Det började med MSN...

[Koj Oi]

Malou, DU FIXADE DET! Du är grym, så bra jobbat! Vad gjorde du?

 

Nu har jag avinstallerat messenger och några andra program utan problem och datorn går snabbare. Plus en massa andra små buggar har försvunnit!

 

Postar en sista HJT logga för den intresserade:

[log]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:20:36, on 2009-10-13

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ali213.126.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Bredbandsbolaget Servicecenter Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Bredbandsbolaget\Servicecenter\IEFixItNowPlugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [bredbandsbolaget Servicecenter] "C:\Program Files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [bredbandsbolaget Servicecenter] "C:\Program Files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Tjänsten Google Update (gupdate1c9a2e82e8e81e7) (gupdate1c9a2e82e8e81e7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 5804 bytes

[/log]

 

Tack alla som hjälpt till, speciellt Laston och Malou som kämpat med mig hela dagen. Hur kan jag återgälda det? Jag är så glad!!!

 

[Malou_031]

Hej Koj Oi!

 

Men så underbart att höra att det äntligen lyckades med allt

 

Tack för de vänliga orden (värmer oss att få höra).

Vill även rikta ett tack till Zipp som hjälpte till lite i bakgrunden *ler*

 

Vad jag gjorde?

Precis som Laston så skrev jag ett script för att åtgärda låsta registernycklar. Och som gav resultat

 

Skulle väldigt gärna vilja se combologgan du fick nu vid sista proceduren.

Skulle du vilja kopiera in den hit så vore jag tacksam?

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/

 

[Koj Oi]

Här kommer den!

 

[log]

ComboFix 09-10-11.03 - EGAB 2009-10-13 9:15.4.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.2037.1254 [GMT 2:00]

Körs från: c:\users\EGAB\Desktop\Egna program\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 091012-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1351 [VPS 091012-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

(((((((((((((((((((((((( Filer Skapade från 2009-09-13 till 2009-10-13 ))))))))))))))))))))))))))))))

.

 

2009-10-13 07:22 . 2009-10-13 07:22 -------- d-----w- c:\users\EGAB\AppData\Local\temp

2009-10-13 07:22 . 2009-10-13 07:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-10-13 07:22 . 2009-10-13 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-10-12 13:44 . 2009-10-12 13:44 -------- d-----w- c:\users\EGAB\AppData\Roaming\PeerNetworking

2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\program files\VS Revo Group

2009-09-23 20:07 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-23 20:07 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-23 20:07 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-23 20:07 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-23 20:07 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-09-23 20:07 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-23 20:07 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-09-23 20:07 . 2009-09-23 20:07 -------- d-----w- c:\program files\Alwil Software

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-12 22:08 . 2008-08-13 18:59 -------- d-----w- c:\program files\Sonic Foundry

2009-10-12 13:30 . 2009-10-12 13:30 -------- d-----w- c:\program files\VS Revo Group

2009-10-12 09:07 . 2009-08-04 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-27 17:50 . 2008-07-21 09:40 432392 ----a-w- c:\users\EGAB\AppData\Local\GDIPFONTCACHEV1.DAT

2009-09-10 12:54 . 2009-08-04 09:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 12:53 . 2009-08-04 09:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-07 07:12 . 2009-03-25 22:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\BitTorrent

2009-08-30 22:12 . 2008-07-27 21:46 13394 ----a-w- c:\users\EGAB\AppData\Roaming\wklnhst.dat

2009-08-27 11:55 . 2009-08-27 11:11 -------- d-----w- c:\programdata\Microsoft Help

2009-08-27 11:55 . 2008-07-21 09:35 -------- d-----w- c:\program files\Microsoft Works

2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\programdata\FirstClass

2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\FirstClass

2009-08-14 19:02 . 2009-02-13 15:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\Skype

2009-08-14 14:09 . 2009-02-13 15:32 -------- d-----w- c:\users\EGAB\AppData\Roaming\skypePM

2009-08-14 11:49 . 2009-03-25 22:30 -------- d-----w- c:\users\EGAB\AppData\Roaming\DNA

