Explorer.exe har stött på ett problem och måste avslutas

[Hämtaren]

Jag försöker komma till katalogstrukturen men får detta fel när jag klickar på Denhär datorn, Sök respektive kontrollpanelen. Jag har kört en scanning med F-secure som inte hittar några problem. Jag har tittat i loggboken, efter att ha försökt öppna Kontrollpanel men misslyckats och fått rubr fel, som under rubriken Windows Office session säger bl a förljande Typ=Information, Datum=2011-01-23,Källa=Microsoft Office Session12, Kategori=Ingen, Händelse=7000, Användare=Saknas. När jag tittar på informationen om denna händelse står: ID: 16, Application Name: Microsoft Office Groove, Application Version: 5.1.2600.5512, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended normally.

Finns kännedom om vad jag skall ta mig till för att komma undan felet?

Jag har mycket som autostartas som jag skulle kunna stänga ner men jag kommer ju inte åt den uppgiften heller eftersom jag inte kommer in på Denhär datorn och inte heller kan någon genväg till autostartinformtionen

PS Jag har inga Officeprogram igång.(Kollat task list)

[Mats H]

Hej,

vilket Windows är detta?

Har du externa enheter anslutna?

Mvh

Mats H

[Hämtaren]

Hej,

vilket Windows är detta?

Har du externa enheter anslutna?

Mvh

Mats H

 

Windows XP Pro

Jag har tre kablar anslutna

1. Power

2. Internet

3. Skrivare

Inget mer och inget via Blåtand eller liknande

[Mats H]

Hej,

har du en XP Pro CD?

Om du har det sätt iden i CDspelaren, öppna kommandotolken, skriv cmd i körrutan och tryck Enter.

Vid promten i kommandotolken, skriver du sfc /scannow

Datorn skannar då igenom efter felaktiga systemfiler och återställer dem om den hittar något.

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/system_file_checker.mspx?mfr=true

Använda Systemfilsgranskaren för att felsöka saknade eller skadade systemfiler i Windows Vista eller Windows 7

Mvh

Mats H

[Cecilia]

Finns kännedom om vad jag skall ta mig till för att komma undan felet?

Jag har mycket som autostartas som jag skulle kunna stänga ner men jag kommer ju inte åt den uppgiften heller eftersom jag inte kommer in på Denhär datorn och inte heller kan någon genväg till autostartinformtionen

Autostart-information:

Start - Kör - msconfig - Autostart

[Hämtaren]

Tyvärr har jag ingen XP Pro CD. PC:n köpte jag ut när jag slutade jobbet så tyvärr!

Tack har börjat plocka ner något i autostarten men svårt avgöra vilka av alla som man kan dra bort därifrån.

PS Går filen som finns på CD:n ladda ner från någonstans eller kan någon maila över den?

[Cecilia]

När det gäller programmen i autostart kan du fråga här. Om du vill kan du t o m köra DDS och klistra in resultatet från körningen. DDS är ett program som listar vilka processer som är igång, vad som startas automatiskt eller indirekt när man startar webbläsaren mm liknande samt filer i Windows-mappar som är nya eller har modifierats de senaste tre månaderna.

[Hämtaren]

Tack Men hur kör jag DDS?

[Mats H]

Hej,

Klistra in loggen/resultatet från programmet DDS. Spara DDS på Skrivbordet.

http://download.blee...om/sUBs/dds.scr

Starta programmet genom att dubbelklicka på det.

Tryck Yes/Ja om frågan om Optional Scan dyker upp.

I ditt svar klistrar du in loggen DSS.txt. Medan du bifogar Attach.txt som en fil.

 

DDS är ett program som listar processer som kör, program och tjänster som startas automatiskt samt filer i sådana mappar som är vanliga att skadliga program och som är nya eller ändrade under senaste 1-3 månader. DDS är ett mycket vanligt program bland oss som hjälper till att rensa datorer. Resultatet ger oss en grundläggande kunskap om vad som händer och har hänt nyligen i datorn, och från det kan vi dra slutsatser om vad som är nästa lämpliga steg i rensningen av datorn.

 

Obs! När du klistrar in en logg eller ett resultat i ditt inlägg använd inga knappar eller taggar utan kopiera det i programmet (oftast Anteckningar) och klistra in det direkt i rutan du skriver i.

Mvh

Mats H

[Cecilia]

Tack Men hur kör jag DDS?

Förlåt, jag missade ju den meningen

Tur att du fick svar av Mats.

