Just nu i M3-nätverket
Gå till innehåll
dick_a

Fel url bakom länken

Rekommendera Poster

På senaste tiden har det hänt efter en googling på något att jag har kommit till sidor som inte innehåller något som över huvud taget liknar den lilla preview som google ger. Det har inte varit porr, utan bara väldigt fel ändå, och jag har trott att "OK, sidan borta osv...". Alternativt har jag haft en mus som spelat mig ett spratt och klickat snett, men eftersom det hänt kanske två gånger om dagen ett tag så börjar man ju undra om det verkligen kan vara så. Idag googlade jag efter en sak jag förväntade mig hitta på någon svensk kommuns hemsida, och fick en träff som jag trodde var klockren. Klickade på den, och då drar mitt antivirusprogram igång (avast home edition) och varnar för en en trojan eller mask. "Fan" tänkte jag, nu gjorde jag det igen. Klickade "avbryt anslutningen" och gjorde om sökningen. Fick samma resultat och klickar på samma länk och kommer denna gång helt rätt.

 

Eftersom jag har ett uppdaterat avast så borde väl det hitta virus, men kan det vara något annat? Begreppsförvirringen stör mig vad det gäller virus, maskar, trojaner, ad-ware och mal-ware. Skulle vilja ha något som klart och tydligt skyddade mot all tänkbar skit som försöker tränga sig in i min dator. Har någon något tips?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Google har själva verktyg som skall hjälpa till med detta.

 

Har du ngt konkret exempel att visa upp för att få en klarare bild av din sökning

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Nej inte just nu, men det kommer nog fler. Jag är dock ganska övertygad om att sökresultaten har varit riktiga, och att något annat händer. Länken i söksvaret från google var vid andra sökningen lila, vilket innebär att jag hade laddat in den sidan förut. Möjligen öppnas det ett nytt fönster samtidigt som jag klickar på länken. Jag har nämligen också haft ett antal oförklarliga öppnade fönster av IE den senaste tiden, vilket jag har märkt först när jag har stängt ner. Även dessa har innehållit sådant som jag absolut inte kan relatera till, så som hudvårdsprodukter och annat bjäfs.

 

// Dick

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Jag vet inte vad Jonas tänker på men det finns skadliga program som gör så att ibland när man klickar på sökresultat så hamnar man på sidor som t ex visar annonser som ger pengar till den som gjorde det skadliga programmet.

 

Begreppen virus, maskar och trojaner handlar om hur det skadliga programmet sprids. Malware är en förkortning av "malicious software" och är det engelska ordet för skadliga program.

 

Det finns inget antivirusprogram som hittar alla skadliga program.

 

Vi kan se vad DDS visar till att börja med. Spara DDS på Skrivbordet.

http://download.bleepingcomputer.com/sUBs/dds.scr

 

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Även länken till det lilla dds.scr "kraschade" när den skulle sparas. "Den angivna platsen..." Men i försök två så fungerade det perfekt.

[log]DDS (Ver_10-03-17.01) - NTFSx86

Run by Dick at 11:07:04,34 on 2010-05-21

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.46.1053.18.1912.900 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\TAMSvr.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

E:\Program\aswUpdSv.exe

E:\Program\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Toshiba\3GUty\tw3gsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

E:\Program\ashMaiSv.exe

E:\Program\ashWebSv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Windows\System32\ThpSrv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe

C:\Program Files\TOSHIBA\3GUty\tw3gctrl.exe

C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

E:\Program\ashDisp.exe

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Dick\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.evaq8.se/startsida.htm

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\5.0.375.49\npchrome_frame.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [win2dkdes] c:\users\dick\appdata\roaming\win2dkdes\win2djws.exe

uRun: [dddbccsys] rundll32.exe "c:\users\dick\appdata\local\temp\vttspp.dll",DllRegisterServer

uRun: [khebbydrv] rundll32.exe "c:\users\dick\appdata\local\temp\ssqolk.dll",s

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA

mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe

mRun: [TosAutLk] c:\program files\toshiba\wirelesskeylogon\TosAutLk.exe -s

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [TOSHIBA_3G_UTY] c:\program files\toshiba\3guty\TW3GCTRL.exe

mRun: [vspdfprsrv.exe] c:\program files\visage\pdf printer\vspdfprsrv.exe --background

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [avast!] e:\program\ashDisp.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe

mRun: [usbMonitor] c:\program files\truesuite access manager\usbnotify.exe

mRun: [PwdBank] c:\program files\truesuite access manager\PwdBank.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TrayServer] e:\program files\magixmovie\TrayServer.exe

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\dick\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\teleno~1.lnk - c:\program files\option\telenor mobilt bredband\Telenor Mobilt Bredband.exe

uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)

uPolicies-explorer: HideSCABattery = 0 (0x0)

uPolicies-explorer: HideSCANetwork = 0 (0x0)

uPolicies-explorer: HideSCAVolume = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediap...06-44921-9400-2

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {AD1350A0-17F5-4714-A57B-B65F9EABF5D1} - hxxps://dsr.gbg.hsb.se/wa/AbolishLoader.cab