2009-08-07 10:21 . 2009-04-03 10:33 151831 ----a-w- c:\windows\hpoins14.dat

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-30 159744]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 202032]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bredbandsbolaget Servicecenter"="c:\program files\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe" [2008-11-07 443752]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\StartupHP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1354183982-2139175017-2442922524-1000]

"EnableNotificationsRef"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{09CC599E-72EE-4659-A979-248A298BC2AD}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{55F1B10A-640A-4644-A13F-35F75D8B4080}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{1DA3E4C5-E2C3-4A5E-A2F4-CE932A0AF219}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{D50FF0DA-77E7-48E5-BCE3-0CECD5513271}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{6637D3B8-A7DA-43D2-8BE1-4DA6BC597D0C}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{629AEF5C-319D-4CCE-AFD7-7F7D216F6AAA}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{3D3C2819-9BEC-4DDB-B852-378651A35B10}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3A72F74C-DD5A-4C5D-BE4E-32FA1A0ACEED}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{3657392C-6C1B-4BAD-898C-6313E0F22E3B}"= %ProgramFiles%\Bredbandsbolaget\Servicecenter\Bredbandsbolaget.exe:Bredbandsbolaget Servicecenter

"TCP Query User{A4472AB9-1A0E-484B-AE37-C47DA93B84AC}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++

"UDP Query User{D9B32557-F4EF-463D-AF0F-E4C11C14E2D0}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++

"TCP Query User{2D85585C-AF4F-4A03-BFDC-058BD5E3D33D}c:\\users\\egab\\desktop\\ny mapp\\dcplusplus.exe"= UDP:c:\users\egab\desktop\ny mapp\dcplusplus.exe:dcplusplus.exe

"UDP Query User{8AB0B51C-6546-478D-8FFC-AFCA7C55266C}c:\\users\\egab\\desktop\\ny mapp\\dcplusplus.exe"= TCP:c:\users\egab\desktop\ny mapp\dcplusplus.exe:dcplusplus.exe

"{8C9A477D-DAF7-4946-AD9D-1503AE01C970}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{B8C6C957-4688-47D7-B4E2-4ECC0650F907}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{105FBE92-F618-4251-A47F-535C01AEA083}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)

"{4D1CC8BE-8AF5-4907-A1D0-5EA19080C7EC}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

"TCP Query User{9A8B3422-212F-4EAC-96E9-E325A604B4E1}c:\\users\\egab\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\egab\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe

"UDP Query User{9F1BCAD4-F6B6-4CC0-B607-DF3336634949}c:\\users\\egab\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\egab\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe

"TCP Query User{8979E1AA-CE5D-4B19-A78E-39487A651381}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{778A0A04-05CD-48AC-BE18-8EA88EA58943}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{1D3A16BA-22BB-49EB-88D0-639278419196}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary

"UDP Query User{5D7BBE79-8000-4E35-8B1A-4E5021D328E6}c:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary

"TCP Query User{C7B6033B-B7C8-4A31-97E8-40386CB8FBDC}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\day of defeat\hl.exe:Half-Life Launcher

"UDP Query User{387AD42B-75B4-4CAD-A53A-CA2136BCFF60}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\day of defeat\hl.exe:Half-Life Launcher

"{3082C3DA-2CA6-4E15-A838-831160C44368}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

"{498A6C29-AF1C-4134-A011-646EEA2E979E}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

"TCP Query User{2F1367CA-7E51-4656-8975-2A31953871C2}c:\\program files\\soldat\\soldat.exe"= UDP:c:\program files\soldat\soldat.exe:http://soldat.pl

"UDP Query User{44CEF40F-89E4-4195-A382-9C5C0CC4D4F0}c:\\program files\\soldat\\soldat.exe"= TCP:c:\program files\soldat\soldat.exe:http://soldat.pl