[Hämtaren]

Här är Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-12-12.02)

 

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2004-10-28 00:26:31

System Uptime: 2011-01-24 16:13:14 (1 hours ago)

 

Motherboard: Dell Computer Corporation | | 0T1957

Processor: Intel® Pentium® M processor 2.00GHz | Microprocessor | 1998/133mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 37 GiB total, 2.567 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet Pro 8000 A809

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet Pro 8000 A809

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

 

==== System Restore Points ===================

 

RP483: 2010-12-08 12:55:10 - Systemkontrollpunkt

RP484: 2010-12-09 13:13:43 - Systemkontrollpunkt

RP485: 2010-12-10 14:41:06 - Systemkontrollpunkt

RP486: 2010-12-12 17:21:33 - Systemkontrollpunkt

RP487: 2010-12-14 17:09:04 - Systemkontrollpunkt

RP488: 2010-12-15 18:16:53 - Systemkontrollpunkt

RP489: 2010-12-16 19:16:01 - Systemkontrollpunkt

RP490: 2010-12-17 11:07:05 - Software Distribution Service 3.0

RP491: 2010-12-18 11:43:21 - Systemkontrollpunkt

RP492: 2010-12-19 15:23:53 - Systemkontrollpunkt

RP493: 2010-12-20 17:00:16 - Systemkontrollpunkt

RP494: 2010-12-21 17:54:38 - Systemkontrollpunkt

RP495: 2010-12-22 18:18:50 - Systemkontrollpunkt

RP496: 2010-12-23 18:52:03 - Systemkontrollpunkt

RP497: 2010-12-24 19:10:58 - Systemkontrollpunkt

RP498: 2010-12-25 19:39:39 - Systemkontrollpunkt

RP499: 2010-12-26 20:13:07 - Systemkontrollpunkt

RP500: 2010-12-27 20:40:51 - Systemkontrollpunkt

RP501: 2010-12-28 20:53:52 - Systemkontrollpunkt

RP502: 2011-01-10 16:16:59 - Systemkontrollpunkt

RP503: 2011-01-10 22:59:51 - Java 6 Update 23 installerades

RP504: 2011-01-11 23:05:24 - Systemkontrollpunkt

RP505: 2011-01-12 11:50:46 - Software Distribution Service 3.0

RP506: 2011-01-13 12:27:29 - Systemkontrollpunkt

RP507: 2011-01-14 13:32:03 - Systemkontrollpunkt

RP508: 2011-01-15 14:36:53 - Systemkontrollpunkt

RP509: 2011-01-16 20:04:25 - Systemkontrollpunkt

RP510: 2011-01-19 10:55:30 - Systemkontrollpunkt

RP511: 2011-01-20 11:21:10 - Systemkontrollpunkt

RP512: 2011-01-21 13:13:27 - Systemkontrollpunkt

RP513: 2011-01-23 01:22:59 - Systemkontrollpunkt

RP514: 2011-01-23 20:55:13 - Configured Microsoft Office Enterprise 2007

 

==== Installed Programs ======================

 

 

32 Bit HP CIO Components Installer

8000A809

8000A809_eDocs

8000A809_Help

a-squared Anti-Dialer 3.0

a-squared Anti-Malware 3.1

AC3Filter (remove only)

Acrobat.com

Ad-Aware SE Personal

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1

Adobe Shockwave Player 11

Adobe® Photoshop® Album Starter Edition 3.2

Advanced SystemCare 3

AFPL Ghostscript 8.00

AFPL Ghostscript Fonts

ALPS Touch Pad Driver

AnyDoc

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASF

Ashampoo Photo Commander 6.30

Ashampoo WinOptimizer 5.13

ASIO4ALL

Auslogics BoostSpeed

BankID säkerhetsprogram 4.16.1

Bonjour

BPDSoftware

BPDSoftware_Ini

Broadcom Advanced Control Suite

Broadcom ASF Management Applications

Broadcom Gigabit Integrated Controller

BufferChm

CardBus

CDDRV_Installer

Conexant D480 MDC V.92 Modem

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Panorama1Config

CueTour

DeepBurner v1.9.0.228

Dell Bluetooth-programvara

Dell Driver Download Manager

Dell Driver Reset Tool

Dell Solution Center

Dell Wireless WLAN Utility

Destinations

DeviceDiscovery

DeviceFunctionQFolder

DeviceManagementQFolder

Digital Line Detect

DocProc

DocumentViewer

DocumentViewerQFolder

Driver Whiz

DVDSentry

e-kort

Easy CD Creator 5 Basic

eSupportQFolder

F-Secure Internet Security 2011

F-Secure PSC Prerequisites

Feedidentifiering (Windows Live Toolbar)

FullDPAppQFolder

Garmin City Navigator Europe NT 2009 Update

Garmin Communicator Plugin

Garmin POI Loader

Garmin USB Drivers

GdiplusUpgrade

Google Earth Plug-in

Google Update Helper

GoToMeeting 4.1.0.366

GPBaseService2

GPL MPEG-1/2 DirectShow Decoder Filter

Help and Support Customization

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

HP Customer Participation Program 12.0

HP Document Viewer 5.3

HP Image Zone 5.3

HP Imaging Device Functions 12.0

HP Officejet Pro 8000 A809 Series

HP Photosmart Prem-Web C309n-s All-in-One Driver 14.0 Rel. 6

hp photosmart printer series (Remove only)