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a05-b05.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\5.0.375.49\npchrome_frame.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\dick\appdata\roaming\mozilla\firefox\profiles\ug93p0tg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.evaq8.se/startsida.htm|http://news.google.se/news?pz=1&ned=sv_se&hl=sv&q=att+hsb+OR+riksbyggen+OR+sbc+OR+bostadsr%C3%A4ttsf%C3%B6rening+OR+bostadsr%C3%A4ttsf%C3%B6reningen&as_qdr=d&as_drrb=q|http://news.google.se/news?ned=sv_se&hl=sv&as_maxm=3&q=elmoped+OR+elmopeder+OR+elcykel+OR+elcyklar&as_drrb=q&as_mind=18&as_minm=2&as_maxd=20&scoring=n|http://www.marrakezh.se/|http://news.google.se/news?pz=1&ned=sv_se&hl=sv&as_maxm=3&q=elbil+OR+elbilar+OR+elfordon&as_drrb=q&as_mind=18&as_minm=2&as_maxd=20&scoring=n

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\dick\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-3-14 42608]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-12 28280]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-14 114768]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-5-19 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-5-19 41744]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-14 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-14 53328]

R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]

R2 avast! Antivirus;avast! Antivirus;e:\program\ashServ.exe [2009-3-14 138680]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 GtDetectSc;GtDetectSc;c:\program files\option\telenor mobilt bredband\GtDetectSc.exe [2007-12-18 196704]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2008-11-28 35840]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-3-8 5120]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 6144]

R3 avast! Mail Scanner;avast! Mail Scanner;e:\program\ashMaiSv.exe [2009-3-14 254040]

R3 avast! Web Scanner;avast! Web Scanner;e:\program\ashWebSv.exe [2009-3-14 352920]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-3 224384]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [2009-6-15 24232]

R3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [2009-6-15 276352]

R3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [2009-6-15 351616]

R3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [2009-6-15 77864]

R3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [2009-6-15 14976]

R3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [2009-6-15 14976]

R3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [2009-6-15 360192]

R3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [2009-6-15 404864]

R3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [2009-6-15 25856]

R3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [2009-6-15 368128]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-5-18 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-5-18 111248]

S2 gupdate1c9c013b24ca990;Tjänsten Google Update (gupdate1c9c013b24ca990);c:\program files\google\update\GoogleUpdate.exe [2009-4-18 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\program files\common\database\bin\fbserver.exe [2009-10-9 1527900]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-1 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-2 30192]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-5-18 31504]

 

=============== Created Last 30 ================

 

2010-05-21 07:56:12 0 d-----w- c:\users\dick\appdata\roaming\Malwarebytes

2010-05-21 07:55:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-21 07:55:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-21 07:55:57 0 d-----w- c:\programdata\Malwarebytes

2010-05-21 07:55:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-19 20:56:58 0 d-----w- c:\users\dick\.VirtualBox

2010-05-19 20:55:43 142864 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-05-19 20:55:03 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-05-19 20:54:53 0 d-----w- c:\program files\Oracle

2010-05-19 14:57:45 0 d-----w- c:\users\dick\appdata\roaming\authorPOINT

2010-05-19 14:18:19 0 d-----w- c:\program files\authorGEN

2010-05-18 18:28:28 100368 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-05-18 18:28:26 31504 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys

2010-05-18 18:28:26 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-05-18 18:28:26 111248 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-05-14 10:03:17 0 d-----w- c:\users\dick\appdata\roaming\iSpring Solutions

2010-05-14 09:58:17 0 d-----w- c:\program files\common files\iSpring Solutions

2010-05-14 08:56:58 0 d-----w- c:\program files\iSpring

2010-05-14 08:56:29 2 ----a-w- c:\users\dick\tenmy.ini

2010-05-14 08:56:29 0 d-----w- c:\users\dick\appdata\roaming\win2dkdes

2010-05-14 08:56:26 372103 ----a-w- c:\users\dick\win2djws.exe

2010-05-14 08:56:25 136704 ----a-w- c:\users\dick\pod822.exe

2010-05-11 22:37:22 738816 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-11 04:32:55 65536 --sha-w- c:\users\dick\ntuser.dat{1dbc137c-5cb6-11df-bb69-00037a8ffb60}.TM.blf

2010-05-11 04:32:55 524288 --sha-w- c:\users\dick\ntuser.dat{1dbc137c-5cb6-11df-bb69-00037a8ffb60}.TMContainer00000000000000000002.regtrans-ms

2010-05-11 04:32:55 524288 --sha-w- c:\users\dick\ntuser.dat{1dbc137c-5cb6-11df-bb69-00037a8ffb60}.TMContainer00000000000000000001.regtrans-ms

2010-04-30 16:32:12 0 ----a-w- c:\windows\LiveBilliardsDemo.INI

2010-04-30 16:11:36 0 d-----w- c:\program files\common files\TerraGame Shared

 

==================== Find3M ====================

 

2010-05-21 07:46:29 86016 ----a-w- c:\windows\inf\infpub.dat

2010-05-21 07:46:29 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-21 02:59:20 600656 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-21 02:59:20 118536 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-19 20:56:32 143360 ----a-w- c:\windows\inf\infstor.dat

2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-03 18:51:11 20 ---h--w- c:\programdata\PKP_DLdw.DAT

2010-03-03 18:03:42 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-21 07:21:30 22247712 ----a-w- c:\users\dick\ispring_presenter_4_3.exe

2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 15:01:33 20 ---h--w- c:\programdata\PKP_DLdu.DAT

2009-09-26 15:27:01 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 06:23:46 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-01-21 06:23:46 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-01-21 06:23:46 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-01-21 06:23:46 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-12-22 04:48:49 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 11:09:25,55 =============== [/log]

Attach.zip

Redigerad av Cluster
Moderator har lagt till LOG-taggar

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

På sidan http://www.virustotal.com trycker du på Bläddra-knappen och klistrar in ett av följande filnamn i rutan, tryck på Öppna och sedan Skicka Fil. Vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in en länk till resultatet här. Upprepa med nästa filnamn.

