med"="L2"

"SpeakerVolume_High"="L3"

"SpeakerMode_Off"="M0"

"SpeakerMode_Dial"="M1"

"SpeakerMode_On"="M2"

"SpeakerMode_Setup"="M3"

"FlowControl_Off"="+IFC=0,0;"

"FlowControl_Hard"="+IFC=2,2;"

"FlowControl_Soft"="+IFC=1,1;"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X4"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"ErrorControl_On"="+ES=3,0,2;"

"ErrorControl_Off"="+ES=1,0,1;"

"ErrorControl_Forced"="+ES=3,2,4;"

"Compression_On"="+DS=3;+DS44=3;"

"Compression_Off"="+DS=0;+DS44=0;"

"InactivityTimeout"="S30=<#>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\V92]

@DACL=(02 0000)

"QC_CONF"=hex:01,01,01,01

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0 +dr=1<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"Compression_On"="+DS=3,0;"

"Compression_Off"="+DS=0,0;"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0 +dr=1<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"Compression_On"="+DS=3,0;"

"Compression_Off"="+DS=0,0;"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0 +dr=1<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"Compression_On"="+DS=3,0;"

"Compression_Off"="+DS=0,0;"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0 +dr=1<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"Compression_On"="+DS=3,0;"

"Compression_Off"="+DS=0,0;"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0 +dr=1<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"Compression_On"="+DS=3,0;"

"Compression_Off"="+DS=0,0;"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\Answer]

@DACL=(02 0000)

"1"="ATA<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\Clients]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\Hangup]

@DACL=(02 0000)

"1"="ATH<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\Init]

@DACL=(02 0000)

"1"="AT&F<cr>"

"2"="AT E0 V1 &D2 &C1 &S0 S0=0 +dr=1<cr>"

"3"="AT+IFC=2,2;+CVHU=1<cr>"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\Monitor]

@DACL=(02 0000)

"1"="ATS0=0<cr>"

"2"="None"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\Settings]

@DACL=(02 0000)

"Prefix"="AT"

"Terminator"="<cr>"

"DialPrefix"="D"

"DialSuffix"=";"

"FlowControl_Off"="&K0"

"FlowControl_Hard"="&K3"

"FlowControl_Soft"="&K4"

"Modulation_CCITT"="B0"

"Modulation_Bell"="B1"

"Pulse"="P"

"Tone"="T"

"Blind_Off"="X5"

"Blind_On"="X3"

"CallSetupFailTimer"="S7=<#>"

"Compression_On"="+DS=3,0;"

"Compression_Off"="+DS=0,0;"

.

Sluttid: 2009-10-12 17:17

ComboFix-quarantined-files.txt 2009-10-12 15:17

 

Före genomsökningen: 69 862 608 896 byte ledigt

Efter genomsökningen: 69 896 994 816 byte ledigt

 

732

[/log]

 

[Koj Oi]

Malou vad hände? Hittade du nåt i loggen?

 

[Laston]

Hej! Efter att Malou och jag har kollat din ComboFix logga så är vi överens om att det bästa är att du installerar om ditt system,för mycket av registret är trasigt och ändrat!! Har du tillgång till Vista skivan?

 

[Malou_031]

Hej Koj Oi!

 

Malou vad hände? Hittade du nåt i loggen?

Ursäkta blev lite upptagen här med middagsbestyren. Och Laston har hjälpt dig här med vidare instruktioner bla då ComboFix. Och vi sitter och tittar igenom den i denna stund och kan bara konstatera att registret är skadat.

Det enda som hjälper och är den snabbste vägen är att du gör en fullständig formatering samt en helt ny installation av ditt Windows Vista system samt lägger på Server Packen och skyddsprogram.

 

Tyvärr

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Koj Oi]

Ingen fara Malou. Nej Laston, jag har inte skivan och vill heller inte formatera eftersom det gamla os inte raderas utan det nya installeras ovanpå! När jag fick den här datorn var allt förinstallerat. Hur kan man ordna det på nåt annat sätt?

 

Skulle ni kunna hjälpa mig att fixa åtkomst till den låsta nyckeln? Det är ju den som förstör mina avinstallationer.