HP Scanjet 4800 series

HP Smart Web Printing

HP Solution Center 13.0

HP Update

hpg4850

hpg4850QFolder

HPProductAssistant

HPSSupply

Imaging för Windows® Professional Edition 2.6

InstantShareDevices

InterVideo WinDVD

iTunes

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 23

KhalInstallWrapper

Kontrollpanelen MobileMe

KoolMoves Lite 4.3.2

Lizardtech DjVu-kontroll

Logitech Desktop Messenger

Logitech Legacy USB Camera drivrutinspaket

Logitech Media Desktop

Logitech SetPoint

Logitech Webcam Software

Logitech Webcam Software drivrutinspaket

Logitech Vid

Logitech Video Enumerator

Macromedia Dreamweaver MX 2004

Macromedia Extension Manager

Malwarebytes' Anti-Malware

MarketResearch

McAfee Security Scan Plus

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 1.1 Swedish Language Pack

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - SVE

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - SVE

Microsoft .NET Framework 3.5 Language Pack SP1 - sve

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Excel 2000 SR-1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 SR-1 Professional

Microsoft Office 2000 SR-1 Standard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Swedish) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Groove MUI (Swedish) 2007

Microsoft Office InfoPath MUI (Swedish) 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office Outlook MUI (Swedish) 2007

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Swedish) 2007

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Web Components

Microsoft Office Word MUI (Swedish) 2007

Microsoft Search Enhancement Pack

Microsoft Software Update for Web Folders (Swedish) 12

Microsoft SQL Server 2000

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Modem Helper

Mozilla Firefox (3.6.13)

MozyHome 1.8.9.3

MSVCRT

MSVCSetup

MSXML 4.0 SP2 (KB925672)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Musicator version 6

MVision

myPrintMileage (Officejet Pro 8000 A809)

MySQL Connector/ODBC 3.51

MySQL Connector/ODBC 5.1

NCH Toolbox

NetWaiting

Network

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OneCare Advisor (Windows Live Toolbar)

PanoStandAlone

PCI 7510 CardBus Controller with SmartCard and Software

PhotoGallery

Picasa 3

Pixillion Image Converter

Popup-blockeraren (Windows Live Toolbar)

ProductContext

PS_AIO_06_C309n-s_SW_Min

QuickSet

QuickTime

R-Verktyg 1.04

RandMap

RealArcade

RealPlayer

RealUpgrade 1.0

RedMon - Skrivarövervakare för omdirigering av port

Retrospect Express HD 2.5

Scan

ScannerCopy

Security Task Manager 1.8c

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Segoe UI

SEMC DSS-20 SyncStation Driver

Shop for HP Supplies

SIW version 2009-09-09

SkinsHP1

Smart Defrag

Smarta menyer (Windows Live Toolbar)

SmartWebPrinting

Snabbkorrigering för Windows Internet Explorer 7 (KB947864)

Snabbkorrigering för Windows Media Player 11 (KB939683)

Snabbkorrigering för Windows XP (KB2158563)

Snabbkorrigering för Windows XP (KB2443685)

Snabbkorrigering för Windows XP (KB952287)

Snabbkorrigering för Windows XP (KB961118)

Snabbkorrigering för Windows XP (KB970653-v3)

Snabbkorrigering för Windows XP (KB976098-v2)

Snabbkorrigering för Windows XP (KB979306)

Snabbkorrigering för Windows XP (KB981793)

Snapshot Viewer

Software Informer 1.0 BETA

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB928090)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB931768)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB933566)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB939653)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB969897)

Säkerhetsuppdatering för Windows Internet Explorer 7 (KB972260)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2183461)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2360131)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB2416400)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB972260)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB976325)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB978207)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB981332)

Säkerhetsuppdatering för Windows Internet Explorer 8 (KB982381)

Säkerhetsuppdatering för Windows Media Player (KB2378111)

Säkerhetsuppdatering för Windows Media Player (KB911564)

Säkerhetsuppdatering för Windows Media Player (KB952069)

Säkerhetsuppdatering för Windows Media Player (KB954155)

Säkerhetsuppdatering för Windows Media Player (KB968816)

Säkerhetsuppdatering för Windows Media Player (KB973540)

Säkerhetsuppdatering för Windows Media Player (KB975558)

Säkerhetsuppdatering för Windows Media Player (KB978695)

Säkerhetsuppdatering för Windows Media Player 10 (KB911565)

Säkerhetsuppdatering för Windows Media Player 10 (KB917734)

Säkerhetsuppdatering för Windows Media Player 10 (KB936782)

Säkerhetsuppdatering för Windows Media Player 11 (KB936782)

Säkerhetsuppdatering för Windows Media Player 11 (KB954154)

Säkerhetsuppdatering för Windows XP (KB2079403)

Säkerhetsuppdatering för Windows XP (KB2115168)

Säkerhetsuppdatering för Windows XP (KB2121546)

Säkerhetsuppdatering för Windows XP (KB2124261)

Säkerhetsuppdatering för Windows XP (KB2160329)

Säkerhetsuppdatering för Windows XP (KB2229593)