C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

c:\users\dick\win2djws.exe

c:\users\dick\pod822.exe

c:\users\dick\appdata\local\temp\vttspp.dll

c:\users\dick\appdata\local\temp\ssqolk.dll

 

Ovanstående filer har antagligen installerats i datorn under installationen av iSpring Free PowerPoint to Flash converter. Det är möjligt att det programmet är gratis därför att det visar annonser som ger pengar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

De två översta gav samma resultat, och de övriga unika.

http://www.virustotal.com/sv/analisis/936b45d97ef1e7ad6d94022268071c179becb87a981e4605f6fd4e998ad9516c-1273839920'>http://www.virustotal.com/sv/analisis/936b45d97ef1e7ad6d94022268071c179becb87a981e4605f6fd4e998ad9516c-1273839920

http://www.virustotal.com/sv/analisis/936b45d97ef1e7ad6d94022268071c179becb87a981e4605f6fd4e998ad9516c-1273839920

 

http://www.virustotal.com/sv/analisis/f5666dc463a4b3a8a15b9f00c6912891e117a65c85593946eaf22e7ea4002d54-1273920009

 

http://www.virustotal.com/sv/analisis/86ffb9b47228f8befbedf91e41abd82f6f13d3989d580bc7be6acb8abf90f56b-1274436898

 

http://www.virustotal.com/sv/analisis/d26227f62208396b04b1952f0ce2dacfad6acb3d2ddaa5ad5db061db57f9c0c4-1273869836

 

...men är detta Virus som sprider sig tro, eller är det snnolikt bara denna dator i vårt hemmanätverk som är smittad?

 

Och TACK!!!! Vilken service! Det här är ju smaragden i toppen på civilisationens krona!!!

 

Fast varför drar du slutsatsen at det skulle ha med ispring free att göra?

 

// Dick

Redigerad av dick_a

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Fast va f-n! Jag tar bort dom bara. Så här gick det

 

 

C:\Users\Dick>del C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

Åtkomst nekad. svordom

aktivitetshanterare; processer; avsluta process

C:\Users\Dick>del C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

 

C:\Users\Dick>del c:\users\dick\win2djws.exe

 

C:\Users\Dick>del c:\users\dick\pod822.exe

 

C:\Users\Dick>del c:\users\dick\appdata\local\temp\vttspp.dll

Det går inte att hitta c:\users\dick\appdata\local\temp\vttspp.dll.

 

C:\Users\Dick>del c:\users\dick\appdata\local\temp\ssqolk.dll

Det går inte att hitta c:\users\dick\appdata\local\temp\ssqolk.dll.

 

C:\Users\Dick>

 

Så fast de gick att ladda upp så fanns de inte nu?

 

// Dick

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Anledningen till att jag tror att de hänger ihop med iSpring är att de kom in i datorn samtidigt (inom 35 sekunder enligt klockslagen i andra kolumnen):

2010-05-14 08:56:58 0 d-----w- c:\program files\iSpring

2010-05-14 08:56:29 2 ----a-w- c:\users\dick\tenmy.ini

2010-05-14 08:56:29 0 d-----w- c:\users\dick\appdata\roaming\win2dkdes

2010-05-14 08:56:26 372103 ----a-w- c:\users\dick\win2djws.exe

2010-05-14 08:56:25 136704 ----a-w- c:\users\dick\pod822.exe

 

För att du ska slippa felmeddelanden så behöver du få bort uppstarts-posterna i registret också. Ladda ner http://go.trendmicro.com/free-tools/hijackthis/HiJackThis.msi

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat) och klistra in i ditt svar.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

[log] Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:31:19, on 2010-05-21

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18904)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Windows\System32\ThpSrv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe

C:\Program Files\TOSHIBA\3GUty\tw3gctrl.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

E:\Program\ashDisp.exe

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evaq8.se/startsida.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.49\npchrome_frame.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA

O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe

O4 - HKLM\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [TOSHIBA_3G_UTY] C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [avast!] E:\Program\ashDisp.exe

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [FingerPrintNotifer] C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

O4 - HKLM\..\Run: [usbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe

O4 - HKLM\..\Run: [PwdBank] C:\Program Files\TrueSuite Access Manager\PwdBank.exe

O4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TrayServer] E:\Program Files\MagixMovie\TrayServer.exe

O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [win2dkdes] C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

O4 - HKCU\..\Run: [dddbccsys] rundll32.exe "c:\users\dick\appdata\local\temp\vttspp.dll",DllRegisterServer

O4 - HKCU\..\Run: [khebbydrv] rundll32.exe "c:\users\dick\appdata\local\temp\ssqolk.dll",s

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe

O4 - Global Startup: Telenor Mobilt Bredband.lnk = C:\Program Files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll

O9 - Extra button: Tradera - Köp och sälj - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediap...06-44921-9400-2 (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)

O16 - DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} (IlosoftMultipleImageCtrl Class) - https://www.one.com/...ImageUpload.dll

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab

O16 - DPF: {AD1350A0-17F5-4714-A57B-B65F9EABF5D1} (AbolishLoader Control) - https://dsr.gbg.hsb....olishLoader.cab

O16 - DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} (QuickUpload) - http://a05-b05.mypic...r/x/Upld_47.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.49\npchrome_frame.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program\aswUpdSv.exe

O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Program\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - E:\Program Files\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop-hanteraren 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe

