Stdrt.exe?

[Ahistish]

Hej, Jo det är så att jag har en process som heter stdrt.exe på datorn som tar upp all CPU. Jag kan inte göra så mycket annat på datorn nu eftersom att det laggar någon fasligt, så nu undrar jag, Kan jag stänga ner processen utan att något händer eller/hur får jag bort det? /Ahistish

[Cecilia]

Ett filnamn säger ju tyvärr inte så mycket om vad det programmet gör. Vi kan se om DDS visar något mer. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

[Ahistish]

[log] DDS (Ver_10-03-17.01) - NTFSx86 Run by Hemdatorn at 17:13:51,34 on 2010-03-29 Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3069.1685 [GMT 2:00] SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Acer\Empowering Technology\eAudio\eAudio.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Windows\PLFSetI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Users\HEMDAT~1\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\TEMP\mrt4558.tmp\stdrt.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe C:\Windows\System32\mobsync.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Users\Hemdatorn\Desktop\dds.scr C:\Windows\system32\conime.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.msn.se/ uWindow Title = Internet Explorer mStart Page = hxxp://sv.intl.acer.yahoo.com mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [AdobeBridge] uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe" mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe" mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe mRun: [PLFSetI] c:\windows\PLFSetI.exe mRun: [eRecoveryService] mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime StartupFolder: c:\users\hemdat~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\skrmur~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll ================= FIREFOX =================== FF - ProfilePath - c:\users\hemdat~1\appdata\roaming\mozilla\firefox\profiles\zwp2n5rv.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll FF - component: c:\users\hemdatorn\appdata\roaming\mozilla\firefox\profiles\zwp2n5rv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\sony\media go\npmediago.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B"); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100326.001\IDSvix86.sys [2010-3-26 343088] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-9-12 41456] R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-3-18 90112] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-4-18 179712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-1 102448] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-2 48688] R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-4-18 43008] S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe [2010-3-27 667650] S2 gupdate1c9d22aa4ffb290;Tjänsten Google Update (gupdate1c9d22aa4ffb290);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2008-9-12 49904] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-9-5 1527900] S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-3-4 13224] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-3-18 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-3-18 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-3-18 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-3-18 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-3-18 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-3-18 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-3-18 109736] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-4 27632] S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568] ============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2010-03-28 20:35:18 0 ----a-w- c:\users\hemdatorn\jagex__preferences3.dat 2010-03-28 15:54:00 802 ----a-w- c:\windows\system\latest.dat 2010-03-28 15:53:58 124 ----a-w- c:\windows\system\update.dat 2010-03-27 12:31:25 802 ----a-w- c:\windows\system\tubelist.dat 2010-03-27 00:00:15 667650 ----a-w- c:\windows\system\regsrv.exe 2010-03-26 23:44:54 0 d-----w- c:\program files\ASIO4ALL v2 2010-03-26 23:44:30 225280 ----a-w- c:\windows\system32\rewire.dll 2010-03-26 23:43:34 1554944 ----a-w- c:\windows\system32\vorbis.acm 2010-03-26 23:42:40 0 d-----w- c:\program files\VstPlugins 2010-03-26 23:42:29 0 d-----w- c:\program files\Outsim 2010-03-26 23:39:00 0 d-----w- c:\program files\Image-Line 2010-03-24 19:12:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-23 16:33:02 0 