Säkerhetsuppdatering för Windows XP (KB2259922)

Säkerhetsuppdatering för Windows XP (KB2279986)

Säkerhetsuppdatering för Windows XP (KB2286198)

Säkerhetsuppdatering för Windows XP (KB2290570)

Säkerhetsuppdatering för Windows XP (KB2296011)

Säkerhetsuppdatering för Windows XP (KB2296199)

Säkerhetsuppdatering för Windows XP (KB2347290)

Säkerhetsuppdatering för Windows XP (KB2360937)

Säkerhetsuppdatering för Windows XP (KB2387149)

Säkerhetsuppdatering för Windows XP (KB2419632)

Säkerhetsuppdatering för Windows XP (KB2423089)

Säkerhetsuppdatering för Windows XP (KB2436673)

Säkerhetsuppdatering för Windows XP (KB2440591)

Säkerhetsuppdatering för Windows XP (KB2443105)

Säkerhetsuppdatering för Windows XP (KB923561)

Säkerhetsuppdatering för Windows XP (KB938464-v2)

Säkerhetsuppdatering för Windows XP (KB938464)

Säkerhetsuppdatering för Windows XP (KB941569)

Säkerhetsuppdatering för Windows XP (KB946648)

Säkerhetsuppdatering för Windows XP (KB950760)

Säkerhetsuppdatering för Windows XP (KB950762)

Säkerhetsuppdatering för Windows XP (KB950974)

Säkerhetsuppdatering för Windows XP (KB951066)

Säkerhetsuppdatering för Windows XP (KB951376-v2)

Säkerhetsuppdatering för Windows XP (KB951376)

Säkerhetsuppdatering för Windows XP (KB951698)

Säkerhetsuppdatering för Windows XP (KB951748)

Säkerhetsuppdatering för Windows XP (KB952004)

Säkerhetsuppdatering för Windows XP (KB952954)

Säkerhetsuppdatering för Windows XP (KB953155)

Säkerhetsuppdatering för Windows XP (KB953839)

Säkerhetsuppdatering för Windows XP (KB954211)

Säkerhetsuppdatering för Windows XP (KB954459)

Säkerhetsuppdatering för Windows XP (KB954600)

Säkerhetsuppdatering för Windows XP (KB955069)

Säkerhetsuppdatering för Windows XP (KB956391)

Säkerhetsuppdatering för Windows XP (KB956572)

Säkerhetsuppdatering för Windows XP (KB956744)

Säkerhetsuppdatering för Windows XP (KB956802)

Säkerhetsuppdatering för Windows XP (KB956803)

Säkerhetsuppdatering för Windows XP (KB956841)

Säkerhetsuppdatering för Windows XP (KB956844)

Säkerhetsuppdatering för Windows XP (KB957095)

Säkerhetsuppdatering för Windows XP (KB957097)

Säkerhetsuppdatering för Windows XP (KB958644)

Säkerhetsuppdatering för Windows XP (KB958687)

Säkerhetsuppdatering för Windows XP (KB958690)

Säkerhetsuppdatering för Windows XP (KB958869)

Säkerhetsuppdatering för Windows XP (KB959426)

Säkerhetsuppdatering för Windows XP (KB960225)

Säkerhetsuppdatering för Windows XP (KB960715)

Säkerhetsuppdatering för Windows XP (KB960803)

Säkerhetsuppdatering för Windows XP (KB960859)

Säkerhetsuppdatering för Windows XP (KB961371)

Säkerhetsuppdatering för Windows XP (KB961373)

Säkerhetsuppdatering för Windows XP (KB961501)

Säkerhetsuppdatering för Windows XP (KB968537)

Säkerhetsuppdatering för Windows XP (KB969059)

Säkerhetsuppdatering för Windows XP (KB969898)

Säkerhetsuppdatering för Windows XP (KB969947)

Säkerhetsuppdatering för Windows XP (KB970238)

Säkerhetsuppdatering för Windows XP (KB970430)

Säkerhetsuppdatering för Windows XP (KB970483)

Säkerhetsuppdatering för Windows XP (KB971468)

Säkerhetsuppdatering för Windows XP (KB971486)

Säkerhetsuppdatering för Windows XP (KB971557)

Säkerhetsuppdatering för Windows XP (KB971633)

Säkerhetsuppdatering för Windows XP (KB971657)

Säkerhetsuppdatering för Windows XP (KB972270)

Säkerhetsuppdatering för Windows XP (KB973346)

Säkerhetsuppdatering för Windows XP (KB973354)

Säkerhetsuppdatering för Windows XP (KB973507)

Säkerhetsuppdatering för Windows XP (KB973525)

Säkerhetsuppdatering för Windows XP (KB973869)

Säkerhetsuppdatering för Windows XP (KB973904)

Säkerhetsuppdatering för Windows XP (KB974112)

Säkerhetsuppdatering för Windows XP (KB974318)

Säkerhetsuppdatering för Windows XP (KB974392)