O23 - Service: Tjänsten Google Update (gupdate1c9c013b24ca990) (gupdate1c9c013b24ca990) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA Hårddiskskydd (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: 3G RF Power Control Utility (TW3GSVC) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\3GUty\tw3gsvc.exe

 

--

End of file - 18464 bytes [/log]

Redigerad av Cluster
Moderator har lagt till LOG-taggar

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Skanna med HijackThis och bocka för:

 

O4 - HKCU\..\Run: [win2dkdes] C:\Users\Dick\AppData\Roaming\win2dkdes\win2djws.exe

O4 - HKCU\..\Run: [dddbccsys] rundll32.exe "c:\users\dick\appdata\local\temp\vttspp.dll",DllRegisterServer

O4 - HKCU\..\Run: [khebbydrv] rundll32.exe "c:\users\dick\appdata\local\temp\ssqolk.dll",s

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn.

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - Mappalternativ - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar/kommit tillbaka):

c:\users\dick\win2djws.exe

c:\users\dick\pod822.exe

 

Ta bort mapparna (om de finns kvar):

C:\Users\Dick\AppData\Roaming\win2dkdes

 

Spara ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

 

Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.

 

Starta om datorn och klistra in en ny DDS-logg så får vi se om allt ser bra ut.

 

Jag ser att du körde MBAM förut idag. Hittade programmet något? I så fall klistra in loggen från den körningen.

Redigerad av Cecilia

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

[log] DDS (Ver_10-03-17.01) - NTFSx86

Run by Dick at 15:28:25,04 on 2010-05-21

Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.46.1053.18.1912.766 [GMT 2:00]

 

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\TAMSvr.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

E:\Program\aswUpdSv.exe

E:\Program\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Toshiba\3GUty\tw3gsvc.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Option\Telenor Mobilt Bredband\GtDetectSc.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

E:\Program\ashMaiSv.exe

E:\Program\ashWebSv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Windows\System32\ThpSrv.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\TOSHIBA\TNROTATE\TNROTATE.exe

C:\Program Files\TOSHIBA\3GUty\tw3gctrl.exe

C:\Program Files\Visage\PDF Printer\vspdfprsrv.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

E:\Program\ashDisp.exe

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Classic Shell\ClassicStartMenu.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Dick\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.evaq8.se/startsida.htm

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - c:\program files\classic shell\ClassicExplorer32.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Inloggningshjälp för Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\5.0.375.49\npchrome_frame.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - c:\program files\classic shell\ClassicExplorer32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray

uRun: [khihecdrv] rundll32.exe "c:\users\dick\appdata\local\temp\ssqolk.dll",s

uRun: [jkhijjsys] rundll32.exe "c:\users\dick\appdata\local\temp\vttspp.dll",DllRegisterServer

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe

mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA

mRun: [Toshiba TEMPO] c:\program files\toshiba tempro\Toshiba.Tempo.UI.TrayApplication.exe

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [TNRotate] %ProgramFiles%\TOSHIBA\TNRotate\TNRotate.exe

mRun: [TosAutLk] c:\program files\toshiba\wirelesskeylogon\TosAutLk.exe -s

mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe

mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start

mRun: [TOSHIBA_3G_UTY] c:\program files\toshiba\3guty\TW3GCTRL.exe

mRun: [vspdfprsrv.exe] c:\program files\visage\pdf printer\vspdfprsrv.exe --background

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [avast!] e:\program\ashDisp.exe

mRun: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe

mRun: [usbMonitor] c:\program files\truesuite access manager\usbnotify.exe

mRun: [PwdBank] c:\program files\truesuite access manager\PwdBank.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TrayServer] e:\program files\magixmovie\TrayServer.exe

mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Classic Start Menu] "c:\program files\classic shell\ClassicStartMenu.exe"

StartupFolder: c:\users\dick\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\teleno~1.lnk - c:\program files\option\telenor mobilt bredband\Telenor Mobilt Bredband.exe

uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)

uPolicies-explorer: HideSCABattery = 0 (0x0)

uPolicies-explorer: HideSCANetwork = 0 (0x0)

uPolicies-explorer: HideSCAVolume = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: SmarThru4 Capture Selection - c:\program files\smarthru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\smarthru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\smarthru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\smarthru 4\WebCapture.dll

IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediap...06-44921-9400-2

IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab

DPF: {AD1350A0-17F5-4714-A57B-B65F9EABF5D1} - hxxps://dsr.gbg.hsb.se/wa/AbolishLoader.cab

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a05-b05.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\5.0.375.49\npchrome_frame.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\dick\appdata\roaming\mozilla\firefox\profiles\ug93p0tg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.evaq8.se/startsida.htm|http://news.google.se/news?pz=1&ned=sv_se&hl=sv&q=att+hsb+OR+riksbyggen+OR+sbc+OR+bostadsr%C3%A4ttsf%C3%B6rening+OR+bostadsr%C3%A4ttsf%C3%B6reningen&as_qdr=d&as_drrb=q|http://news.google.se/news?ned=sv_se&hl=sv&as_maxm=3&q=elmoped+OR+elmopeder+OR+elcykel+OR+elcyklar&as_drrb=q&as_mind=18&as_minm=2&as_maxd=20&scoring=n|http://www.marrakezh.se/|http://news.google.se/news?pz=1&ned=sv_se&hl=sv&as_maxm=3&q=elbil+OR+elbilar+OR+elfordon&as_drrb=q&as_mind=18&as_minm=2&as_maxd=20&scoring=n

FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\dick\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");

c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

 

