Dartorn har blivit SÅ långsam!

[En_för_alla_för_en]

HEJ till alla!

Ja jag vet att det finns redan trådar som min men jag kunde inte få nytta av dem, så jag tänkte öppna en ny!

Problemet är att min dator har blivit så långsam att den tom. laggar när jag försöker öppna en mapp. Jag laddade ner några grejer för några dagar sen och misstänker att det kan bero på det. Har försökt med Superantispyware men problemet är fortfarande kvar!

Sälla hjälp!

[Zipp.]

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp och skicka hit

[En_för_alla_för_en]

Här är det!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:54:17, on 2010-04-03

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Wnifia.exe

C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Lexmark 2600 Series\ezprint.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Emotum\Mobile Broadband\Mobile.exe

C:\Users\Just4you\AppData\Local\Temp\Wtq.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\conime.exe

C:\Users\Just4you\AppData\Local\Temp\Wts.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\ctfmon.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=91&bd=Pavilion&pf=cnnb'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=91&bd=Pavilion&pf=cnnb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2233703

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=sv_se&c=91&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{FCD37C1E-9386-409C-BAD9-4FA44B2CEC1F}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll

R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGos1.dll

R3 - URLSearchHook: swedish.ilsc Toolbar - {bc355688-39a0-4c1b-826a-892ce39e0801} - C:\Program Files\swedish.ilsc\tbswe1.dll

R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll

R3 - URLSearchHook: goonlinetv Toolbar - {8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - C:\Program Files\goonlinetv\tbgoo1.dll

R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O1 - Hosts: ::1 localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll

O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGos1.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL

O2 - BHO: ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: goonlinetv Toolbar - {8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - C:\Program Files\goonlinetv\tbgoo1.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: swedish.ilsc Toolbar - {bc355688-39a0-4c1b-826a-892ce39e0801} - C:\Program Files\swedish.ilsc\tbswe1.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll

O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HypreCam Toolbar\tbcore3.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: ToggleSW Toolbar - {6dabbda0-1da5-4a2f-bc89-2ae084c572fa} - C:\Program Files\ToggleSW\tbTogg.dll

O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGos1.dll

O3 - Toolbar: swedish.ilsc Toolbar - {bc355688-39a0-4c1b-826a-892ce39e0801} - C:\Program Files\swedish.ilsc\tbswe1.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll

O3 - Toolbar: goonlinetv Toolbar - {8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - C:\Program Files\goonlinetv\tbgoo1.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: IE2Aml - {2564A650-39E8-11DA-9EEF-A60DC4EDC02C} - C:\Program Files\Aml Pages\Plugins\IE2Aml.DLL

O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sha.dll

O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll

O3 - Toolbar: HypreCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HypreCam Toolbar\tbcore3.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [ctra] c:\windows\cmxint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2600 Series\ezprint.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [OIWN Agent] C:\Windows\system32\28463\OIWN.exe

O4 - HKLM\..\Run: [DRPU PC Data Manager(Basic)] "C:\Program Files\DRPU PC Data Manager(Basic)\pcdm.exe" "hd"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Emotum Mobile Broadband] C:\Program Files\Emotum\Mobile Broadband\Mobile.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Just4you\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Form1] C:\Users\Just4you\Desktop\facebookhack.exe

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Just4you\AppData\Local\Temp\Wts.exe

O4 - HKCU\..\Run: [WEK9EMDHI9] C:\Users\Just4you\AppData\Local\Temp\Wtq.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NÄTVERKSTJÄNST')

O4 - Startup: Skärmurklipp och start för OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &AOL Verktygsfalt Sök - C:\ProgramData\AOL\ieToolbar\resources\sv-SE\local\search.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GtDetectSc Service (GTDetectSc) - OptionNV - C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe

O23 - Service: Tjänsten Google Update (gupdate1ca2edd43a4c20) (gupdate1ca2edd43a4c20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

 

--

End of file - 16802 bytes

[Zipp.]

Avinstallera via Kontrollpanelen om hittas

 

ToggleSW Toolbar

Gossiper Toolbar

swedish.ilsc Toolbar

ToggleEN Toolbar

goonlinetv Toolbar

4shared.com Toolbar

DVDVideoSoft Toolbar

SMTTB2009

HypreCam Toolbar

 

Ladda ner Malwarebytes Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

Dubbelklicka på mbam-setup.exe för att installera programmet.

Bocka för:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Tryck på Finish

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Perform Quick Scan och tryck på Scan.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan Show Results.

Bocka för allt och tryck sedan Remove Selected.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte är öppen i Anteckningar så hittar du loggen på Logs-fliken i MBAM.

Kopiera loggen och klistra in den i ditt svar

[En_för_alla_för_en]

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Databasversion: 3952

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

 

2010-04-04 13:17:16

mbam-log-2010-04-04 (13-17-16).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 110960

Förfluten tid: 16 minut(er), 41 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 3

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

 

Här är resultatet!

Tack så mycket!

[Zipp.]