[inlägget ändrat 2009-10-12 18:30:43 av Koj Oi]

[Brynäsarn]

Om ditt OS är förinstallerat borde det finnas en återställningspartion

på hårddisken,då återställs datorn till leveransskick,man kommer

dit genom att trycka på någon av F-tangenterna vid uppstart.

 

 

 

[inlägget ändrat 2009-10-12 18:44:42 av Brynäsarn]

[Malou_031]

Hej Koj Oi!

 

Vi skall se om vi kan försöka hjälpa dig på något sätt. Så håll ut ett tag tills vi har diskuterat färdigt *ler*

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Koj Oi]

Tack Malou, ni är bäst!

*väntar ivrigt*

 

[Malou_031]

Hej Koj Oi!

 

Vi är i full färd med att skriva en script till dig. Detta kommer att ta en stund så håll ut så länge.

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Koj Oi]

Tack, vad snällt!

 

[Laston]

Ok du ska nu köra comboFix igen med det script som du hämtar i denna länk,OBS ingen annan får klicka på länken eftersom den endast fungerar 1 gång

http://www.skickafilen.se/download.jsp?fileid=FLMugn9vdNVjd7BedibL

 

[inlägget ändrat 2009-10-12 20:13:57 av Laston]

[Koj Oi]

Tack, jag ska testa det nu!

 

[Koj Oi]

Efter att ha gjort som du sa kom en textfil upp som jag kopierade för att posta in i forumet. Då blev datan helt crazy och gav mig felmeddelanden (på registerposter) på allt jag gjorde! Jag kunde inte öppna nånting, inte ens internet... det enda som fungerade var att öppna mappar. Så tyvärr kunda jag inte spara loggen utan var tvungen att starta om datorn. Nu är det på ruta ett igen. MSN går fortfarande inta att avinstallera eller nåt annat program heller.

 

Vore tacksam om du kunde förklara vad scriptet gjorde och ändrade på min dator?

 

[Laston]

Hej! Det som detta script skulle göra var att låsa upp dina låsta nycklar,kan du starta datorn och leta reda på textfilen från ComboFix?

Den ska ligga här:C:\ComboFix.txt

 

[inlägget ändrat 2009-10-12 21:34:21 av Laston]

[Koj Oi]

[log]

ComboFix 09-10-11.03 - EGAB 2009-10-12 20:44.2.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.2037.1160 [GMT 2:00]

Körs från: c:\users\EGAB\Desktop\Egna program\ComboFix.exe

Använda kommandoväxlar :: c:\users\EGAB\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1351 [VPS 091011-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1351 [VPS 091011-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-09-12 till 2009-10-12 ))))))))))))))))))))))))))))))

.

 

2009-10-12 18:50 . 2009-10-12 18:50 -------- d-----w- c:\users\EGAB\AppData\Local\temp

2009-10-12 18:50 . 2009-10-12 18:50 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-10-12 18:50 . 2009-10-12 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-12 13:44 . 2009-10-12 13:44 -------- d-----w- c:\users\EGAB\AppData\Roaming\PeerNetworking

2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\program files\VS Revo Group

2009-09-23 20:07 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-23 20:07 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-23 20:07 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-23 20:07 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-23 20:07 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-23 20:07 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-23 20:07 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-23 20:07 . 2009-09-23 20:07 -------- d-----w- c:\program files\Alwil Software

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\program files\VS Revo Group

2009-10-12 09:07 . 2009-08-04 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-27 17:50 . 2008-07-21 09:40 432392 ----a-w- c:\users\EGAB\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-10 12:54 . 2009-08-04 09:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2009-08-04 09:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-07 07:12 . 2009-03-25 22:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\BitTorrent

2009-08-30 22:12 . 2008-07-27 21:46 13394 ----a-w- c:\users\EGAB\AppData\Roaming\wklnhst.dat

2009-08-27 11:55 . 2009-08-27 11:11 -------- d-----w- c:\programdata\Microsoft Help

2009-08-27 11:55 . 2008-07-21 09:35 -------- d-----w- c:\program files\Microsoft Works

2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\programdata\FirstClass

2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\FirstClass

2009-08-14 19:02 . 2009-02-13 15:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\Skype