============= SERVICES / DRIVERS ===============

 

R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-3-14 42608]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-1-12 28280]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 13336]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-14 114768]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2010-5-19 142864]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2010-5-19 41744]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-14 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-14 53328]

R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]

R2 avast! Antivirus;avast! Antivirus;e:\program\ashServ.exe [2009-3-14 138680]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 GtDetectSc;GtDetectSc;c:\program files\option\telenor mobilt bredband\GtDetectSc.exe [2007-12-18 196704]

R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2008-11-28 35840]

R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-3-8 5120]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2008-2-6 126976]

R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2008-5-27 628072]

R2 TW3GSVC;3G RF Power Control Utility;c:\program files\toshiba\3guty\tw3gsvc.exe [2009-2-23 110592]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2008-4-30 6144]

R3 avast! Mail Scanner;avast! Mail Scanner;e:\program\ashMaiSv.exe [2009-3-14 254040]

R3 avast! Web Scanner;avast! Web Scanner;e:\program\ashWebSv.exe [2009-3-14 352920]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-7-3 224384]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\drivers\toshscard.sys [2009-6-15 24232]

R3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\drivers\toshbus.sys [2009-6-15 276352]

R3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\drivers\toshcard.sys [2009-6-15 351616]

R3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\drivers\toshgps.sys [2009-6-15 77864]

R3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\drivers\toshmdfl.sys [2009-6-15 14976]

R3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\drivers\toshmdfl2.sys [2009-6-15 14976]

R3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\drivers\toshmdm.sys [2009-6-15 360192]

R3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\drivers\toshmdm2.sys [2009-6-15 404864]

R3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\drivers\toshnd5.sys [2009-6-15 25856]

R3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\drivers\toshunic.sys [2009-6-15 368128]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-5-18 100368]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2010-5-18 111248]

S2 gupdate1c9c013b24ca990;Tjänsten Google Update (gupdate1c9c013b24ca990);c:\program files\google\update\GoogleUpdate.exe [2009-4-18 133104]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\program files\common\database\bin\fbserver.exe [2009-10-9 1527900]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-1 54632]

S3 fsssvc;Tjänsten Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-2 30192]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2008-2-18 106624]

S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2008-2-8 59648]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-5-18 31504]

 

=============== Created Last 30 ================

 

2010-05-21 12:19:53 0 d-----w- c:\program files\Trend Micro

2010-05-21 12:09:51 0 d-----w- c:\program files\Classic Shell

2010-05-21 07:56:12 0 d-----w- c:\users\dick\appdata\roaming\Malwarebytes

2010-05-21 07:55:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-21 07:55:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-21 07:55:57 0 d-----w- c:\programdata\Malwarebytes

2010-05-21 07:55:56 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-19 20:56:58 0 d-----w- c:\users\dick\.VirtualBox

2010-05-19 20:55:43 142864 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-05-19 20:55:03 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-05-19 20:54:53 0 d-----w- c:\program files\Oracle

2010-05-19 14:57:45 0 d-----w- c:\users\dick\appdata\roaming\authorPOINT

2010-05-19 14:18:19 0 d-----w- c:\program files\authorGEN

2010-05-18 18:28:28 100368 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-05-18 18:28:26 31504 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys

2010-05-18 18:28:26 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-05-18 18:28:26 111248 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-05-14 10:03:17 0 d-----w- c:\users\dick\appdata\roaming\iSpring Solutions

2010-05-14 08:56:58 0 d-----w- c:\program files\iSpring

2010-05-14 08:56:29 2 ----a-w- c:\users\dick\tenmy.ini

2010-05-14 08:56:29 0 d-----w- c:\users\dick\appdata\roaming\win2dkdes

2010-05-11 22:37:22 738816 ----a-w- c:\windows\system32\inetcomm.dll

2010-05-11 04:32:55 65536 --sha-w- c:\users\dick\ntuser.dat{1dbc137c-5cb6-11df-bb69-00037a8ffb60}.TM.blf

2010-05-11 04:32:55 524288 --sha-w- c:\users\dick\ntuser.dat{1dbc137c-5cb6-11df-bb69-00037a8ffb60}.TMContainer00000000000000000002.regtrans-ms

2010-05-11 04:32:55 524288 --sha-w- c:\users\dick\ntuser.dat{1dbc137c-5cb6-11df-bb69-00037a8ffb60}.TMContainer00000000000000000001.regtrans-ms

2010-04-30 16:32:12 0 ----a-w- c:\windows\LiveBilliardsDemo.INI

2010-04-30 16:11:36 0 d-----w- c:\program files\common files\TerraGame Shared

 

==================== Find3M ====================

 

2010-05-21 13:19:15 600656 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-21 13:19:15 118536 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-21 07:46:29 86016 ----a-w- c:\windows\inf\infpub.dat

2010-05-21 07:46:29 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-05-19 20:56:32 143360 ----a-w- c:\windows\inf\infstor.dat

2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-03 18:51:11 20 ---h--w- c:\programdata\PKP_DLdw.DAT

2010-03-03 18:03:42 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-21 07:21:30 22247712 ----a-w- c:\users\dick\ispring_presenter_4_3.exe

2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 15:01:33 20 ---h--w- c:\programdata\PKP_DLdu.DAT

2009-09-26 15:27:01 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-01-21 06:23:46 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat

2008-01-21 06:23:46 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat

2008-01-21 06:23:46 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat

2008-01-21 06:23:46 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat

2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-12-22 04:48:49 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

 

============= FINISH: 15:28:46,12 =============== [/log]

Attach.zip

Redigerad av Cluster
Moderator har lagt till LOG-taggar

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Det gick inte så bra, de där temp-filerna är fortfarande där. Då får vi söka djupare i datorn. Spara ComboFix på Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Börjar med att klistra in loggen så blir det enklare när man behöver gå tillbaks och kolla på den senare.