Spara ComboFix genom att högerklicka på länken och välja spara:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

När det kommer upp var du vill spara filen så välj Skrivbordet

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingc...opic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[En_för_alla_för_en]

Jag använder mobilt bredband, så USB är ganska nödvändigt för mig!

hur blir det nu då?

[Zipp.]

Gör en rootkit scan med Gmer och posta loggen

 

http://www.gmer.net/

[En_för_alla_för_en]

Försökte köra Gmer 3 gånger men datorn fick blå skärm varje gång mitt i skanningen!

Vad händer? Internet Explorer popar ut med reklamer, datorn är seg och jag får blå skärm nästan varje dag!

Går inte att köra Gmer!det går men datorn får blå skärm mitt i skanningen!

Jag tror jag får panik snart!

[Zipp.]

Ladda du ner slumpmässigt namngiven Gmer från sidan = Download EXE

om inte så testa den

[En_för_alla_för_en]

Ladda du ner slumpmässigt namngiven Gmer från sidan = Download EXE

om inte så testa den

 

Det går inte att köra Gmer!

det börjar skanna men senare så stängs den ner.

[Zipp.]

Testa detta ladda ner till Skrivbordet och kör

 

http://download.norman.no/public/Norman_TDSS_Cleaner.exe

[En_för_alla_för_en]

Running anti-TDSS module:

 

No TDSS infection detected

 

TDSS scan complete. Will now scan for related malware

 

Scanning bootsectors...

 

Number of sectors found: 1

Number of sectors scanned: 1

Number of sectors not scanned: 0

Number of infections found: 0

Number of infections removed: 0

Total scanning time: 0s 16ms

 

 

Scanning running processes and process memory...

 

Number of processes/threads found: 6827

Number of processes/threads scanned: 6827

Number of processes/threads not scanned: 0

Number of infected processes/threads terminated: 0

Total scanning time: 2m 8s

 

 

Scanning file system...

 

Scanning: prescan

 

Scanning: C:\Windows\system32\drivers\*

 

Hela scanningen gick felfritt.

 

 

 

Scanning: postscan

 

 

Running post-scan cleanup routine:

Set TCP/IP autotuning to "normal" (or it was already "normal")

 

Number of files found: 707

Number of archives unpacked: 0

Number of files scanned: 707

Number of files not scanned: 0

Number of files skipped due to exclude list: 0

Number of infected files found: 0

Number of infected files repaired/deleted: 0

Number of infections removed: 0

Total scanning time: 32s

[Zipp.]

Scanna filen i länken och kopiera resultat och skicka den

 

C:\Windows\Wnifia.exe

 

http://www.virustotal.com/

[En_för_alla_för_en]

Fil Wnifia.exe mottagen 2010.04.04 16:32:37 (UTC)

Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

Resultat: 18/42 (42.86%)

Laddar server information...

Din fil är köad i position: ___.

Uppskattat starttid är mellan ___ och ___ .

Stäng inte ner detta fönster förens sökningen är genomförd.

Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

Din fil blir genomsökt av VirusTotal för tillfället,

resultat kommer att visas när de är klara.

Compact Compact

Skriv ut resultat Skriv ut resultat

Din fil har upphört eller existerar inte.

Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka "begär" så kommer systemet att skicka dig ett email när sökningen är genomförd.

Email:

 