Säkerhetsuppdatering för Windows XP (KB974571)

Säkerhetsuppdatering för Windows XP (KB975025)

Säkerhetsuppdatering för Windows XP (KB975467)

Säkerhetsuppdatering för Windows XP (KB975560)

Säkerhetsuppdatering för Windows XP (KB975561)

Säkerhetsuppdatering för Windows XP (KB975562)

Säkerhetsuppdatering för Windows XP (KB975713)

Säkerhetsuppdatering för Windows XP (KB976323)

Säkerhetsuppdatering för Windows XP (KB977165)

Säkerhetsuppdatering för Windows XP (KB977816)

Säkerhetsuppdatering för Windows XP (KB977914)

Säkerhetsuppdatering för Windows XP (KB978037)

Säkerhetsuppdatering för Windows XP (KB978251)

Säkerhetsuppdatering för Windows XP (KB978262)

Säkerhetsuppdatering för Windows XP (KB978338)

Säkerhetsuppdatering för Windows XP (KB978542)

Säkerhetsuppdatering för Windows XP (KB978601)

Säkerhetsuppdatering för Windows XP (KB978706)

Säkerhetsuppdatering för Windows XP (KB979309)

Säkerhetsuppdatering för Windows XP (KB979482)

Säkerhetsuppdatering för Windows XP (KB979559)

Säkerhetsuppdatering för Windows XP (KB979683)

Säkerhetsuppdatering för Windows XP (KB979687)

Säkerhetsuppdatering för Windows XP (KB980195)

Säkerhetsuppdatering för Windows XP (KB980218)

Säkerhetsuppdatering för Windows XP (KB980232)

Säkerhetsuppdatering för Windows XP (KB980436)

Säkerhetsuppdatering för Windows XP (KB981322)

Säkerhetsuppdatering för Windows XP (KB981852)

Säkerhetsuppdatering för Windows XP (KB981957)

Säkerhetsuppdatering för Windows XP (KB981997)

Säkerhetsuppdatering för Windows XP (KB982132)

Säkerhetsuppdatering för Windows XP (KB982214)

Säkerhetsuppdatering för Windows XP (KB982665)

Säkerhetsuppdatering för Windows XP (KB982802)

SolutionCenter

Sonic_PrimoSDK

SPCS Skatt Företag 2004-2005

SPCS Skatt Företag 2005-2006

SPCS Skatt Företag 2006-2007

SPCS Skatt Proffs 2004-2005

Språkpaket för Microsoft .NET Framework 3.5 SP 1 - sve

Spybot - Search & Destroy

Status

System Requirements Lab

TestDrive Client

Toolbox

TPTEST 5.0.1

TrayApp

TreeDraw WinFamily Edition

TweakNow RegCleaner

Uniblue RegistryBooster

Uninstall Startup Inspector

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Outlook 2007 Junk Email Filter (KB2483110)

Uppdatering för Windows Internet Explorer 8 (KB972636)

Uppdatering för Windows Internet Explorer 8 (KB976662)

Uppdatering för Windows Internet Explorer 8 (KB976749)

Uppdatering för Windows Internet Explorer 8 (KB980182)

Uppdatering för Windows XP (KB2141007)

Uppdatering för Windows XP (KB2345886)

Uppdatering för Windows XP (KB2467659)

Uppdatering för Windows XP (KB951072-v2)

Uppdatering för Windows XP (KB951978)

Uppdatering för Windows XP (KB955759)

Uppdatering för Windows XP (KB955839)

Uppdatering för Windows XP (KB961503)

Uppdatering för Windows XP (KB967715)

Uppdatering för Windows XP (KB968389)

Uppdatering för Windows XP (KB971737)

Uppdatering för Windows XP (KB973687)

Uppdatering för Windows XP (KB973815)

User Profile Hive Cleanup Service

Webbsökning med flikar (Windows Live Toolbar)

WebEx

WebFldrs XP

WebReg

VeriSign i-Nav and Components

Verktygsfältet Outlook (Windows Live Toolbar)

VersionTracker Pro Windows

Viktig uppdatering för Windows Media Player 11 (KB959772)

Windows-drivrutinspaket - Hewlett-Packard Image (12/27/2006 8.0.0.0)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage v1.3.0254.0

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Communications Platform

Windows Live Essentials

Windows Live inloggningsassistenten

Windows Live Messenger

Windows Live Toolbar

Windows Live Toolbar Extension (Windows Live Toolbar)

Windows Live Upload Tool

Windows Media Format 11 runtime

Windows Media Player 11

Windows Media Player Firefox Plugin

Windows PowerShell 1.0

Windows Skrivbordssökning

Windows XP Service Pack 3

WinFamily 7.0

Visma Administration

Visma Skatt 2008-2009

Visma Skatt 2009-2010

Visma Skatt Företag 2007-2008

XL-Dennis Exempelsamling 2004

XL-Dennis VBA Exempelsamling

XML Paper Specification Shared Components Language Pack 1.0

Yahoo! Toolbar

ZIP Reader 8.00.0018

 