[log]ComboFix 10-05-20.A4 - Dick 2010-05-21 17:14:59.1.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.46.1053.18.1912.1055 [GMT 2:00]

Körs från: c:\users\Dick\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\users\dick\appdata\local\temp\ssqolk.dll

c:\users\dick\appdata\local\temp\vttspp.dll

 

.

(((((((((((((((((((((((( Filer Skapade från 2010-04-21 till 2010-05-21 ))))))))))))))))))))))))))))))

.

 

2010-05-21 15:25 . 2010-05-21 15:25 -------- d-----w- c:\users\Dick\AppData\Local\temp

2010-05-21 15:25 . 2010-05-21 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-05-21 12:19 . 2010-05-21 12:19 388096 ----a-r- c:\users\Dick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-21 12:19 . 2010-05-21 12:19 -------- d-----w- c:\program files\Trend Micro

2010-05-21 12:09 . 2010-05-21 12:09 -------- d-----w- c:\program files\Classic Shell

2010-05-21 07:56 . 2010-05-21 07:56 -------- d-----w- c:\users\Dick\AppData\Roaming\Malwarebytes

2010-05-21 07:55 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-21 07:55 . 2010-05-21 07:55 -------- d-----w- c:\programdata\Malwarebytes

2010-05-21 07:55 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-21 07:55 . 2010-05-21 07:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-19 20:56 . 2010-05-20 10:29 -------- d-----w- c:\users\Dick\.VirtualBox

2010-05-19 20:55 . 2010-05-18 18:28 142864 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2010-05-19 20:55 . 2010-05-18 18:28 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2010-05-19 20:54 . 2010-05-19 20:54 -------- d-----w- c:\program files\Oracle

2010-05-19 14:57 . 2010-05-20 10:07 -------- d-----w- c:\users\Dick\AppData\Roaming\authorPOINT

2010-05-19 14:18 . 2010-05-19 14:18 -------- d-----w- c:\program files\authorGEN

2010-05-18 18:28 . 2010-05-18 18:28 100368 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2010-05-18 18:28 . 2010-05-18 18:28 31504 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys

2010-05-18 18:28 . 2010-05-18 18:28 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll

2010-05-18 18:28 . 2010-05-18 18:28 111248 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2010-05-14 10:03 . 2010-05-14 10:03 -------- d-----w- c:\users\Dick\AppData\Roaming\iSpring Solutions

2010-05-14 08:56 . 2010-05-21 11:32 -------- d-----w- c:\program files\iSpring

2010-05-14 08:56 . 2010-05-21 10:35 -------- d-----w- c:\users\Dick\AppData\Roaming\win2dkdes

2010-05-11 22:37 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll

2010-04-30 16:11 . 2010-04-30 16:11 -------- d-----w- c:\program files\Common Files\TerraGame Shared

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-21 15:15 . 2008-01-21 06:25 600656 ----a-w- c:\windows\system32\perfh01D.dat

2010-05-21 15:15 . 2008-01-21 06:25 118536 ----a-w- c:\windows\system32\perfc01D.dat

2010-05-21 13:22 . 2009-03-22 20:02 -------- d-----w- c:\users\Dick\AppData\Roaming\Skype

2010-05-21 05:12 . 2009-03-24 05:45 -------- d-----w- c:\users\Dick\AppData\Roaming\FileZilla

2010-05-16 10:49 . 2008-07-02 19:49 -------- d-----w- c:\program files\Google

2010-05-14 09:56 . 2010-05-14 09:02 66 ----a-w- c:\users\Dick\AppData\Roaming\ispresenter4_0.tmp

2010-05-12 09:21 . 2009-10-03 05:07 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-12 05:41 . 2009-03-05 15:53 -------- d-----w- c:\programdata\FLEXnet

2010-05-11 23:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-05-11 23:03 . 2008-07-02 19:43 -------- d-----w- c:\programdata\Microsoft Help

2010-05-11 19:36 . 2009-07-16 09:09 -------- d-----w- c:\users\Dick\AppData\Roaming\vlc

2010-05-07 10:05 . 2009-11-01 15:00 1 ----a-w- c:\users\Dick\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-30 09:02 . 2009-02-25 21:31 -------- d-----w- c:\programdata\eXPert PDF Jobs

2010-04-26 07:10 . 2009-12-25 12:11 -------- d-----w- c:\users\Dick\AppData\Roaming\VSO

2010-04-12 08:49 . 2010-04-12 08:49 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-04-12 08:49 . 2010-04-12 08:49 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-04-12 08:49 . 2010-04-12 08:49 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-04-12 08:49 . 2010-04-12 08:49 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-04-12 08:49 . 2010-04-12 08:49 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-04-12 08:49 . 2010-04-12 08:49 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-04-12 08:49 . 2010-04-12 08:49 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-12 08:49 . 2010-04-12 08:49 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-12 08:49 . 2010-04-12 08:49 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-04-12 08:49 . 2009-06-15 05:32 -------- d-----w- c:\program files\Common Files\Real

2010-04-12 08:48 . 2009-12-03 15:23 -------- d-----w- c:\program files\real

2010-04-12 08:48 . 2010-04-12 08:48 -------- d-----w- c:\program files\Common Files\xing shared