Antivirus Version Senaste Uppdatering Resultat

a-squared 4.5.0.50 2010.04.04 -

AhnLab-V3 5.0.0.2 2010.04.03 Win-Trojan/Fakeav.172544.E

AntiVir 7.10.6.24 2010.04.03 -

Antiy-AVL 2.0.3.7 2010.04.02 -

Authentium 5.2.0.5 2010.04.04 W32/FakeAlert.FT.gen!Eldorado

Avast 4.8.1351.0 2010.04.04 Win32:Rootkit-gen

Avast5 5.0.332.0 2010.04.04 Win32:Rootkit-gen

AVG 9.0.0.787 2010.04.04 Downloader.Generic9.BMMH

BitDefender 7.2 2010.04.04 -

CAT-QuickHeal 10.00 2010.04.03 -

ClamAV 0.96.0.0-git 2010.04.03 -

Comodo 4498 2010.04.04 -

DrWeb 5.0.2.03300 2010.04.04 Trojan.DownLoader1.4092

eSafe 7.0.17.0 2010.04.01 -

eTrust-Vet None 2010.04.02 -

F-Prot 4.5.1.85 2010.04.04 W32/FakeAlert.FT.gen!Eldorado

F-Secure 9.0.15370.0 2010.04.03 Suspicious:W32/Malware!Gemini

Fortinet 4.0.14.0 2010.04.04 -

GData 19 2010.04.04 Win32:Rootkit-gen

Ikarus T3.1.1.80.0 2010.04.04 -

Jiangmin 13.0.900 2010.04.04 -

K7AntiVirus 7.10.1004 2010.03.22 -

Kaspersky 7.0.0.125 2010.04.04 -

McAfee 5937 2010.03.31 Downloader-CEW

McAfee+Artemis 5937 2010.03.31 Downloader-CEW

McAfee-GW-Edition 6.8.5 2010.04.03 -

Microsoft 1.5605 2010.04.04 TrojanDownloader:Win32/Renos.KF

NOD32 4999 2010.04.04 a variant of Win32/Kryptik.DLB

Norman 6.04.10 2010.04.03 -

nProtect 2009.1.8.0 2010.04.04 -

Panda 10.0.2.2 2010.04.04 Suspicious file

PCTools 7.0.3.5 2010.04.04 -

Prevx 3.0 2010.04.04 High Risk Cloaked Malware

Rising 22.41.04.05 2010.04.02 Packer.Win32.UnkPacker.a

Sophos 4.52.0 2010.04.04 Sus/UnkPack-C

Sunbelt 6137 2010.04.04 -

Symantec 20091.2.0.41 2010.04.04 Suspicious.Insight

TheHacker 6.5.2.0.252 2010.04.04 -

TrendMicro 9.120.0.1004 2010.04.04 -

VBA32 3.12.12.4 2010.04.02 -

ViRobot 2010.4.3.2259 2010.04.04 -

VirusBuster 5.0.27.0 2010.04.04 -

Övrig information

File size: 172544 bytes

MD5...: 9e054a8e7c47dc71a4e5aab1967bfb4e

SHA1..: 3fd44c585479fe2e1ef5e62fa374946671476a78

SHA256: 9df121dc297e583cd043ce1ee166e27187a21e2edec8874d000fc6173476697b

ssdeep: 3072:6rSZ0vk1aFe72bLJibT5FeI/5L3l6BAIXHAtX+UIG:62u801LJiV9la1

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x2e86

timedatestamp.....: 0x4aeb8071 (Sat Oct 31 00:10:25 2009)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

7 0x1000 0x9e74 0xa000 5.64 389ba30736356e88bd596eb6657965f5

3 0xb000 0x3014d 0x1d200 7.46 de0d002472c9dce5233cdaed6a5fc17e

.9 0x3c000 0x2a27 0x2c00 5.13 03b2f3146d8d3dbfb502fb6dbabffe94

 

( 9 imports )

> user32.dll: GetKeyState, DefWindowProcA, ShowScrollBar, CheckMenuItem, GetWindowTextA, GetMenuStringA, GetMenu, EnableWindow, CreateIcon, BeginDeferWindowPos, IsMenu, SystemParametersInfoA, DrawFrameControl, CreateMenu, GetSysColor, GetDCEx, MessageBoxA, GetDesktopWindow, GetPropA, TrackPopupMenu, GetClassLongA, GetScrollRange, GetFocus, FrameRect, GetMenuState, EnumWindows, CallWindowProcA, SetWindowLongA, GetActiveWindow, EnumChildWindows

> kernel32.dll: GetModuleHandleA, WaitForSingleObject, LockResource, FindFirstFileA, GetEnvironmentStrings, LoadLibraryA, VirtualAllocEx, HeapAlloc, GetSystemDefaultLangID, lstrcatA, GetModuleFileNameA, lstrcpynA, GetFileType, VirtualQuery, GetStartupInfoA, GetLocaleInfoA, ReadFile, ExitProcess, GetCurrentProcess, MoveFileExA, WriteFile, GetVersionExA, SetEvent, GetCurrentThreadId

> comctl32.dll: ImageList_DragShowNolock, ImageList_Remove

> gdi32.dll: GetDIBits

> shlwapi.dll: SHQueryValueExA, SHEnumValueA, SHStrDupA, PathIsContentTypeA

> comdlg32.dll: GetOpenFileNameA, GetSaveFileNameA, ChooseColorA, GetFileTitleA

> SHELL32.dll: SHFileOperationA, SHGetSpecialFolderLocation

> MSVCRT.dll: sqrt, memmove, malloc, clock, strlen, wcstol, srand, tolower, memset, sprintf, wcsncmp, time, mbstowcs, strncmp, atol, memcpy, strcmp, calloc, wcschr

> oleaut32.dll: SafeArrayGetElement, SysStringLen

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (38.5%)

Win32 Dynamic Link Library (generic) (34.2%)

Clipper DOS Executable (9.1%)

Generic Win/DOS Executable (9.0%)

DOS Executable Generic (9.0%)

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=02FA9D2200465C62A26A02E81D8DCF00220CA24B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=02FA9D2200465C62A26A02E81D8DCF00220CA24B</a>

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

[Zipp.]