==== End Of File ===========================

 

Och här kommer DDS.txt

 

DDS (Ver_10-12-12.02) - NTFSx86

Run by somo at 17:03:06.05 on 2011-01-24

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1023.311 [GMT 1:00]

 

AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

FW: F-Secure Internet Security 2011 10.51 *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Delade filer\LogiShrd\Bluetooth\LBTServ.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\Logitech\SetPoint\LBTWiz.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Dell\QuickSet\Quickset.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Dell\Bluetooth-programvara\BTTray.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program\F-Secure\Common\FSHDLL32.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\MozyHome\mozybackup.exe

C:\Program\MICROS~2\MSSQL\binn\sqlservr.exe

C:\Program\VeriSign\NAVI\naviagent.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program\RETROS~1\RETROS~1.5\retrorun.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\UPHClean\uphclean.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\wm.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\NOVELL\ZENRC\WUOLService.exe

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\WINDOWS\SYSTEM32\OBroker.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Documents and Settings\somo.000\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.kompislaget.se/

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZZ&fl=0&ptb=l3TvLutEvR_g3G2I1iTpaA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=66028

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=66028

uURLSearchHooks: i-Nav IDN SearchHook: {ce000994-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

mURLSearchHooks: i-Nav IDN SearchHook: {ce000994-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

mURLSearchHooks: i-Nav IDN SearchHook: {ce000994-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: EKortBrowserHelper Class: {1c900459-deef-4aa9-b260-1ef0f0c70a8d} - c:\program\ekort\Bhoekort.dll

BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program\windows desktop search\dsWebAllow.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program\f-secure\nrs\iescript\baselitmus.dll

BHO: i-Nav IDN Resolver: {ce000992-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn\yt.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program\f-secure\nrs\iescript\baselitmus.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [ZENRC Tray Icon] zentray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LogitechCommunicationsManager] "c:\program\delade filer\logishrd\lcommgr\Communications_Helper.exe"

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe

mRun: [Dell QuickSet] c:\program\dell\quickset\Quickset.exe

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

mRun: [nwiz] nwiz.exe /installquiet

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

dRun: [LOGITECH SETPOINT Logitech Inc] KHALMNPR.exe

dRun: [sETPOINT Logitech Inc] KHALMNP.exe

dRun: [msnmsgr] "c:\program\msn messenger\msnmsgr.exe" /background

dRun: [Picasa Media Detector] c:\program\picasa2\PicasaMediaDetector.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bttray.lnk - c:\program\dell\bluetooth-programvara\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe

uPolicies-explorer: HideClock = 0 (0x0)

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: &MSN Search - c:\program\msn toolbar suite\tb\02.05.0000.1105\sv-se\msntb.dll/search.htm

IE: &Search - ?p=ZZ

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka till &Bluetooth - c:\program\dell\bluetooth-programvara\btsendto_ie_ctx.htm

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program\dell\bluetooth-programvara\btsendto_ie.htm

IE: {CE000992-A58C-4441-8938-744CD72AB27F}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office12\REFIEBAR.DLL

IE: {CE000996-A58C-4441-8938-744CD72AB27F} - {CE000996-A58C-4441-8938-744CD72AB27F} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll

LSP: c:\program\f-secure\fsps\program\FSLSP.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: LBTWlgn - c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {b4870b70-f390-11d2-9fb9-f4ed725ea20d} - \\ZEN\SYS\PUBLIC\NalExpEx.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

LSA: Authentication Packages = msv1_0 nwv1_0

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\somo.000\applic~1\mozilla\firefox\profiles\pv1uhlxv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MICVE3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.kompislaget.se/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - component: c:\program\ekort\components\SlimOrbAddonEkort.dll

FF - component: c:\program\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\program files\garmin gps plugin\npGarmin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - plugin: c:\program\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\picasa2\npPicasa3.dll

FF - plugin: c:\program\windows media player\npatgpc.dll

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Svensk ordlista: sv@dictionaries.addons.mozilla.org - %profile%\extensions\sv@dictionaries.addons.mozilla.org

FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org

FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff

FF - Ext: e-kort for Firefox: ekort@orbiscom - c:\program\ekort

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program\f-secure\nrs\litmus-ff@f-secure.com

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.urlbar.hideGoButton - false

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

 

============= SERVICES / DRIVERS ===============

 

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-8-22 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-8-22 82824]

R1 a2injectiondriver;a2injectiondriver;c:\program\a-squared anti-malware\a2dix86.sys [2010-5-10 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:\program\a-squared anti-malware\a2util32.sys [2010-5-10 11776]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\f-secure\hips\drivers\fshs.sys [2010-8-22 72520]

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2008-9-16 2560]

R2 BlankScreen;HBDevice;c:\windows\system32\drivers\blankscreen.sys [2004-11-11 4480]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2010-8-22 221864]

R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [2001-6-15 3742]

R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [2001-6-15 3779]

R2 navi;VeriSign Updater;c:\program\verisign\navi\naviagent.exe uimode=agentupdate --> c:\program\verisign\navi\naviagent.exe uimode=agentupdate [?]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2010-5-8 45824]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\minifilter\fsgk.sys [2010-8-22 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program\f-secure\orsp client\fsorsp.exe [2010-8-22 63992]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2010-5-8 56960]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-9-21 136176]

S2 Indexing Service;Indexing The System Files;c:\windows\system32\ciclient.exe --> c:\windows\system32\ciclient.exe [?]