2009-08-14 14:09 . 2009-02-13 15:32 -------- d-----w- c:\users\EGAB\AppData\Roaming\skypePM

2009-08-14 11:49 . 2009-03-25 22:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\DNA

2009-08-07 10:21 . 2009-04-03 10:33 151831 ----a-w- c:\windows\hpoins14.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bredbandsbolaget Servicecenter"="c:\program files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2008-11-07 443752]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartupHP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1354183982-2139175017-2442922524-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{09CC599E-72EE-4659-A979-248A298BC2AD}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{55F1B10A-640A-4644-A13F-35F75D8B4080}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1DA3E4C5-E2C3-4A5E-A2F4-CE932A0AF219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{F617A130-72DE-40A3-A1C9-6F301B47CDF9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{D50FF0DA-77E7-48E5-BCE3-0CECD5513271}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6637D3B8-A7DA-43D2-8BE1-4DA6BC597D0C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{629AEF5C-319D-4CCE-AFD7-7F7D216F6AAA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3D3C2819-9BEC-4DDB-B852-378651A35B10}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3A72F74C-DD5A-4C5D-BE4E-32FA1A0ACEED}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3657392C-6C1B-4BAD-898C-6313E0F22E3B}"= %ProgramFiles%\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe:Bredbandsbolaget Servicecenter

"TCP Query User{A4472AB9-1A0E-484B-AE37-C47DA93B84AC}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{D9B32557-F4EF-463D-AF0F-E4C11C14E2D0}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++

"TCP Query User{2D85585C-AF4F-4A03-BFDC-058BD5E3D33D}c:\\users\\egab\\desktop\\ny mapp\\dcplusplus.exe"= UDP:c:\users\egab\desktop\ny mapp\dcplusplus.exe:dcplusplus.exe

"UDP Query User{8AB0B51C-6546-478D-8FFC-AFCA7C55266C}c:\\users\\egab\\desktop\\ny mapp\\dcplusplus.exe"= TCP:c:\users\egab\desktop\ny mapp\dcplusplus.exe:dcplusplus.exe

"{8C9A477D-DAF7-4946-AD9D-1503AE01C970}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{B8C6C957-4688-47D7-B4E2-4ECC0650F907}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{105FBE92-F618-4251-A47F-535C01AEA083}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{4D1CC8BE-8AF5-4907-A1D0-5EA19080C7EC}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"TCP Query User{9A8B3422-212F-4EAC-96E9-E325A604B4E1}c:\\users\\egab\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\egab\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe

"UDP Query User{9F1BCAD4-F6B6-4CC0-B607-DF3336634949}c:\\users\\egab\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\egab\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe

"TCP Query User{8979E1AA-CE5D-4B19-A78E-39487A651381}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{778A0A04-05CD-48AC-BE18-8EA88EA58943}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1D3A16BA-22BB-49EB-88D0-639278419196}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary

"UDP Query User{5D7BBE79-8000-4E35-8B1A-4E5021D328E6}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary

"TCP Query User{C7B6033B-B7C8-4A31-97E8-40386CB8FBDC}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\day of defeat\hl.exe:Half-Life Launcher

"UDP Query User{387AD42B-75B4-4CAD-A53A-CA2136BCFF60}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\day of defeat\hl.exe:Half-Life Launcher

"{3082C3DA-2CA6-4E15-A838-831160C44368}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

"{498A6C29-AF1C-4134-A011-646EEA2E979E}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

"TCP Query User{2F1367CA-7E51-4656-8975-2A31953871C2}c:\\program files\\soldat\\soldat.exe"= UDP:c:\program files\soldat\soldat.exe:http://soldat.pl

"UDP Query User{44CEF40F-89E4-4195-A382-9C5C0CC4D4F0}c:\\program files\\soldat\\soldat.exe"= TCP:c:\program files\soldat\soldat.exe:http://soldat.pl

"TCP Query User{B2BFD8D2-2FF7-452E-9FCE-7461CF6C4BF4}c:\\users\\egab\\desktop\\amir\\cs\\cs2d_dedicated.exe"= UDP:c:\users\egab\desktop\amir\cs\cs2d_dedicated.exe:cs2d_dedicated.exe