Kör Combofix som jag skrev tidigare = Skrivet idag, kl 13:25

[En_för_alla_för_en]

ComboFix 10-04-03.02 - Just4you 2010-04-04 19:09:20.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.3069.1879 [GMT 2:00]

Körs från: c:\users\Just4you\Desktop\ComboFix.exe

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-3082484009-1095413871-806137520-500

c:\$recycle.bin\S-1-5-21-3651244786-3532143149-700531860-500

c:\recycler\S-1-5-21-3064667459-1047569815-767866662-8392

c:\recycler\S-1-5-21-5995792902-3284755934-724044168-0224

c:\recycler\S-1-5-21-9683542287-9683395279-670132318-5207

c:\users\Just4you\AppData\Local\Windows Server

c:\users\Just4you\AppData\Local\Windows Server\uses32.dat

c:\users\Just4you\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp

c:\windows\system32\AutoRun.inf

c:\windows\system32\Ijl11.dll

c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

c:\windows\Tasks\dogs.exe

c:\windows\Tasks\hid.exe

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-03-04 till 2010-04-04 ))))))))))))))))))))))))))))))

.

 

2010-04-04 17:23 . 2010-04-04 17:24 -------- d-----w- c:\users\Just4you\AppData\Local\temp

2010-04-04 17:23 . 2010-04-04 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-04-04 12:52 . 2010-03-14 14:18 52224 ----a-w- c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

2010-04-04 12:52 . 2010-03-14 14:18 101376 ----a-w- c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll

2010-04-04 12:52 . 2009-11-24 15:39 1093064 ----a-w- c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

2010-04-04 01:07 . 2010-04-01 20:52 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\NAVENG.SYS

2010-04-04 01:07 . 2010-04-01 20:52 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\NAVEX32A.DLL

2010-04-04 01:07 . 2010-04-01 20:52 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\NAVEX15.SYS

2010-04-04 01:07 . 2010-04-01 20:52 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\NAVENG32.DLL

2010-04-04 01:07 . 2010-04-01 20:52 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\EECTRL.SYS

2010-04-04 01:07 . 2010-04-01 20:52 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\ERASER.SYS

2010-04-04 01:07 . 2010-04-01 20:52 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\CCERASER.DLL

2010-04-04 01:07 . 2010-04-01 20:52 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100403.020\ECMSVR32.DLL

2010-04-03 12:41 . 2010-04-03 12:41 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2010-04-03 11:23 . 2010-04-03 11:23 52224 ----a-w- c:\users\Just4you\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-04-03 11:23 . 2010-04-03 11:23 117760 ----a-w- c:\users\Just4you\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-04-03 11:16 . 2010-04-03 11:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-04-03 10:57 . 2010-04-03 10:57 -------- d-----w- c:\users\Just4you\AppData\Roaming\Malwarebytes

2010-04-03 10:57 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-03 10:57 . 2010-04-04 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-03 10:57 . 2010-04-03 10:57 -------- d-----w- c:\programdata\Malwarebytes

2010-04-03 10:57 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-03 10:52 . 2010-04-03 10:52 -------- d-----w- c:\program files\Trend Micro

2010-04-02 09:31 . 2009-11-17 00:51 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll

2010-04-02 09:31 . 2009-11-17 00:51 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll

2010-04-02 09:31 . 2009-11-17 00:51 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys

2010-04-02 09:31 . 2009-11-17 00:51 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys

2010-04-02 09:31 . 2009-11-17 00:51 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys

2010-04-02 09:28 . 2010-02-25 08:13 11776 ----a-w- c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll

2010-04-01 20:38 . 2010-04-01 20:38 72 ----a-w- c:\users\Just4you\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys

2010-04-01 20:33 . 2009-12-10 03:16 784752 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll

2010-04-01 20:32 . 2010-04-01 20:32 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-04-01 20:31 . 2009-11-17 00:51 164216 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

2010-04-01 20:30 . 2009-11-17 00:51 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsvia64.sys

2010-04-01 20:30 . 2009-11-17 00:51 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsvix86.sys

2010-04-01 20:30 . 2009-11-17 00:51 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsxpx86.sys

2010-04-01 20:30 . 2009-11-17 00:51 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\scxpx86.dll

2010-04-01 20:30 . 2009-12-08 02:20 965488 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\OCS\hsplayer.dll

2010-04-01 20:30 . 2009-11-17 00:51 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\BinHub\idsxpx86.dll

2010-04-01 20:30 . 2009-09-01 08:27 892272 ------w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\CLT\cltLMSx.dll

2010-04-01 20:29 . 2010-04-01 20:29 -------- d-----w- c:\program files\Norton Internet Security

2010-04-01 20:20 . 2010-02-16 08:31 1647984 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\NAVEX32A.DLL

2010-04-01 20:20 . 2010-02-16 08:31 1324720 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\NAVEX15.SYS

2010-04-01 20:20 . 2010-02-16 08:31 84912 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\NAVENG.SYS

2010-04-01 20:20 . 2010-02-16 08:31 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\NAVENG32.DLL

2010-04-01 20:20 . 2010-02-16 08:31 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\EECTRL.SYS

2010-04-01 20:20 . 2010-02-16 08:31 2747440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\CCERASER.DLL

2010-04-01 20:20 . 2010-02-16 08:31 259440 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\ECMSVR32.DLL

2010-04-01 20:20 . 2010-02-16 08:31 102448 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\tmp3101.tmp\ERASER.SYS