"TCP Query User{B2BFD8D2-2FF7-452E-9FCE-7461CF6C4BF4}c:\\users\\egab\\desktop\\amir\\cs\\cs2d_dedicated.exe"= UDP:c:\users\egab\desktop\amir\cs\cs2d_dedicated.exe:cs2d_dedicated.exe

"UDP Query User{A82B4602-A4E4-48F7-84D6-F1913C7837F2}c:\\users\\egab\\desktop\\amir\\cs\\cs2d_dedicated.exe"= TCP:c:\users\egab\desktop\amir\cs\cs2d_dedicated.exe:cs2d_dedicated.exe

"TCP Query User{AC1FF164-BAB2-4051-A737-3B58CF92256E}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= UDP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"UDP Query User{8C1CF3D6-FF1B-423C-AF4C-5232ED08A7FD}c:\\nexon\\nexon_eu_downloader\\nexon_eu_downloader_engine.exe"= TCP:c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe:NEXON_EU_Downloader_Engine

"TCP Query User{BFF36548-5106-4399-813E-086DFBB2243F}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\half-life\hl.exe:Half-Life Launcher

"UDP Query User{4CD5E3C0-EA84-48AA-82B2-DF1B289CC684}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\half-life\hl.exe:Half-Life Launcher

"TCP Query User{4C66CABC-8953-464A-BF22-1306F47F6FB1}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{147C125C-371B-4BF5-AC2E-607E1BFB47B5}c:\\program files\\steam\\steamapps\\ghost_the_third@hotmail.com\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\ghost_the_third@hotmail.com\counter-strike\hl.exe:Half-Life Launcher

"{B51056EB-C4CB-44A0-98C3-93A9DE333C0F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{5B3DD8A4-AE82-4D48-BF1A-A500BB00BF4D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{D356BD56-33E6-4AE0-BB83-49100426A180}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{571A81D0-FB17-4809-814E-8E9518D64B43}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{575D96AB-BF52-4164-A415-DE9CCDB1A6D2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{1DB90D44-C514-4EC0-BCB3-8C0D02AD9B3D}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"TCP Query User{20BE40D4-ABD4-4B12-91D6-1E7D70430FF0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"UDP Query User{845605DC-9DC3-4A1B-BA2D-DFEF0BFA6F5D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher

"{A3CFAFFE-1F7B-4C90-9CBC-56E799E8349F}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{9AAC35C0-C7B3-4A2E-8C8F-19B9D295685F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enGB-downloader.exe:Blizzard Downloader

"{ABBC1992-7F29-44BE-8405-9C087ECB3F2C}"= UDP:3724:Blizzard Downloader: 3724

"TCP Query User{57C15C2F-ABAD-4BFC-9740-EA6C0BDAB73C}c:\\users\\egab\\desktop\\amir\\launcher.exe"= UDP:c:\users\egab\desktop\amir\launcher.exe:launcher.exe

"UDP Query User{D50D86E6-4EEE-46FD-B0E1-94367D0A6961}c:\\users\\egab\\desktop\\amir\\launcher.exe"= TCP:c:\users\egab\desktop\amir\launcher.exe:launcher.exe

"{3C1C0129-76E2-41FF-8853-D27DE589E5F6}"= UDP:6881:Blizzard Downloader: 6881

"{278A7134-419F-4360-9933-232EDA3DEA8F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{23EAB444-06D4-4EF4-AF4F-8E2B3C37CFA9}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{8EE9DE18-95AC-4FE7-BC71-A71862005E6F}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{740C0BC1-6EB7-4ADB-9700-6C1143610FFC}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{C39288F9-8AC5-443A-B88D-1B00B517119A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{688EAD67-8AE1-4CB2-80AC-D79B9F898453}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{24A2350B-2A2D-46E2-83CD-362127681C59}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{94C5CC54-DAC4-427A-94BC-AF34E2884718}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{9C11FAEE-7C4C-4439-8072-0822CF4B01F4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{39F81E8D-D40A-4A63-B16C-3D7F952C235B}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{B3F9082D-4CAF-407E-826F-9B698136E5DA}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{1D7F8886-AAFF-4E92-BEB4-BCB4463CBFF2}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-09-23 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-09-23 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-09-23 53328]