"UDP Query User{A82B4602-A4E4-48F7-84D6-F1913C7837F2}c:\\users\\egab\\desktop\\amir\\cs\\cs2d_dedicated.exe"= TCP:c:\users\egab\desktop\amir\cs\cs2d_dedicated.exe:cs2d_dedicated.exe

"TCP Query User{AC1FF164-BAB2-4051-A737-3B58CF92256E}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{8C1CF3D6-FF1B-423C-AF4C-5232ED08A7FD}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"TCP Query User{BFF36548-5106-4399-813E-086DFBB2243F}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\half-life\hl.exe:Half-Life Launcher

"UDP Query User{4CD5E3C0-EA84-48AA-82B2-DF1B289CC684}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\half-life\hl.exe:Half-Life Launcher

"TCP Query User{4C66CABC-8953-464A-BF22-1306F47F6FB1}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{147C125C-371B-4BF5-AC2E-607E1BFB47B5}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\counter-strike\hl.exe:Half-Life Launcher

"{B51056EB-C4CB-44A0-98C3-93A9DE333C0F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{5B3DD8A4-AE82-4D48-BF1A-A500BB00BF4D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{D356BD56-33E6-4AE0-BB83-49100426A180}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{571A81D0-FB17-4809-814E-8E9518D64B43}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{575D96AB-BF52-4164-A415-DE9CCDB1A6D2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{1DB90D44-C514-4EC0-BCB3-8C0D02AD9B3D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{20BE40D4-ABD4-4B12-91D6-1E7D70430FF0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"UDP Query User{845605DC-9DC3-4A1B-BA2D-DFEF0BFA6F5D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"{A3CFAFFE-1F7B-4C90-9CBC-56E799E8349F}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{9AAC35C0-C7B3-4A2E-8C8F-19B9D295685F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{ABBC1992-7F29-44BE-8405-9C087ECB3F2C}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{57C15C2F-ABAD-4BFC-9740-EA6C0BDAB73C}c:\\users\\egab\\desktop\\amir\\launcher.exe"= UDP:c:\users\egab\desktop\amir\launcher.exe:launcher.exe

"UDP Query User{D50D86E6-4EEE-46FD-B0E1-94367D0A6961}c:\\users\\egab\\desktop\\amir\\launcher.exe"= TCP:c:\users\egab\desktop\amir\launcher.exe:launcher.exe

"{3C1C0129-76E2-41FF-8853-D27DE589E5F6}"= UDP:6881:Blizzard Downloader: 6881

"{278A7134-419F-4360-9933-232EDA3DEA8F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{23EAB444-06D4-4EF4-AF4F-8E2B3C37CFA9}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{8EE9DE18-95AC-4FE7-BC71-A71862005E6F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{740C0BC1-6EB7-4ADB-9700-6C1143610FFC}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{C39288F9-8AC5-443A-B88D-1B00B517119A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{688EAD67-8AE1-4CB2-80AC-D79B9F898453}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{24A2350B-2A2D-46E2-83CD-362127681C59}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{94C5CC54-DAC4-427A-94BC-AF34E2884718}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{9C11FAEE-7C4C-4439-8072-0822CF4B01F4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{39F81E8D-D40A-4A63-B16C-3D7F952C235B}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{B3F9082D-4CAF-407E-826F-9B698136E5DA}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{1D7F8886-AAFF-4E92-BEB4-BCB4463CBFF2}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-09-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-09-23 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-09-23 53328]

S2 gupdate1c9a2e82e8e81e7;Tjänsten Google Update (gupdate1c9a2e82e8e81e7);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [2009-05-09 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [2009-05-09 79104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 07:57]

 

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 07:57]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://ali213.126.com

uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\EGAB\AppData\Roaming\Mozilla\Firefox\Profiles\u7yy9etg.defaultFF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\users\EGAB\AppData\Roaming\Mozilla\Firefox\Profiles\u7yy9etg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-12 20:50

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\.htm\OpenWithList\Microsoft Office Excel\shell\edit\ddeexec]

@DACL=(02 0000)

@="[open(\"%1\")]"

 

[HKEY_LOCAL_MACHINE\software\Classes\.mht\OpenWithList\Microsoft Office Excel\shell\edit\ddeexec]