d-----w- c:\program files\Last.fm 2010-03-20 00:45:21 0 d-----w- c:\users\hemdatorn\Podcasts 2010-03-20 00:44:55 0 d-----w- c:\program files\common files\Sony Shared 2010-03-20 00:44:22 0 d-----w- c:\programdata\Sony Corporation 2010-03-20 00:44:22 0 d-----w- c:\program files\Sony 2010-03-20 00:42:58 0 d-----w- c:\programdata\Apple Computer 2010-03-20 00:41:38 0 d-----w- c:\programdata\Apple 2010-03-20 00:40:27 0 d-----w- c:\program files\Sony Setup 2010-03-18 10:28:26 0 d-----w- c:\programdata\BVRP Software 2010-03-18 10:26:21 0 d-----w- c:\users\hemdatorn\{af17d60b-1fe0-458a-a67a-80a6443183dd} 2010-03-18 10:26:05 0 d-----w- c:\users\hemdatorn\{c3bfd8d0-b3b5-482c-8c21-fc066b779ee5} 2010-03-18 10:22:55 148736 ----a-w- c:\programdata\hpe9E80.dll 2010-03-18 10:22:52 26024 ----a-w- c:\windows\system32\drivers\s0017nd5.sys 2010-03-18 10:22:52 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys 2010-03-18 10:22:52 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys 2010-03-18 10:22:52 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys 2010-03-18 10:22:52 114600 ----a-w- c:\windows\system32\drivers\s0017mdm.sys 2010-03-18 10:22:52 109736 ----a-w- c:\windows\system32\drivers\s0017unic.sys 2010-03-18 10:22:52 108328 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys 2010-03-18 10:22:52 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys 2010-03-18 10:22:52 104616 ----a-w- c:\windows\system32\drivers\s0017obex.sys 2010-03-18 10:22:51 86824 ----a-w- c:\windows\system32\drivers\s0017bus.sys 2010-03-18 10:22:51 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys 2010-03-18 10:22:51 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys 2010-03-18 10:22:39 0 d-----w- c:\programdata\Sony Ericsson 2010-03-14 23:27:19 0 d-----w- c:\users\hemdatorn\Ny mapp 2010-03-10 21:52:39 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-10 21:52:33 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-10 21:52:31 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-08 12:49:27 0 d-----w- c:\programdata\Age of Empires 3 2010-03-08 11:31:47 0 d-----w- c:\program files\common files\Microsoft Games 2010-03-08 11:11:55 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-03-06 17:59:46 0 d-----w- c:\users\hemdatorn\Earshot - Two 2010-03-06 17:58:59 0 d-----w- c:\users\hemdatorn\Machinae Supremacy - 2006 - Redeemer 2010-03-06 07:26:40 0 d-----w- c:\users\hemdatorn\Buffy Se-7 2010-03-04 19:08:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2010-03-04 18:57:38 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2010-03-04 18:57:37 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2010-03-04 18:57:37 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2010-03-04 18:57:37 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-03-04 18:57:03 0 d-----w- c:\program files\Sony Ericsson 2010-03-02 21:48:46 0 d-----w- c:\users\hemdatorn\Luftslottet.Som.Sprangdes.2009.SWEDiSH.DVDRip.XviD[www.TankaFett.com]-Crispo 2010-02-28 19:14:40 0 d-----w- c:\users\hemdatorn\Buffy Se-6 2010-02-27 22:32:19 0 d-----w- c:\users\hemdatorn\Percy.Tårar.S01.SWEDISH.DVDRip.Xvid-Sabelma ==================== Find3M ==================== 2010-03-29 14:35:05 597836 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-29 14:35:05 117416 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-28 20:37:11 69 ----a-w- c:\users\hemdatorn\jagex_runescape_preferences2.dat 2010-03-28 20:37:03 41 ----a-w- c:\users\hemdatorn\jagex_runescape_preferences.dat 2010-03-28 19:38:16 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-03-28 19:37:22 215128 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-03-20 00:20:18 86016 ----a-w- c:\windows\inf\infpub.dat 2010-03-20 00:20:18 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-03-20 00:20:18 143360 ----a-w- c:\windows\inf\infstor.dat 2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-01 04:23:50 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 06:20:20 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat 2008-01-21 06:20:20 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat 2008-01-21 06:20:20 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat 2008-01-21 06:20:20 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-10-25 13:38:06 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat 2009-10-14 23:08:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat ============= FINISH: 17:15:07,63 =============== [/log]