2010-04-01 20:16 . 2010-04-01 20:49 -------- d-sh--w- c:\programdata\52d99f4

2010-04-01 17:01 . 2010-04-01 17:00 172544 ----a-w- c:\windows\Wnifia.exe

2010-03-30 18:04 . 2010-03-30 18:04 -------- d-----w- c:\program files\Common Files\Java

2010-03-30 13:59 . 2010-03-30 13:59 -------- d-----w- c:\program files\Common Files\Skype

2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys

2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll

2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll

2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys

2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll

2010-03-22 14:40 . 2010-03-22 15:09 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing

2010-03-22 05:42 . 2010-04-02 09:48 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-03-20 11:43 . 2010-03-20 11:43 -------- d-----w- C:\Ny mapp

2010-03-19 19:22 . 2010-03-20 07:32 -------- d-----w- c:\program files\Black Obelisk Software

2010-03-17 10:04 . 2010-03-17 10:04 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-03-16 18:51 . 2010-03-23 16:51 -------- d-----w- c:\program files\DRPU PC Data Manager(Basic)

2010-03-16 18:22 . 2010-03-16 18:22 321536 ----a-w- c:\users\Just4you\AppData\Roaming\H4S\My\1.1.0.0\Setup-308463.exe

2010-03-16 18:22 . 2010-03-16 18:22 205312 ----a-w- c:\users\Just4you\AppData\Roaming\H4S\My\1.1.0.0\Update-681575.exe

2010-03-16 18:22 . 2010-03-16 18:22 -------- d-----w- c:\users\Just4you\AppData\Roaming\H4S

2010-03-13 21:38 . 2010-03-13 21:41 -------- d-----w- c:\users\Just4you\AppData\Local\gctmp

2010-03-13 21:38 . 2010-03-13 21:38 -------- d-----w- c:\users\Just4you\AppData\Local\Xenocode

2010-03-13 21:16 . 2010-03-13 21:43 -------- d-----w- c:\program files\Game Cam V2

2010-03-12 15:51 . 2010-03-23 16:51 -------- d-----w- c:\program files\HyCam2

2010-03-11 15:06 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-11 15:06 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-03-11 15:06 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-09 16:37 . 2010-03-09 16:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-03-09 16:37 . 2010-04-03 11:17 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-03-09 16:37 . 2010-04-03 11:17 -------- d-----w- c:\users\Just4you\AppData\Roaming\SUPERAntiSpyware.com

2010-03-09 16:24 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-08 19:25 . 2010-03-23 17:34 -------- d-----w- c:\program files\Common Files\Steam

2010-03-08 15:50 . 2010-03-08 15:50 -------- d-----w- C:\PFiles

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-04 17:23 . 2009-09-06 09:28 -------- d-----w- c:\users\Just4you\AppData\Roaming\uTorrent

2010-04-04 17:02 . 2010-01-31 21:52 -------- d-----w- c:\program files\Common Files\Akamai

2010-04-04 16:51 . 2009-09-06 10:06 -------- d-----w- c:\users\Just4you\AppData\Roaming\UltraGet

2010-04-04 13:57 . 2009-12-26 15:57 -------- d-----w- c:\programdata\Lx_cats

2010-04-04 11:27 . 2009-09-30 22:03 -------- d-----w- c:\program files\goonlinetv

2010-04-04 02:21 . 2009-09-10 09:46 -------- d-----w- c:\users\Just4you\AppData\Roaming\vlc

2010-04-03 18:44 . 2009-09-05 18:17 -------- d-----w- c:\programdata\Microsoft Help

2010-04-03 15:37 . 2009-12-17 08:53 -------- d-----w- c:\users\Just4you\AppData\Roaming\Skype

2010-04-03 15:37 . 2009-10-21 16:26 -------- d-----w- c:\program files\Steam

2010-04-03 13:32 . 2009-09-05 18:32 111472 ----a-w- c:\users\Just4you\AppData\Local\GDIPFONTCACHEV1.DAT

2010-04-03 12:55 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild

2010-04-02 11:11 . 2009-09-06 09:43 -------- d-----w- c:\program files\Common Files\AVSMedia

2010-04-02 11:11 . 2009-09-06 09:43 -------- d-----w- c:\program files\AVS4YOU

2010-04-02 11:03 . 2009-09-24 09:26 -------- d--h--w- c:\users\Just4you\AppData\Roaming\windows

2010-04-02 09:38 . 2009-03-19 07:40 600740 ----a-w- c:\windows\system32\perfh01D.dat

2010-04-02 09:38 . 2009-03-19 07:40 118260 ----a-w- c:\windows\system32\perfc01D.dat

2010-04-02 09:38 . 2009-03-19 07:33 77234 ----a-w- c:\windows\system32\perfc014.dat

2010-04-02 09:38 . 2009-03-19 07:33 446736 ----a-w- c:\windows\system32\perfh014.dat