2010-04-12 08:39 . 2009-06-18 08:22 -------- d-----w- c:\program files\FileZilla FTP Client

2010-04-08 12:37 . 2010-03-05 06:00 439816 ----a-w- c:\users\Dick\AppData\Roaming\Real\Update\setup3.10\setup.exe

2010-04-06 06:20 . 2009-02-23 22:50 -------- d-----w- c:\users\Dick\AppData\Roaming\Spotify

2010-04-04 07:50 . 2010-04-04 07:50 50354 ----a-w- c:\users\Dick\AppData\Roaming\Facebook\uninstall.exe

2010-04-04 07:50 . 2010-04-04 07:50 -------- d-----w- c:\users\Dick\AppData\Roaming\Facebook

2010-04-02 07:46 . 2009-02-23 20:36 1356 ----a-w- c:\users\Dick\AppData\Local\d3d9caps.dat

2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\users\Dick\AppData\Roaming\Facebook\axfbootloader.dll

2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Dick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

2010-03-05 14:01 . 2010-04-14 22:33 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-03 18:53 . 2009-02-23 20:37 136944 ----a-w- c:\users\Dick\AppData\Local\GDIPFONTCACHEV1.DAT

2010-03-03 18:51 . 2009-12-07 07:26 20 ---h--w- c:\programdata\PKP_DLdw.DAT

2010-03-03 18:34 . 2009-12-07 07:29 335872 ----a-r- c:\users\Dick\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe

2010-03-03 18:34 . 2009-12-07 07:28 57344 ----a-r- c:\users\Dick\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2010-03-03 18:03 . 2009-11-01 14:33 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-23 11:10 . 2010-04-14 22:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-23 11:10 . 2010-04-14 22:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-02-23 11:10 . 2010-04-14 22:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-23 06:39 . 2010-03-31 04:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-03-31 04:53 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 06:33 . 2010-03-31 04:52 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 04:55 . 2010-03-31 04:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-21 07:21 . 2010-02-21 07:21 22247712 ----a-w- c:\users\Dick\ispring_presenter_4_3.exe

2010-02-20 23:06 . 2010-03-11 21:33 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05 . 2010-03-11 21:33 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 20:53 . 2010-03-11 21:33 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-02-19 19:10 . 2010-02-20 04:53 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]

@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"

[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]

2009-04-23 18:17 122880 ----a-w- c:\program files\TrueSuite Access Manager\IconOvrly.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2009-04-06 08:33 2823168 ----a-w- c:\program files\MozyHome\mozyshell.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2009-04-06 08:33 2823168 ----a-w- c:\program files\MozyHome\mozyshell.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]

@="{594D4122-1F87-41E2-96C7-825FB4796516}"

[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]

2010-05-01 18:13 291840 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-02 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"TOSDCR"="c:\program files\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]

"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-04-22 184320]

"NDSTray.exe"="NDSTray.exe" [bU]

"TPCHWMsg"="c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe" [2008-05-27 451944]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-19 30192]

"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-20 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-20 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-20 145944]

"TNRotate"="c:\program files\TOSHIBA\TNRotate\TNRotate.exe" [2008-06-12 607616]

"TosAutLk"="c:\program files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [2008-04-02 116040]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]

"TOSHIBA_3G_UTY"="c:\program files\Toshiba\3GUty\TW3GCTRL.exe" [2008-07-18 1581056]

"vspdfprsrv.exe"="c:\program files\Visage\PDF Printer\vspdfprsrv.exe" [2005-07-22 702976]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"avast!"="e:\program\ashDisp.exe" [2009-11-24 81000]

"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2006-03-18 184320]

"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-10-21 704512]

"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2009-04-23 94208]

"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2009-04-23 3200512]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-09-11 614400]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"TrayServer"="e:\program files\MagixMovie\TrayServer.exe" [2007-12-04 90112]

"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-12 202256]

"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-05-01 92160]

 

c:\users\Dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-3-5 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-12-18 2360648]

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2009-4-6 2829312]

Telenor Mobilt Bredband.lnk - c:\program files\Option\Telenor Mobilt Bredband\Telenor Mobilt Bredband.exe [2008-6-25 782336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoThumbnail"= 0 (0x0)

"HideSCABattery"= 0 (0x0)

"HideSCANetwork"= 0 (0x0)

"HideSCAVolume"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):c4,8a,47,cc,be,3e,ca,01

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-05 717296]

R2 gupdate1c9c013b24ca990;Tjänsten Google Update (gupdate1c9c013b24ca990);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 133104]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;e:\program files\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 GoogleDesktopManager-110309-193829;Google Desktop-hanteraren 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-19 30192]

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys [2008-02-18 106624]

R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys [2008-02-08 59648]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-05-18 31504]

S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-03-14 42608]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-11 28280]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 13336]

S1 aswSP;avast! Self Protection; [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-05-18 142864]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-05-18 41744]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]

S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-11-05 49152]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]

S2 GtDetectSc;GtDetectSc;c:\program files\Option\Telenor Mobilt Bredband\GtDetectSc.exe [2007-12-18 196704]

S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2008-11-28 35840]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]

S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2008-05-27 628072]

S2 TW3GSVC;3G RF Power Control Utility;c:\program files\Toshiba\3GUty\tw3gsvc.exe [2008-07-18 110592]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]

S3 Sony_EricssonWWSC;Toshiba F3507g Mobile Broadband USIM Port;c:\windows\system32\DRIVERS\toshscard.sys [2008-08-07 24232]