Attach.txt

[Cecilia]

Ladda ner Malwarebytes Anti-Malware (MBAM) från:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Kör DDS och klistra in DDS-loggen igen.

Använd INTE någon knapp när du klistrar in loggar för loggen i ditt förra inlägg är oläslig.

[Ahistish]

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Database version: 3933

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

 

2010-03-31 23:21:34

mbam-log-2010-03-31 (23-21-34).txt

 

Scan type: Quick scan

Objects scanned: 115141

Time elapsed: 9 minute(s), 2 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Hemdatorn at 23:32:32,98 on 2010-03-31

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3069.1690 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\TEMP\mrt973F.tmp\stdrt.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

C:\Windows\System32\rundll32.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\PLFSetI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\HEMDAT~1\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

C:\Windows\system32\IoctlSvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Windows\System32\svchost.exe -k wdisvc

C:\Windows\servicing\TrustedInstaller.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Hemdatorn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BB4SN66Z\dds[1].scr

C:\Windows\system32\conime.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.msn.se/

uWindow Title = Internet Explorer

mStart Page = hxxp://sv.intl.acer.yahoo.com

mDefault_Page_URL = hxxp://sv.intl.acer.yahoo.com

uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll

TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [AdobeBridge]

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [PLFSet] rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe

mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE

mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"

mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe

mRun: [PLFSetI] c:\windows\PLFSetI.exe

mRun: [eRecoveryService]

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

StartupFolder: c:\users\hemdat~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\skrmur~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\hemdat~1\appdata\roaming\mozilla\firefox\profiles\zwp2n5rv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\users\hemdatorn\appdata\roaming\mozilla\firefox\profiles\zwp2n5rv.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\sony\media go\npmediago.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100326.001\IDSvix86.sys [2010-3-26 343088]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-9-12 41456]

R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-3-18 90112]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-1 102448]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-2 48688]

R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-4-18 43008]

S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe [2010-3-27 667650]

S2 gupdate1c9d22aa4ffb290;Tjänsten Google Update (gupdate1c9d22aa4ffb290);c:\program files\google\update\GoogleUpdate.exe [2009-5-11 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-4-18 179712]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5.SYS [2008-9-12 49904]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-9-5 1527900]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-3-4 13224]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-3-18 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-3-18 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-3-18 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-3-18 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-3-18 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-3-18 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-3-18 109736]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-3-4 27632]

S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2009-10-29 1074568]

 

=============== Created Last 30 ================

 

2010-03-30 16:59:08 0 d-----w- c:\programdata\Sun

2010-03-30 16:44:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-30 16:44:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-30 16:44:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-28 20:35:18 0 ----a-w- c:\users\hemdatorn\jagex__preferences3.dat

2010-03-28 15:54:00 287958 ----a-w- c:\windows\system\latest.dat

2010-03-28 15:53:58 124 ----a-w- c:\windows\system\update.dat

2010-03-27 12:31:25 802 ----a-w- c:\windows\system\tubelist.dat

2010-03-27 00:00:15 667650 ----a-w- c:\windows\system\regsrv.exe

2010-03-26 23:44:54 0 d-----w- c:\program files\ASIO4ALL v2

2010-03-26 23:44:30 225280 ----a-w- c:\windows\system32\rewire.dll

2010-03-26 23:43:34 1554944 ----a-w- c:\windows\system32\vorbis.acm

2010-03-26 23:42:40 0 d-----w- c:\program files\VstPlugins

2010-03-26 23:42:29 0 d-----w- c:\program files\Outsim

2010-03-26 23:39:00 0 d-----w- c:\program files\Image-Line

2010-03-24 19:12:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-23 16:33:02 0 d-----w- c:\program files\Last.fm

2010-03-20 00:45:21 0 d-----w- c:\users\hemdatorn\Podcasts

2010-03-20 00:44:55 0 d-----w- c:\program files\common files\Sony Shared

2010-03-20 00:44:22 0 d-----w- c:\programdata\Sony Corporation

2010-03-20 00:44:22 0 d-----w- c:\program files\Sony

2010-03-20 00:42:58 0 d-----w- c:\programdata\Apple Computer

2010-03-20 00:41:38 0 d-----w- c:\programdata\Apple

2010-03-20 00:40:27 0 d-----w- c:\program files\Sony Setup

2010-03-18 10:28:26 0 d-----w- c:\programdata\BVRP Software

2010-03-18 10:26:21 0 d-----w- c:\users\hemdatorn\{af17d60b-1fe0-458a-a67a-80a6443183dd}

2010-03-18 10:26:05 0 d-----w- c:\users\hemdatorn\{c3bfd8d0-b3b5-482c-8c21-fc066b779ee5}