2010-04-02 09:38 . 2009-03-19 07:26 81456 ----a-w- c:\windows\system32\perfc00B.dat

2010-04-02 09:38 . 2009-03-19 07:26 430022 ----a-w- c:\windows\system32\perfh00B.dat

2010-04-02 09:38 . 2009-03-19 07:20 77944 ----a-w- c:\windows\system32\perfc006.dat

2010-04-02 09:38 . 2009-03-19 07:20 457746 ----a-w- c:\windows\system32\perfh006.dat

2010-04-02 09:25 . 2009-11-26 22:05 151295 ----a-w- c:\windows\hpoins14.dat

2010-04-01 22:27 . 2010-01-18 17:10 -------- d-----w- c:\program files\NortonInstaller

2010-04-01 20:32 . 2010-01-18 17:12 -------- d-----w- c:\program files\Symantec

2010-04-01 20:32 . 2010-04-01 20:32 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-04-01 20:32 . 2010-04-01 20:32 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-04-01 20:27 . 2010-04-01 20:17 58 ----a-w- c:\users\Just4you\AppData\Roaming\Microsoft\Windows\Recent\exec.dll

2010-04-01 20:25 . 2009-03-19 08:21 -------- d-----w- c:\programdata\NortonInstaller

2010-04-01 20:22 . 2009-03-19 08:22 -------- d-----w- c:\programdata\Norton

2010-04-01 20:07 . 2009-03-19 09:53 -------- d-----w- c:\program files\Java

2010-04-01 04:14 . 2009-09-13 19:45 -------- d-----w- c:\users\Just4you\AppData\Roaming\skypePM

2010-03-23 17:52 . 2009-10-27 10:32 -------- d-----w- c:\users\Just4you\AppData\Roaming\dvdcss

2010-03-23 16:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-03-23 16:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-03-23 16:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-03-23 16:52 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-03-23 16:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-23 16:46 . 2009-07-19 08:23 -------- d-----w- c:\program files\JMicron

2010-03-21 10:46 . 2009-03-19 08:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-20 08:32 . 2009-09-24 07:29 -------- d--h--w- c:\program files\Wedhbbmxenek

2010-03-16 20:54 . 2010-04-01 20:17 718296 ----a-w- c:\programdata\52d99f4\mozcrt19.dll

2010-03-16 20:54 . 2010-04-01 20:17 458200 ----a-w- c:\programdata\52d99f4\sqlite3.dll

2010-03-16 18:22 . 2010-04-01 20:17 205312 ----a-w- c:\programdata\52d99f4\BackUp\Music System.exe

2010-03-13 19:06 . 2009-09-12 19:10 -------- d-----w- c:\users\Just4you\AppData\Roaming\HpUpdate

2010-03-10 06:05 . 2009-03-19 09:39 588472 ----a-w- c:\windows\system32\ezsvc7x.dll

2010-03-09 16:38 . 2009-03-19 08:22 -------- d-----w- c:\programdata\Symantec

2010-03-09 02:28 . 2009-03-19 09:53 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-04 09:26 . 2010-03-04 09:26 86016 ----a-w- c:\windows\system32\frapsvid.dll

2010-03-03 09:31 . 2010-03-03 09:31 -------- d-----w- c:\users\Just4you\AppData\Roaming\VistaCodecs

2010-03-03 09:31 . 2010-03-03 09:31 -------- d-----w- c:\program files\VistaCodecPack

2010-03-03 09:31 . 2010-03-03 09:30 -------- d-----w- c:\programdata\VistaCodecs

2010-03-03 09:31 . 2010-03-03 09:31 -------- d-----w- c:\users\Just4you\AppData\Roaming\Red Kawa

2010-03-03 09:18 . 2010-03-03 09:18 -------- d-----w- c:\program files\Red Kawa

2010-03-03 08:40 . 2010-03-03 08:40 -------- d-----w- c:\program files\AviSynth 2.5

2010-03-03 08:40 . 2010-03-03 08:40 264106 ----a-w- c:\users\Just4you\AppData\Roaming\OpenCandy\XobniWrapper.exe

2010-03-02 22:53 . 2010-03-02 21:47 -------- d-----w- c:\users\Just4you\AppData\Roaming\DiskAid

2010-03-02 19:34 . 2010-03-02 19:21 -------- d-----w- c:\users\Just4you\AppData\Roaming\Apple Computer

2010-03-02 19:21 . 2010-03-02 19:20 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2010-03-02 19:20 . 2010-03-02 19:20 -------- d-----w- c:\program files\iPod

2010-03-02 19:20 . 2009-09-10 09:47 -------- d-----w- c:\program files\Common Files\Apple

2010-03-02 19:20 . 2009-09-10 09:52 -------- d-----w- c:\programdata\Apple Computer

2010-03-02 19:20 . 2009-09-10 09:47 -------- d-----w- c:\programdata\Apple

2010-03-02 19:19 . 2010-03-02 19:19 -------- d-----w- c:\program files\Bonjour

2010-03-01 09:01 . 2009-03-19 08:03 -------- d-----w- c:\program files\Hewlett-Packard