S2 TrkWksrv;Distributed Link Tracking Server;c:\windows\system32\trkwksrv.exe --> c:\windows\system32\TrkWksrv.exe [?]

S2 Ulead Service;Ulead Sservice System Files;c:\windows\system32\ulcdrsf.exe --> c:\windows\system32\ULCDRSF.exe [?]

S3 a2acc;a2acc;c:\program\a-squared anti-malware\a2accx86.sys [2010-5-10 72808]

S3 bvrp_pci;bvrp_pci;c:\windows\system32\drivers\bvrp_pci.sys [2005-2-20 4272]

S3 Capicgpdia;Capicgpdia; [x]

S3 cpuz132;cpuz132;\??\c:\docume~1\somo.000\lokala~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\somo.000\lokala~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 dev5_ap1;dev5_ap1;c:\phpdev5\apache\Apache.exe [2007-1-24 20480]

S3 dev5_ap2;dev5_ap2;c:\phpdev5\apache2\bin\Apache.exe [2007-1-24 20480]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2008-6-12 6828]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

S4 a2AntiDialer;a-squared Anti-Dialer Service;c:\program\a-squared anti-dialer\a2service.exe [2010-5-11 425080]

S4 a2AntiMalware;a-squared Anti-Malware Service;c:\program\a-squared anti-malware\a2service.exe [2008-2-18 2850296]

S4 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\fsfilter.sys [2010-8-22 41896]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\fsrec.sys [2010-8-22 27304]

S4 ScaWPrintManager;ScaWPrintManager;c:\program\scala business solutions nv\iscala\system\services\print\scawprintmanager.exe --> c:\program\scala business solutions nv\iscala\system\services\print\ScaWPrintManager.exe [?]

 

=============== Created Last 30 ================

 

2011-01-23 21:24:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2011-01-23 21:24:42 -------- d-----w- c:\program\Security Task Manager

2011-01-23 13:53:45 -------- d-----w- C:\NVIDIA

2011-01-22 21:04:13 83806056 ----a-w- c:\program\delade filer\windows live\.cache\wlc28.tmp

 

==================== Find3M ====================

 

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:22:40 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:22:39 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:22:39 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27:25 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:09:45 290048 ----a-w- c:\windows\system32\atmfd.dll

2008-03-15 17:23:53 5275624 -c--a-w- c:\program\SFTPMSI.exe

2005-05-23 14:46:44 774144 -c--a-w- c:\program\RngInterstitial.dll

 

============= FINISH: 17:06:45.14 ===============

[Cecilia]

Hur länge har du kört F-secure och Emsisoft Anti-Malware samtidigt?

 

Det är flera skräprester kvar av infektioner. Har något program tagit bort skadliga filer och hur länge sedan då?

 

TweakNow RegCleaner

Uniblue RegistryBooster

En möjlighet är att det är registerrensningsprogrammen som orsakar problemet. Det är rätt ofta de tar bort för mycket. Körde du något av dem i samband med att problemet uppstod? Går det i så fall att ångra vad de gjorde?

 

Avinstallera "Java 2 Runtime Environment, SE v1.4.2_03" eftersom det är en mycket gammal version med säkerhetshål.

 

mRun: [GrooveMonitor] "c:\program\microsoft office\office12\GrooveMonitor.exe"

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

Något av dem kan nog vara orsaken till felmeddelandet.

Den första borde gå att få bort genom att ställa in att Office inte ska starta automatiskt, kanske kallas snabbstart. Kan du hitta någon sådan inställning i Office?

[Hämtaren]

Mig veterligt har jag inte kört F-secure och Emsisoft Anti-Malware samtidigt. Tiden för Emsi...gick ut och eftersom jag tyckte den var bra så ville jag installera en ny upplaga på min nya PC där den nu tickar på. F-secure köpte vi till frugans PC och eftersom den fick installeras på flera maskiner lät jag den efterträda Emsi... på denna PC. Jag försökte köra Emsi härom kvällen, efter att jag kört F-secure manuellt för att kolla igenom hårddisken efter virus etc, men det gick inte. Jag har dock inte ännu avinstallerat Emsi...

TweakNow verkar vara körd senast den 11 sept med reg cleaner. Här kan jag tydligen göra restor på en backupfil som dock inte visar något innehåll troligen eftersom den är en zip-fil.