S2 gupdate1c9a2e82e8e81e7;Tjänsten Google Update (gupdate1c9a2e82e8e81e7);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 133104]

S3 Mkd2kfNt;Mkd2kfNt;c:\windows\System32\drivers\Mkd2kfNT.sys [2009-05-09 131072]

S3 Mkd2Nadr;Mkd2Nadr;c:\windows\System32\drivers\Mkd2Nadr.sys [2009-05-09 79104]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 07:57]

 

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-12 07:57]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://ali213.126.com

uSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e476f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\EGAB\AppData\Roaming\Mozilla\Firefox\Profiles\u7yy9etg.defaultFF - prefs.js: browser.startup.homepage - hxxp://www.google.se/

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll

FF - plugin: c:\users\EGAB\AppData\Roaming\Mozilla\Firefox\Profiles\u7yy9etg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071301000019.dll

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-13 09:22

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-0.037548448704905"

"dbl8"="0"

"dbl2"="0.762913906574249"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\BrightSphere\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384.000015258789"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="37"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\circledance\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="3.37656788527966E-02"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\circledance\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.643847492279012"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1"

"dbl8"="0"

"dbl2"="2"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\circledance\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="55"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cominatya\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="4.35239728506501E-02"

"dbl8"="0"

"dbl2"="0.154408398550004"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cominatya\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="456"

"dbl4"="11"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="80"

"dbl8"="0"

"dbl2"="227"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cottonstar\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="32"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="2.82921845583943E-02"

"dbl8"="0"

"dbl2"="0.14029969163239"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cottonstar\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\cottonstar\PreShiftInfo\1]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384.000015258789"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="31"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\dandelionaid\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="26"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-3.73287154336082E-02"

"dbl8"="0"

"dbl2"="0.229520554002374"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\dandelionaid\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="1"

"dbl4"="16"

"dbl5"="0.7027070033364"

"dbl6"="0"

"dbl7"="100"

"dbl1"="82"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\dandelionaid\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="479"

"dbl4"="16"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="30"

"dbl8"="0"

"dbl2"="75"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\DrowningFlower\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="2.18924530784406E-02"

"dbl4"="2"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="7.52317880000919"

"dbl8"="0"

"dbl2"="7.04214565301892E-03"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\DrowningFlower\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="428"

"dbl4"="11"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="39"

"dbl8"="0"

"dbl2"="134"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\DrowningFlower\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="7"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="7"

"dbl8"="0"

"dbl2"="16"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\EletriArnation\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="22"

"dbl4"="1"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-2.70867035103843E-02"

"dbl8"="0"

"dbl2"="4.15936765260994E-02"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\EletriArnation\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="8"

"dbl5"="1.10129399597645"

"dbl6"="1"

"dbl7"="100"

"dbl1"="9"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\EletriArnation\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="666"

"dbl4"="19"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="101"

"dbl8"="0"

"dbl2"="222"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\eventhorizon\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="5.58488731732879E-04"

"dbl4"="1"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="7.69203772087771"

"dbl8"="0"

"dbl2"="0.130502610039042"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\eventhorizon\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="24"

"dbl8"="0"

"dbl2"="2"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\eventhorizon\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="159"

"dbl8"="0"

"dbl2"="59"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Geeks Kick ASCII\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="6.62862035078735E-03"

"dbl4"="3"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0.943723866716027"

"dbl8"="0"

"dbl2"="6.01674404976449E-02"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Geeks Kick ASCII\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="8"

"dbl5"="1.40663168299943"

"dbl6"="0"

"dbl7"="100"

"dbl1"="76"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Geeks Kick ASCII\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="9.7891174793886E-03"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\gemstone matrix\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0.100997955165803"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\gemstone matrix\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="32"

"dbl5"="0.727060773875564"

"dbl6"="0"

"dbl7"="100"

"dbl1"="68"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\GrooveSwirl\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.017259743275266"