2010-02-26 19:56 . 2010-02-26 19:56 -------- d-----w- c:\program files\Common Files\Solveig Multimedia

2010-02-26 18:38 . 2009-09-06 09:44 -------- d-----w- c:\users\Just4you\AppData\Roaming\AVS4YOU

2010-02-23 06:39 . 2010-03-31 10:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-03-31 10:37 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33 . 2010-03-31 10:37 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55 . 2010-03-31 10:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-22 17:18 . 2010-02-22 17:18 -------- d-----w- c:\users\Just4you\AppData\Roaming\Tific

2010-02-20 15:26 . 2010-02-20 15:25 -------- d-----w- c:\programdata\HPSSUPPLY

2010-02-16 17:47 . 2010-02-16 17:47 292878 ----a-r- c:\users\Just4you\AppData\Roaming\Microsoft\Installer\{C5288856-CAB4-432A-8CF2-CFCA60A0D36E}\_6FEFF9B68218417F98F549.exe

2010-02-16 17:47 . 2010-02-16 17:47 -------- d-----w- c:\program files\Emotum

2010-02-15 17:41 . 2010-02-15 17:41 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-02-15 13:38 . 2009-09-06 08:52 -------- d-----w- c:\programdata\Emotum

2010-02-15 13:30 . 2010-02-15 13:30 -------- d-----w- c:\program files\Option

2010-02-06 10:56 . 2009-09-06 09:48 -------- d-----w- c:\program files\Google

2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\users\Just4you\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

2010-02-04 15:02 . 2010-02-01 16:52 -------- d-----w- c:\program files\Microsoft SQL Server

2010-02-04 14:42 . 2009-09-05 18:19 -------- d-----w- c:\program files\Microsoft.NET

2010-02-01 16:50 . 2010-02-01 16:50 112640 ----a-w- c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll

2010-02-01 16:50 . 2010-02-01 16:50 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2010-01-28 01:09 . 2010-01-28 01:09 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-01-25 12:00 . 2010-02-24 17:59 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00 . 2010-02-24 17:59 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00 . 2010-02-24 17:59 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00 . 2010-02-24 17:59 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58 . 2010-02-24 17:59 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21 . 2010-02-24 17:59 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21 . 2010-02-24 17:59 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21 . 2010-02-24 17:59 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-25 08:21 . 2010-02-24 17:59 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-23 09:26 . 2010-02-24 17:59 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-06 15:39 . 2010-02-24 17:58 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-01-06 15:38 . 2010-02-24 17:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-01-06 15:38 . 2010-02-24 17:58 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll

2010-01-06 15:38 . 2010-02-24 17:58 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll

2010-01-06 15:38 . 2010-02-24 17:58 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll

2009-03-19 08:10 . 2009-03-19 07:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-14 319792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Just4you^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Skärmurklipp och start för OneNote 2007.lnk]

path=c:\users\Just4you\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skärmurklipp och start för OneNote 2007.lnk

backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2005-09-09 00:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]

2008-12-25 20:41 189736 ----a-w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctra]

2009-12-26 21:56 249856 ----a-w- c:\windows\cmxint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DRPU PC Data Manager(Basic)]

2010-01-05 14:05 2801664 ----a-w- c:\program files\DRPU PC Data Manager(Basic)\pcdm.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]

2008-11-29 01:04 1148200 ----a-w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emotum Mobile Broadband]

2009-05-14 17:14 348968 ----a-w- c:\program files\Emotum\Mobile Broadband\Mobile.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

2009-01-29 15:43 107176 ----a-w- c:\program files\Lexmark 2600 Series\ezprint.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-09-10 07:18 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-09-06 10:39 133104 ----atw- c:\users\Just4you\AppData\Local\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]

2009-01-29 15:43 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2010-03-29 13:24 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2008-10-10 19:24 206128 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-10 22:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-03-09 08:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-08-30 00:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-03-23 17:26 1217872 ----a-w- c:\program files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2010-04-01 10:28 2010864 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-09-06 09:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

2009-06-03 19:43 450652 ----a-w- c:\program files\IDT\WDM\sttray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]

2008-12-25 20:41 1316136 ----a-w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent]

2009-05-09 00:32 206120 ----a-w- c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2008-11-15 05:02 218408 ----a-w- c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]

2008-06-14 01:11 210216 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2008-11-26 18:34 210216 ----a-w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-03-14 13:01 319792 ----a-w- c:\program files\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WirelessAssistant]

2008-12-08 18:25 432432 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:f4,b1,4b,ca,a9,42,ca,01

 

R2 gupdate1ca2edd43a4c20;Tjänsten Google Update (gupdate1ca2edd43a4c20);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 133104]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-05 109408]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\SYMDS.SYS [2009-08-30 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\SYMEFA.SYS [2009-11-26 172592]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [2010-03-24 536112]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\ccHPx86.sys [2009-12-09 501888]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys [2009-11-17 343088]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\Ironx86.SYS [2009-11-26 116272]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1105000.07F\SYMTDIV.SYS [2009-11-22 340016]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/19 02:04];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-29 01:04 87536]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 GTDetectSc;GtDetectSc Service;c:\program files\Option\Option 225 Driver Installation\GTDetectSc.exe [2007-12-18 196704]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2008-02-27 594600]