2010-03-18 10:22:55 148736 ----a-w- c:\programdata\hpe9E80.dll

2010-03-18 10:22:52 26024 ----a-w- c:\windows\system32\drivers\s0017nd5.sys

2010-03-18 10:22:52 15016 ----a-w- c:\windows\system32\drivers\s0017mdfl.sys

2010-03-18 10:22:52 12200 ----a-w- c:\windows\system32\drivers\s0017whnt.sys

2010-03-18 10:22:52 12200 ----a-w- c:\windows\system32\drivers\s0017wh.sys

2010-03-18 10:22:52 114600 ----a-w- c:\windows\system32\drivers\s0017mdm.sys

2010-03-18 10:22:52 109736 ----a-w- c:\windows\system32\drivers\s0017unic.sys

2010-03-18 10:22:52 108328 ----a-w- c:\windows\system32\drivers\s0017mgmt.sys

2010-03-18 10:22:52 10792 ----a-w- c:\windows\system32\drivers\s0017cr.sys

2010-03-18 10:22:52 104616 ----a-w- c:\windows\system32\drivers\s0017obex.sys

2010-03-18 10:22:51 86824 ----a-w- c:\windows\system32\drivers\s0017bus.sys

2010-03-18 10:22:51 12200 ----a-w- c:\windows\system32\drivers\s0017cmnt.sys

2010-03-18 10:22:51 12200 ----a-w- c:\windows\system32\drivers\s0017cm.sys

2010-03-18 10:22:39 0 d-----w- c:\programdata\Sony Ericsson

2010-03-14 23:27:19 0 d-----w- c:\users\hemdatorn\Ny mapp

2010-03-10 21:52:39 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-10 21:52:33 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-10 21:52:31 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-03-08 12:49:27 0 d-----w- c:\programdata\Age of Empires 3

2010-03-08 11:31:47 0 d-----w- c:\program files\common files\Microsoft Games

2010-03-08 11:11:55 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2010-03-06 17:59:46 0 d-----w- c:\users\hemdatorn\Earshot - Two

2010-03-06 17:58:59 0 d-----w- c:\users\hemdatorn\Machinae Supremacy - 2006 - Redeemer

2010-03-06 07:26:40 0 d-----w- c:\users\hemdatorn\Buffy Se-7

2010-03-04 19:08:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf

2010-03-04 18:57:38 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys

2010-03-04 18:57:37 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2010-03-04 18:57:37 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys

2010-03-04 18:57:37 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-03-04 18:57:03 0 d-----w- c:\program files\Sony Ericsson

2010-03-02 21:48:46 0 d-----w- c:\users\hemdatorn\Luftslottet.Som.Sprangdes.2009.SWEDiSH.DVDRip.XviD[www.TankaFett.com]-Crispo

 

==================== Find3M ====================

 

2010-03-31 21:32:24 597836 ----a-w- c:\windows\system32\perfh01D.dat

2010-03-31 21:32:24 117416 ----a-w- c:\windows\system32\perfc01D.dat

2010-03-30 19:48:09 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-03-30 19:48:00 215128 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-03-28 20:37:11 69 ----a-w- c:\users\hemdatorn\jagex_runescape_preferences2.dat

2010-03-28 20:37:03 41 ----a-w- c:\users\hemdatorn\jagex_runescape_preferences.dat

2010-03-20 00:20:18 86016 ----a-w- c:\windows\inf\infpub.dat

2010-03-20 00:20:18 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-03-20 00:20:18 143360 ----a-w- c:\windows\inf\infstor.dat

2010-03-09 02:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-11-01 04:23:50 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 06:20:20 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-01-21 06:20:20 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-01-21 06:20:20 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-01-21 06:20:20 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-10-25 13:38:06 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-14 23:08:58 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 23:33:58,87 ===============

 

 

 

[Cecilia]

Winamps Toolbar verkar vara tveksam att ha:

http://www.systemlookup.com/CLSID/47078-winamptb_dll.html

 

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) eller en länk till resultatet här. Upprepa med nästa filnamn.

C:\Windows\TEMP\mrt973F.tmp\stdrt.exe

c:\windows\system\latest.dat

c:\windows\system\update.dat

c:\windows\system\tubelist.dat

c:\windows\system\regsrv.exe

 

Jag reser iväg torsdag em.