"dbl4"="1"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="3.65889461524785"

"dbl8"="0"

"dbl2"="2.47361957587322E-03"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\GrooveSwirl\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.59098332811329"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\GrooveSwirl\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\illuminator\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="2.81029697969998E-02"

"dbl8"="0"

"dbl2"="0.38616901114583"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\illuminator\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.292255938366291"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="2"

"dbl8"="0"

"dbl2"="2"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\illuminator\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="41"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\ISeeTheTruth\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="6.62862035078735E-03"

"dbl4"="3"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0.943723866716027"

"dbl8"="0"

"dbl2"="6.01674404976449E-02"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\ISeeTheTruth\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="1205"

"dbl4"="18"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="70"

"dbl8"="0"

"dbl2"="200"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\kaleidoscope\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-4.97924748777222E-02"

"dbl8"="0"

"dbl2"="0.209820856153965"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\kaleidoscope\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.453448607971712"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1"

"dbl8"="0"

"dbl2"="2"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\kaleidoscope\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384.000015258789"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="33"

"dbl8"="0"

"dbl2"="5"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\khemicalnova\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="2"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-3.90469075411097E-02"

"dbl8"="0"

"dbl2"="0.169341105222702"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\khemicalnova\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.437554567619842"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\khemicalnova\PostShiftInfo\1]

@DACL=(02 0000)

"dbl3"="0.616034439222392"

"dbl4"="14"

"dbl5"="0"

"dbl6"="0"

"dbl7"="100"

"dbl1"="84"

"dbl8"="0"

"dbl2"="0.761241512943963"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\khemicalnova\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Lotus\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="30"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1.04510636694888E-02"

"dbl8"="0"

"dbl2"="1.36875514872372E-02"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Lotus\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384.000015258789"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="30"

"dbl8"="0"

"dbl2"="6"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Lotus\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="55"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Nerds Are Cool\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="2.58461260362882E-02"

"dbl4"="2"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="5.93462934624404"

"dbl8"="0"

"dbl2"="0.106945695965418"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Nerds Are Cool\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="736"

"dbl4"="19"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="37"

"dbl8"="0"

"dbl2"="166"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Nerds Are Cool\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="8"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="11"

"dbl8"="0"

"dbl2"="2.27790163780411E-02"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="45"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="6"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="4"

"dbl8"="0"

"dbl2"="14"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\relativelycalm\PreShiftInfo\1]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="4"

"dbl5"="1.07506333782809"

"dbl6"="0"

"dbl7"="0"

"dbl1"="92"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\sleepyspray\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-1"

"dbl8"="0"

"dbl2"="-3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\sleepyspray\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384.000015258789"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="45"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Smoke or Water\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="-5"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-4.40031135492491E-02"

"dbl8"="0"

"dbl2"="5"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\Smoke or Water\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="1"

"dbl4"="32"

"dbl5"="0.727060773875564"

"dbl6"="0"

"dbl7"="100"

"dbl1"="88"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\SpidersLastMoment\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="2.58461260362882E-02"

"dbl4"="2"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="5.93462934624404"

"dbl8"="0"

"dbl2"="0.106945695965418"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\SpidersLastMoment\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="32"

"dbl5"="0.727060773875564"

"dbl6"="1"

"dbl7"="100"

"dbl1"="88"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\strawberryaid\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-3.70937228953403E-02"

"dbl8"="0"

"dbl2"="0.142158268990143"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\strawberryaid\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.584977285713585"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="1"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\strawberryaid\PostShiftInfo\1]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="8"

"dbl5"="1.19339885832127"

"dbl6"="0"

"dbl7"="0"

"dbl1"="94"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\strawberryaid\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="8.06421126438045E-02"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\the world\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="2.15704828190601E-02"

"dbl4"="1"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-0.348063600573748"

"dbl8"="0"

"dbl2"="0.130804621736227"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\the world\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="214"

"dbl8"="0"

"dbl2"="106"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\the world\PreShiftInfo\1]

@DACL=(02 0000)