S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2009-04-28 94208]

S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]

S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-27 296320]

S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-27 116096]

S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-12-08 55016]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-04-01 102448]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-29 22072]

 

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*NewlyCreated* - NDISKIO

*NewlyCreated* - NSAK

*Deregistered* - NDISKIO

*Deregistered* - nsak

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 10:29]

 

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 10:29]

 

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082484009-1095413871-806137520-1000Core.job

- c:\users\Just4you\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-24 10:39]

 

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3082484009-1095413871-806137520-1000UA.job

- c:\users\Just4you\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-24 10:39]

 

2010-04-04 c:\windows\Tasks\HPCeeScheduleForJust4you.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-03-19 18:34]

 

2010-04-04 c:\windows\Tasks\User_Feed_Synchronization-{A35599E8-89D9-4F6E-9169-D96C6F4E1788}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.bigseekpro.com/hypercam/{FCD37C1E-9386-409C-BAD9-4FA44B2CEC1F}

uInternet Settings,ProxyOverride = *.local

IE: &AOL Verktygsfalt Sök - c:\programdata\AOL\ieToolbar\resources\sv-SE\local\search.html

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll

FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll

FF - component: c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll

FF - component: c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll

FF - component: c:\users\Just4you\AppData\Roaming\Mozilla\Firefox\Profiles\wxyq7mjg.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

FF - plugin: c:\users\Just4you\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\users\Just4you\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

BHO-{8e2059f1-eda8-4ce0-bbea-b51c2cc43382} - (no file)

MSConfigStartUp-Form1 - c:\users\Just4you\Desktop\facebookhack.exe

MSConfigStartUp-OIWN Agent - c:\windows\system32\28463\OIWN.exe

MSConfigStartUp-VoipDiscount - c:\program files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe

MSConfigStartUp-WEK9EMDHI9 - c:\users\Just4you\AppData\Local\Temp\Wtq.exe

MSConfigStartUp-YVIBBBHA8C - c:\users\Just4you\AppData\Local\Temp\Wts.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-04 19:24

Windows 6.0.6002 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Sluttid: 2010-04-04 19:31:03

ComboFix-quarantined-files.txt 2010-04-04 17:31

 

Före genomsökningen: 287 388 282 880 byte ledigt

Efter genomsökningen: 294 794 162 176 byte ledigt

 

- - End Of File - - 0CE215C406A344CF88A1544178D36E14

[Zipp.]

Scanna och skicka en ny Hijack log

[En_för_alla_för_en]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:55:35, on 2010-04-04

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\conime.exe

C:\Windows\explorer.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files\Emotum\Mobile Broadband\Mobile.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Just4you\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Just4you\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\Wnifia.exe

C:\Users\Just4you\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{FCD37C1E-9386-409C-BAD9-4FA44B2CEC1F}

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O1 - Hosts: ::1 localhost

O1 - Hosts: 74.208.10.249 gs.apple.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: IE2Aml - {2564A650-39E8-11DA-9EEF-A60DC4EDC02C} - C:\Program Files\Aml Pages\Plugins\IE2Aml.DLL

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O8 - Extra context menu item: &AOL Verktygsfalt Sök - C:\ProgramData\AOL\ieToolbar\resources\sv-SE\local\search.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GtDetectSc Service (GTDetectSc) - OptionNV - C:\Program Files\Option\Option 225 Driver Installation\GTDetectSc.exe

O23 - Service: Tjänsten Google Update (gupdate1ca2edd43a4c20) (gupdate1ca2edd43a4c20) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe

O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

 

--

End of file - 8799 bytes

[Zipp.]

Ladda upp filen i länken

 

C:\Windows\Wnifia.exe

 

http://www.skickafilen.se/

 

och länken du får klistra in hit

[En_för_alla_för_en]

Ladda upp filen i länken

 

C:\Windows\Wnifia.exe

 

http://www.skickafilen.se/

 

och länken du får klistra in hit

 

 

http://www.skickafilen.se/uploadsuccess.jsp

[Zipp.]

Länken funkar inte pröva en gång till och kopiera nerladd länken du får och skicka hit

[En_för_alla_för_en]

Länken funkar inte pröva en gång till och kopiera nerladd länken du får och skicka hit

 

 

 

 

http://www.skickafilen.se/download.jsp?FileId=Thkx5kb6MF5PgnzmPsff

[En_för_alla_för_en]

sorry mitt fel! snart kommer en som funkar!

[En_för_alla_för_en]

sorry mitt fel! snart kommer en som funkar!

 

 

 

http://www.skickafilen.se/download.jsp?FileId=2G5RCrkNQuXfq3KzFGT9