 

PS. Men jag tror inte att det är något skadligt med tanke på vad som står under Vendor... på http://spywarefiles.prevx.com/RRDEIC15924143/STDRT.EXE.html och i svaret på den här sidan http://www.bleepingcomputer.com/forums/topic305576.html

[Ahistish]

Om du fortfarande är där Cecilia, Den kanske inte är skadlig, Men den spelar upp från slumpmässiga radiokanaler världen över, irriterande. Men om jag tar bort processen så försvinner det, Men varenda gång jag startar upp datorn kommer det tillbaka. Antagligen så finns det ett Rootkit någonstans, Men jag antog att det var just det som MBAM tog bort. Knepigt det här. Aja. Trevlig resa.

 

Och förresten, Vissa av de andra filerna du nämnde var faktiskt virus. Men jag kan inte ta bort dem, hur gör jag?

[Cecilia]

MBAM justerade bara till en registerpost.

 

2010-03-27 00:00:15 667650 ----a-w- c:\windows\system\regsrv.exe

Kan den tidpunkten stämma med när det kom in i datorn?

För jag hittar kopplingar mellan regsrv.exe och stdrt.exe.

 

Det är en liten stund efter att detta kom in:

2010-03-26 23:44:54 0 d-----w- c:\program files\ASIO4ALL v2

2010-03-26 23:44:30 225280 ----a-w- c:\windows\system32\rewire.dll

2010-03-26 23:43:34 1554944 ----a-w- c:\windows\system32\vorbis.acm

2010-03-26 23:42:40 0 d-----w- c:\program files\VstPlugins

2010-03-26 23:42:29 0 d-----w- c:\program files\Outsim

2010-03-26 23:39:00 0 d-----w- c:\program files\Image-Line

Vet du vad det är för program? Är något av det illegalt nedladdat?

[Ahistish]

Jo det kan nog vara något sådant, Min syster brukar göra musik på datorn och hon hade tydligen laddat ner "Fruity Loops" Antar att det där är något sorts extra tilllägg. Kan tyvärr inte skälla ut henne nu.

 

 

[Cecilia]

Det är ju bra att du troligen har kommit fram till en orsak i alla fall

 

Och förresten, Vissa av de andra filerna du nämnde var faktiskt virus. Men jag kan inte ta bort dem, hur gör jag?

Kan du klistra in länkar till resultaten på virustotal? Jag hinner nog kolla på det under fm.

[Ahistish]

Hah. Mja, då kanske jag äntligen kan få ett slut på den här mardrömmen.

http://www.virustotal.com/sv/analisis/1d63ae95a6cd0e992a2973feb3135affa767b59a50d50306febe85233f909442-1269226172

 

det var regsrv som var problemet, Det är även den länken. Hette inte dock inte 4days.exe. Nu startade den jävla musiken igen. Hur får jag bort filerna? Och måste jag avinstallera fruity loops?

 

 

[Cecilia]

Okej, BadJoke verkar du inte vara något allvarligt i alla fall.

 

Det är alltid riskfyllt med illegala program.

 

Jag vet inte men du skulle kunna se om det hjälper att i

Start - Kör - msconfig - Autostart

bocka av de två rader som liknanr dessa två.

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETAUDIO.EXE

StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\SETRES.EXE

Om det inte medför någon förändring efter en omstart av datorn så sätt tillbaks bockarna.

 

Om inget annat hjälper så se om det går bra att byta namn på regsrv-filen t ex till regsrv.bad.exe. Om något program klagar på att regsrv inte finns så vet du i alla fall vilket program det är som använder den filen.

[Ahistish]

Nej men irriterande^^

 

Tack som fan Cecilia, Ska se om det funkar nu. Ändrade namnet på regsrv filen och ändrade det där för autostart. Ska se om det funkar nu. annars tar jag bort programmet via felsäkert läge, Det har jag inte testat. Tack än en gång^^ Ciao!

 

 

[Cecilia]

Hur har det gått?

[Ahistish]

Har faktiskt inte märkt något mer, gjorde som du sa, och tog sedan bort den i felsäkert läge. Har inte varit något mer bråk med virus sen du senast hjälpte till

 

Bara gamla vanliga tracking-cookies, Men norton är ju som det är.

[Cecilia]

Så bra!

 

Här kan du läsa mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

http://sites.google.com/site/ceblstockholm/home