"dbl3"="0.522280057354732"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="0"

"dbl8"="0"

"dbl2"="2"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\the world\PreShiftInfo\2]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="46"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\tornado\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="-10"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="2.51609854424147E-02"

"dbl8"="0"

"dbl2"="0"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\tornado\PreShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0.489063709912248"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="3"

"dbl8"="0"

"dbl2"="1"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\what is an egab\CurrentShiftInfo\0]

@DACL=(02 0000)

"dbl3"="-4"

"dbl4"="0"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="-4.80376605583379E-02"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\what is an egab\PostShiftInfo\0]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="9"

"dbl5"="1.40663168299943"

"dbl6"="0"

"dbl7"="100"

"dbl1"="75"

"dbl8"="0"

"dbl2"="3"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery\Presets\what is an egab\PostShiftInfo\1]

@DACL=(02 0000)

"dbl3"="0"

"dbl4"="384.000015258789"

"dbl5"="0"

"dbl6"="0"

"dbl7"="0"

"dbl1"="38"

"dbl8"="0"

"dbl2"="0"

.

Sluttid: 2009-10-13 9:24

ComboFix-quarantined-files.txt 2009-10-13 07:24

ComboFix2.txt 2009-10-12 21:56

ComboFix3.txt 2009-10-12 18:52

ComboFix4.txt 2009-10-12 15:17

 

Före genomsökningen: 85 092 073 472 byte ledigt

Efter genomsökningen: 85 029 265 408 byte ledigt

 

913

[/log]

 

[Laston]

Hej! Det går framåt ser jag,det var bra!

Har du sett till att slå på windows brandvägg så att du har nån brandvägg aktiverad nu när du inte har nån annan installerad,jag rekommenderar även att du går igenom alla godkännanden som har gjorts i den brandväggen för vad det ser ut som i Combologgan så är den ganska vidöppen nu!!

Mvh Laston

 

[Koj Oi]

Ja, tack. Nåt mer?

 

[Laston]

Ja det kan vara en god ide att besöka windows update o hämta hem uppdateringar till ditt vista,du har ju varken sp1 eller sp2 installerat i datorn!!

Mvh Laston

 

[Koj Oi]

Tack så mycket för all hjälp!

 

[Laston]

För att avinstallera combofix så använder du detta verktyg![log]Nedanstående verktyg har förmågan att kunna ta bort/deleta filer/mappar/genvägar från de fix-program som vi har använt oss av (Dock ej TM HJT).

 

Skriv ut eller kopiera nedanstående till ett textdokument och spara det till skrivbordet:

Läs/Följ Instruktionerna noga:

 

Hämta hem avinstallationsprogrammet OTCleanIt:

 

http://oldtimer.geekstogo.com/OTC.exe

 

1: Spara ner den till skrivbordet

2: Starta programmet/verktyget genom att dubbelklicka på OTCleanIt.exe

 

3: Klicka på CleanUp! knappen.

4: Om du får varningar från dina skyddsprogram så ge OTCleanIt tillåtelse att få tillgång till Internet.

5: De olika fix-program som du har laddat ner kommer att avinstalleras, inkl. detta program, efter en omstart av datorn.[/log]Och jag rekommenderar att du aktiverar systemåterställningen igen om du har stängt av den för jag såg i dds loggan att du inte hade några återställningspunkter!

 

Edit:Systemåterställningsfunktionen slår man av och på här:

Högerklick på Den här datorn - Egenskaper - Systemåterställning

 

[inlägget ändrat 2009-10-13 11:45:57 av Laston]

[Malou_031]

Hej Koj Oi!

 

Ser att du har fått god hjälp av Laston

 

Nu undrar jag *ler*

Hur går det för dig gällande säkerhetsuppdateringar m.m?

Hur mår datorn nu?

Kvarstår där några problem?

 

//Malou

 

 

*************************

Dator & IT-Säkerhet:

http://www.saswsupport.se/

 

Member Of ASAP Alliance of Security Analysis Professionals

http://asap.maddoktor2.com/