@DACL=(02 0000)

@="[open(\"%1\")]"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5700"

"PostShiftCount"=dword:00000000

"CurrentShift"="CRingSpinShift"

"PreShift0"="CDotPlane"

"PreShiftCount"=dword:00000001

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\circledance]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5721"

"PostShiftCount"=dword:00000001

"CurrentShift"="CTileShift"

"PreShift0"="CEdgeTrace"

"Palette"=hex:07,12,19,00,07,12,1a,00,08,12,1c,00,09,12,1e,00,0a,12,1f,00,0b,

12,21,00,0b,13,23,00,0c,13,24,00,0d,13,26,00,0e,13,28,00,0f,13,29,00,10,13,"PreShiftCount"=dword:00000001

"PostShift0"="CCircleWaveform"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cominatya]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5701"

"PostShiftCount"=dword:00000000

"CurrentShift"="CStretchShift"

"PreShift0"="CJiggyScribble"

"Palette"=hex:1f,04,1b,00,1f,04,1b,00,20,05,1c,00,21,06,1d,00,22,07,1e,00,22,

08,1f,00,23,09,1f,00,24,0a,20,00,25,0b,21,00,25,0c,22,00,26,0d,23,00,27,0e,"PreShiftCount"=dword:00000001

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cottonstar]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5705"

"PostShiftCount"=dword:00000000

"CurrentShift"="CStarburstShift"

"PreShift0"="CEdgeGradiant"

"PreShiftCount"=dword:00000002

"PaletteLocked"=dword:00000000

"PreShift1"="CDotPlane"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\dandelionaid]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5702"

"PostShiftCount"=dword:00000001

"CurrentShift"="CStarburstShift"

"PreShift0"="CJiggyScribble"

"Palette"=hex:0b,15,0c,00,0b,15,0c,00,0c,15,0d,00,0d,15,0e,00,0e,14,0e,00,0f,

14,0f,00,10,14,10,00,10,14,10,00,11,13,11,00,12,13,12,00,13,13,12,00,14,13,"PreShiftCount"=dword:00000001

"PostShift0"="CJDar"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\DrowningFlower]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5703"

"PostShiftCount"=dword:00000001

"CurrentShift"="CShiitake"

"PreShift0"="CSpectrumEdge"

"Palette"=hex:09,00,09,00,09,01,0c,00,09,03,10,00,09,04,14,00,09,06,17,00,09,

07,1b,00,09,09,1f,00,09,0a,22,00,09,0c,26,00,09,0d,2a,00,08,0f,2e,00,08,10,"PreShiftCount"=dword:00000001

"PostShift0"="CJiggyScribble"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\EletriArnation]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5704"

"PostShiftCount"=dword:00000001

"CurrentShift"="CStarburstShift"

"PreShift0"="CJiggyScribble"

"Palette"=hex:14,1f,01,00,14,1f,01,00,15,20,02,00,16,21,03,00,17,22,04,00,18,

23,05,00,18,23,06,00,19,24,07,00,1a,25,08,00,1b,26,09,00,1c,27,09,00,1c,28,"PreShiftCount"=dword:00000001

"PostShift0"="CJDar"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\eventhorizon]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5708"

"PostShiftCount"=dword:00000001

"CurrentShift"="CShiitake"

"PreShift0"="CSpectrumEdge"

"PreShiftCount"=dword:00000001

"PostShift0"="CDotPlane"

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Geeks Kick ASCII]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5723"

"PostShiftCount"=dword:00000001

"CurrentShift"="CShiitake"

"PreShift0"="CCosEdgeGradiant"

"Palette"=hex:e7,e3,e9,00,e6,e3,e9,00,e5,e2,e8,00,e3,e1,e7,00,e2,e0,e6,00,e0,

e0,e5,00,df,df,e4,00,dd,de,e3,00,dc,dd,e2,00,da,dd,e0,00,d9,dc,e0,00,d7,db,"PreShiftCount"=dword:00000001

"PostShift0"="CJDar"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\gemstone matrix]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5706"

"PostShiftCount"=dword:00000000

"CurrentShift"="CTileShift"

"PreShift0"="CJDar"