S3 toshbus;Toshiba F3507g Mobile Broadband Device driver (WDM);c:\windows\system32\DRIVERS\toshbus.sys [2008-09-10 276352]

S3 toshcard;Toshiba F3507g Mobile Broadband Device Management;c:\windows\system32\DRIVERS\toshcard.sys [2008-09-10 351616]

S3 toshgps;Toshiba F3507g Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\toshgps.sys [2008-09-29 77864]

S3 toshmdfl;Toshiba F3507g Mobile Broadband Modem Filter;c:\windows\system32\DRIVERS\toshmdfl.sys [2008-09-10 14976]

S3 toshmdfl2;Toshiba F3507g Mobile Broadband Data Modem Filter;c:\windows\system32\DRIVERS\toshmdfl2.sys [2008-09-10 14976]

S3 toshmdm;Toshiba F3507g Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\toshmdm.sys [2008-09-10 360192]

S3 toshmdm2;Toshiba F3507g Mobile Broadband Data Modem Driver;c:\windows\system32\DRIVERS\toshmdm2.sys [2008-09-10 404864]

S3 toshnd5;Toshiba F3507g Mobile Broadband Network Adapter (NDIS);c:\windows\system32\DRIVERS\toshnd5.sys [2008-09-10 25856]

S3 toshunic;Toshiba F3507g Mobile Broadband Network Adapter (WDM);c:\windows\system32\DRIVERS\toshunic.sys [2008-09-10 368128]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-05-18 100368]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-05-18 111248]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2010-05-21 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-02 12:32]

 

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 10:51]

 

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 10:51]

 

2010-05-21 c:\windows\Tasks\User_Feed_Synchronization-{14BEDD4E-4890-4E08-AE1E-45A4F823BE0B}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.evaq8.se/startsida.htm

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediap...06-44921-9400-2

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co...nk-21&site=home

DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dll

DPF: {AD1350A0-17F5-4714-A57B-B65F9EABF5D1} - hxxps://dsr.gbg.hsb.se/wa/AbolishLoader.cab

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a05-b05.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

FF - ProfilePath - c:\users\Dick\AppData\Roaming\Mozilla\Firefox\Profiles\ug93p0tg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.evaq8.se/startsida.htm|http://news.google.se/news?pz=1&ned=sv_se&hl=sv&q=att+hsb+OR+riksbyggen+OR+sbc+OR+bostadsr%C3%A4ttsf%C3%B6rening+OR+bostadsr%C3%A4ttsf%C3%B6reningen&as_qdr=d&as_drrb=q|http://news.google.se/news?ned=sv_se&hl=sv&as_maxm=3&q=elmoped+OR+elmopeder+OR+elcykel+OR+elcyklar&as_drrb=q&as_mind=18&as_minm=2&as_maxd=20&scoring=n|http://www.marrakezh.se/|http://news.google.se/news?pz=1&ned=sv_se&hl=sv&as_maxm=3&q=elbil+OR+elbilar+OR+elfordon&as_drrb=q&as_mind=18&as_minm=2&as_maxd=20&scoring=n

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\users\Dick\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

HKLM-Run-Toshiba TEMPO - c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe

 

 

 

**************************************************************************

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????th???`???????????? ??(

 

scanning hidden files ...

 

scan completed successfully

hidden files:

 

**************************************************************************

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Sluttid: 2010-05-21 17:29:05

ComboFix-quarantined-files.txt 2010-05-21 15:29

 

Före genomsökningen: 6 064 545 792 byte ledigt

Efter genomsökningen: 9 651 433 472 byte ledigt

 

- - End Of File - - D8FF3CEA21C1F05F9138B4D9AF936177 [/log]

Redigerad av Cluster
Moderator har lagt till LOG-taggar

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Kolla upp filen c:\users\Dick\ispring_presenter_4_3.exe på virustotal-sidan.

 

Är det senaste versionen, version 5, av Avast du har?

 

Kopiera alla rader i rutan:

File::
c:\users\Dick\AppData\Roaming\ispresenter4_0.tmp
Folder::
c:\users\Dick\AppData\Roaming\win2dkdes
DDS::
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://adfarm.mediap...06-44921-9400-2

och klistra in i Anteckningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

 

Går det att köra MBAM nu?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser
Postad (redigerade)

Jag har bara version 4.8, men även den uppdateras ju dagligen.

Ispring är avinstallerad.

Jag skall fortsätta i morgon, men jag kunde köra MBAM nu i alla fall, och den sa:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databasversion: 4052

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

 

2010-05-21 20:52:53

mbam-log-2010-05-21 (20-52-53).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 126703

Förfluten tid: 6 minut(er), 47 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

Redigerad av dick_a

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Varje ny version av ett antivirusprogram innehåller nya funktioner som behövs för att kunna bekämpa de senaste typerna av skadliga program. Det räcker inte bara med att få nya virusdefinitioner. Men du ska inte byta ut antiviruset så länge som datorn är infekterad utan först när det är klart eftersom de skadliga filerna kan störa installationen så att skyddet blir sämre.

 

Bra att MBAM inte hittade något. Har du kört ComboFix med CFScript än?

Dela detta inlägg


Länk till inlägg
Dela på andra webbplatser

Skapa ett konto eller logga in för att kommentera

Du måste vara medlem för att kunna kommentera

Skapa ett konto

Skapa ett nytt konto på vårt forum. Det är lätt!

Registrera ett nytt konto

Logga in

Redan medlem? Logga in här.

Logga in nu



×
×
  • Skapa nytt...