"Palette"=hex:11,06,00,00,11,09,01,00,11,0d,02,00,12,10,03,00,12,14,04,00,13,

17,05,00,13,1b,06,00,14,1e,07,00,14,22,08,00,14,25,09,00,15,29,0a,00,15,2c,"PreShiftCount"=dword:00000001

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\GrooveSwirl]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5707"

"PostShiftCount"=dword:00000001

"CurrentShift"="CShiitake"

"PreShift0"="CEdgeGradiant"

"Palette"=hex:e3,eb,fb,00,e3,eb,fa,00,e3,ea,f8,00,e3,e9,f7,00,e3,e8,f5,00,e2,

e7,f4,00,e2,e6,f2,00,e2,e5,f0,00,e2,e4,ef,00,e2,e3,ed,00,e1,e2,ec,00,e1,e1,"PreShiftCount"=dword:00000001

"PostShift0"="CCircleWaveform"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\illuminator]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5709"

"PostShiftCount"=dword:00000001

"CurrentShift"="CRingSpinShift"

"PreShift0"="CEdgeTrace"

"PreShiftCount"=dword:00000001

"PostShift0"="CCircleWaveform"

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\ISeeTheTruth]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5710"

"PostShiftCount"=dword:00000000

"CurrentShift"="CShiitake"

"PreShift0"="CJiggyScribble"

"Palette"=hex:16,11,03,00,16,14,03,00,16,18,03,00,16,1b,03,00,16,1f,03,00,16,

23,03,00,16,26,03,00,16,2a,03,00,16,2d,03,00,16,31,03,00,16,35,03,00,16,38,"PreShiftCount"=dword:00000001

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\kaleidoscope]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5711"

"PostShiftCount"=dword:00000001

"CurrentShift"="CRingSpinShift"

"PreShift0"="CDotPlane"

"PreShiftCount"=dword:00000001

"PostShift0"="CCircleWaveform"

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\khemicalnova]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5724"

"PostShiftCount"=dword:00000002

"CurrentShift"="CStarburstShift"

"PreShift0"="CEdgeGradiant"

"Palette"=hex:1a,1d,00,00,1a,1d,05,00,1a,1c,0b,00,1b,1b,11,00,1b,1a,16,00,1c,

1a,1c,00,1c,19,22,00,1d,18,27,00,1d,17,2d,00,1e,17,33,00,1e,16,38,00,1e,15,"PreShiftCount"=dword:00000001

"PostShift0"="CCircleWaveform"

"PostShift1"="CJDar"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Lotus]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5713"

"PostShiftCount"=dword:00000001

"CurrentShift"="CStarburstShift"

"PreShift0"="CEdgeTrace"

"Palette"=hex:04,03,10,00,05,03,11,00,06,03,12,00,07,03,13,00,09,04,14,00,0a,

04,15,00,0b,04,16,00,0d,05,17,00,0e,05,18,00,0f,05,19,00,11,06,1a,00,12,06,"PreShiftCount"=dword:00000001

"PostShift0"="CDotPlane"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Nerds Are Cool]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5712"

"PostShiftCount"=dword:00000001

"CurrentShift"="CShiitake"

"PreShift0"="CWaveEdge"

"Palette"=hex:16,11,03,00,16,14,03,00,16,18,03,00,16,1b,03,00,16,1f,03,00,16,

23,03,00,16,26,03,00,16,2a,03,00,16,2d,03,00,16,31,03,00,16,35,03,00,16,38,"PreShiftCount"=dword:00000001

"PostShift0"="CJiggyScribble"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5714"

"PostShiftCount"=dword:00000001

"CurrentShift"="CTwirlocity"

"PreShift0"="CSpectrumEdge"

"Palette"=hex:07,0e,11,00,07,0f,12,00,08,10,13,00,08,11,15,00,09,13,16,00,0a,

14,18,00,0b,16,1a,00,0c,18,1b,00,0c,18,1d,00,0c,1a,1f,00,0d,1b,20,00,0e,1c,"PreShiftCount"=dword:00000002

"PostShift0"="CDotPlane"

"PaletteLocked"=dword:00000001

"PreShift1"="CJDar"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\sleepyspray]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5715"

"PostShiftCount"=dword:00000001

"CurrentShift"="CLinearShift"

"PreShiftCount"=dword:00000000

"PostShift0"="CDotPlane"

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Smoke or Water]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5716"

"PostShiftCount"=dword:00000000

"CurrentShift"="CSwirlShift"

"PreShift0"="CJDar"

"Palette"=hex:0d,00,1e,00,0d,00,1e,00,0e,01,1f,00,0f,02,20,00,10,03,21,00,11,

04,21,00,12,05,22,00,13,06,23,00,13,07,24,00,14,08,24,00,15,09,25,00,16,0a,"PreShiftCount"=dword:00000001

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\SpidersLastMoment]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5718"

"PostShiftCount"=dword:00000001

"CurrentShift"="CShiitake"

"Palette"=hex:16,11,03,00,16,14,03,00,16,18,03,00,16,1b,03,00,16,1f,03,00,16,

23,03,00,16,26,03,00,16,2a,03,00,16,2d,03,00,16,31,03,00,16,35,03,00,16,38,"PreShiftCount"=dword:00000000

"PostShift0"="CJDar"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\strawberryaid]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5719"

"PostShiftCount"=dword:00000002

"CurrentShift"="CStretchShift"

"PreShift0"="CCosEdgeGradiant"

"Palette"=hex:09,12,0a,00,0a,12,0a,00,0c,12,0a,00,0e,12,0a,00,10,12,0a,00,12,

12,0a,00,13,11,0b,00,15,11,0b,00,17,11,0b,00,18,11,0b,00,1a,11,0b,00,1c,11,"PreShiftCount"=dword:00000001

"PostShift0"="CCircleWaveform"

"PostShift1"="CJDar"

"PaletteLocked"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\the world]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5720"

"PostShiftCount"=dword:00000000

"CurrentShift"="CShiitake"

"PreShift0"="CSpectrumEdge"

"Palette"=hex:1c,17,12,00,1c,17,12,00,1d,18,13,00,1e,19,14,00,1f,1a,15,00,20,

1b,16,00,21,1b,17,00,22,1c,18,00,22,1d,18,00,23,1e,19,00,24,1f,1a,00,25,20,"PreShift2"="CDotPlane"

"PreShiftCount"=dword:00000003

"PaletteLocked"=dword:00000001

"PreShift1"="CCircleWaveform"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\tornado]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5722"

"PostShiftCount"=dword:00000000

"CurrentShift"="CSwirlShift"

"PreShift0"="CCircleWaveform"

"PreShiftCount"=dword:00000001

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\what is an egab]

@DACL=(02 0000)

"Title"="res://wmploc/RT_STRING/#5717"

"PostShiftCount"=dword:00000002

"CurrentShift"="CSwirlShift"

"PreShiftCount"=dword:00000000

"PostShift0"="CJDar"

"PostShift1"="CDotPlane"

"PaletteLocked"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\ButtonElement]

@DACL=(02 0000)

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\FFWDElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.FastForward"

"accName"="res://wmploc.dll/RT_STRING/#2120"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121"

"upToolTip"="res://wmploc.dll/RT_STRING/#1804"

"onclick"="player.controls.FastForward()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\ImageElement]

@DACL=(02 0000)

"accName"="res://wmploc.dll/RT_STRING/#2140"

"cursor"="hand"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\NextElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.Next"

"accName"="res://wmploc.dll/RT_STRING/#2124"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125"

"upToolTip"="res://wmploc.dll/RT_STRING/#1806"

"onclick"="player.controls.Next()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PauseElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.Pause"

"accName"="res://wmploc.dll/RT_STRING/#2116"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

"upToolTip"="res://wmploc.dll/RT_STRING/#1801"

"onclick"="player.controls.Pause()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PlayElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.Play"

"accName"="res://wmploc.dll/RT_STRING/#2115"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117"

"upToolTip"="res://wmploc.dll/RT_STRING/#1800"

"onclick"="player.controls.Play()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PrevElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.Previous"

"accName"="res://wmploc.dll/RT_STRING/#2126"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127"

"upToolTip"="res://wmploc.dll/RT_STRING/#1805"

"onclick"="player.controls.Previous()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\REWElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.FastReverse"

"accName"="res://wmploc.dll/RT_STRING/#2122"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123"

"upToolTip"="res://wmploc.dll/RT_STRING/#1803"

"onclick"="player.controls.FastReverse()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\StopElement]

@DACL=(02 0000)

"enabled"="wmpenabled:player.controls.Stop"

"accName"="res://wmploc.dll/RT_STRING/#2118"

"accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119"

"upToolTip"="res://wmploc.dll/RT_STRING/#1802"

"onclick"="player.controls.Stop()"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist\Column]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Battery]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist\Column]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox\Item]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist\Column]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp\Item]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Extensions\Descriptions]

@DACL=(02 0000)

"8"="Picture file (*.jpg;*.jpeg)"

"1"="Audio file (*.wav;*.snd;*.au;*.aif;*.aifc;*.aiff;*.wma;*.mp3)"

"3"="Movie File (MPEG) (*.mpeg;*.mpg;*.m1v;*.m2v;*.mod;*.mp2;*.mpa;*.mpe;*.ifo;*.vob)"

"5"="Windows Media file (*.asf;*.wm;*.wma;*.wmv;*.wmd)"

"7"="Video file (*.avi;*.wmv)"

"9"="Microsoft Recorded TV Show (*.dvr-ms)"

"2"="MIDI file (*.mid;*.rmi;*.midi)"

"4"="Media playlist (*.asx;*.wax;*.m3u;*.wpl;*.wvx;*.wmx;*.search-ms)"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions]

@DACL=(02 0000)

"8"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-10005"

"1"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9995"

"3"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-10003"

"5"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9996"

"7"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9997"

"9"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9927"

"2"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9993"

"4"=expand:"@%SystemRoot%\\system32\\unregmp2.exe,-9922"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player\Extensions\Types]

@DACL=(02 0000)

"8"="*.jpg;*.jpeg"

"1"="*.wav;*.snd;*.au;*.aif;*.aifc;*.aiff;*.wma;*.mp3"

"3"="*.mpeg;*.mpg;*.m1v;*.m2v;*.mod;*.mp2;*.mpa;*.mpe;*.ifo;*.vob"

"5"="*.asf;*.wm;*.wma;*.wmv;*.wmd"

"7"="*.avi;*.wmv"

"9"="*.dvr-ms"

"2"="*.mid;*.rmi;*.midi"

"4"="*.asx;*.wax;*.m3u;*.wpl;*.wvx;*.wmx;*.search-ms"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\Fax\Class1\AdaptiveAnswer]

@DACL=(02 0000)

"ModemResponseFaxDetect"="FAX"

"ModemResponseFaxConnect"="CONNECT"

"ModemResponseDataDetect"="DATA"

"ModemResponseDataConnect"="CONNECT"

"HostCommandDataDetect"="ATO"

.

Sluttid: 2009-10-12 20:52

ComboFix-quarantined-files.txt 2009-10-12 18:52

ComboFix2.txt 2009-10-12 15:17

 

Före genomsökningen: 70 808 940 544 byte ledigt

Efter genomsökningen: 70 764 650 496 byte ledigt

 

576

[/log]

 

[Malou_031]

Hej Koj Oi!

 

Tyvärr så finns där fler låsta registernycklar i combologgan.

För att göra det så enkelt och lätt som möjligt så gå in på nedanstående sida och gör det som står där.

Anledningen till att jag lagt ut proceduren på mitt hemmaforum är att där finns större utrymme/plats för olika former av kodskript (utan radbrytning etc...).

Du behöver inte regga dig där för att kunna genomföra proceduren. Bara gör det som står och återkom sedan hit till din tråd och kopiera in loggarna på sedvanligt sätt.

 

Specialinlägg till Koj Oi

http://www.antispywareforum.se/phpBB/viewtopic.php?f=3&t=3666

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Koj Oi]

Tack Malou! Har inte gått att logga in på eforum den senaste timmen, men nu fungerar det igen. Har gjort som du skrev, ska bara starta combofix nu, återkommer strax med resultat

 

[Malou_031]

Hej Koj Oi!

 

Varsegod!

Ingen fara. Har själv haft problem med att komma åt e-forum.

 

Ta den tid du behöver vi har inte bråttom.

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/