UniBlue körd för genomsökning senast den 4 sept. Har en reparationslog från 27 april då 15 poster togs bort av påstådda 1671 felaktiga registerposter. Senare har jag tydligen inte tagit bort några poster. Den finns en säkerhetskopia som kan återställa registerposter som togs bort i april men felet med Explorer.exe har kommit senare så det verka inte vara en god ide.

I den senaste körningen 4 sept var 1381 fel funna i registret. Dessa var av typen

TypeLib saknas

Felaktig filassociation

Ogiltig sökväg till drivrutiner

Sökväg saknas eller är ogiltig

Eftersom inte Explorer.exe fungerar kommer jag inte åt att lägga till/ta bort program den enkla vägen. Kan du ge mig en annan väg. Javaprog finns inte på Startmenyn heller.

GrooveMonitor.exe har jag stängt avfrån Autostart i Sysemconfig.

[Cecilia]

Både F-secure och Emsisoft Anti-Malware är igång i datorn enligt loggen.

R1 a2injectiondriver;a2injectiondriver;c:\program\a-squared anti-malware\a2dix86.sys [2010-5-10 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:\program\a-squared anti-malware\a2util32.sys [2010-5-10 11776]

Där R i R1 och R2 betyder running.

 

a-squared Anti-Malware 3.1

Men jag ser nu att det verkar vara en väldigt gammal version av Emsisoft. Numera finns Emsisoft Anti-Malware dels i en betalvariant som inkluderar ett antivirusprogram och därför inte ska kombineras med F-secure och dels i en gratisvariant som endast är igång just när man skannar.

 

Det är kanske inte så troligt att registerstädningsprogrammen är skyldiga denna gång. Men det händer att den typen av program tar bort något som orsakar problem långt senare.

 

Spara ComboFix på Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Stäng av alla program du ser inklusive antivirusprogram och antispionprogram, men lämna brandväggen på.

Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html

Kör ComboFix och följ anvisningarna som visas.

Om det kommer upp en fråga om du vill installera återställningskonsolen så svara Ja.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när det körs eftersom så det kan hänga upp sig då.

 

När ComboFix är färdig ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn.

 

Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix.

[Hämtaren]

Med ett lite vanvördigt uttryck kan jag säga: Det sket sig!

Gjort allt som du bad om. Combo skapade återställningspunkt(tur va det) ca 50 instanser kördes men så kom detta: REGT.cfxxe har stött på ett problem och måste avslutas. Efter en stund får jag helt blå skärm med ett allvarligt fel beskrivet om BIOS etc. Jag stänger ner och startar datorn igen. Då kommer meddelandet MS WINDOWS Datorn har återställts efter ett allvarligt fel. Loggfil har skapats. Vet ej var den ligger å du vet svårigheten att kolla i mappstrukturen!

Så var det slut på den spirande glädjen.

Det finns alltid ett nästa steg. Frågan är bara vilket?

[Cecilia]

Se om ComboFix kunde skapa en logg i alla fall. I så fall finns den i mappen C:\ eller C:\Qoobox och heter ComboFix.txt.

[Hämtaren]

Tyvärr finns ingen sådan. Däremot finns under Index för file:///C:/ComboFix/ med en förteckning som börjar på detta sätt:

Namn

Storlek

Senast ändrad

 

Fil:023.dat

52 KB

2011-01-25

15:38

 

Fil:023v.dat

3 KB

2010-11-27

03:07

 

Fil:023w7.dat

1 KB

2010-02-13

01:55

 

Fil:ATTRIB.cfxxe

12 KB

2008-04-14

18:04

 

Fil:AWF.cmd

1 KB

2009-11-16

01:03

 

Fil:AppData.folder.dat

1 KB

2011-01-25

15:42

 

Fil:Assoc.cmd

5 KB

2010-04-15

23:11

 

Fil:BHO.dat

 

2011-01-25

15:50

 

Fil:BHOFiles.dat

 

2011-01-25

15:50

 

Fil:BHOQuery.dat

3 KB

2011-01-25

15:50

 

Fil:BitsPath

 

2011-01-25

15:51

 

Fil:BitsStr

1 KB

2011-01-25

15:51

 

Fil:Boot-Rk.cmd

5 KB

2010-12-19

01:08

 

Fil:Boot.bat

9 KB

2010-11-25

23:54

 

Fil:BootDrv.vbs

1 KB

2010-07-27

17:55

 

Fil:CCS.bat

1 KB

2011-01-25

15:47

 

Fil:CF-RC.txt

1 KB

2011-01-25

15:44

Sedan finns en mapp Qoobox där finns en catchme.log fil men endast dagens datum och tid finns i filen så den hann tydligen inte mer än så.

Är detta av något värde?

[Cecilia]

Starta om datorn i felsäkert läge med nätverk (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge med nätverk i menyn) och se om det går bättre att köra ComboFix då.

[Hämtaren]

Äntligen igenom men fått felet om REGT.cfxxe tre ggr men det störde tydligen inte ComboFix utan här kommer logfilen.

ComboFix 11-01-24.02 - somo 2011-01-25 17:43:59.4.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1023.765 [GMT 1:00]

Körs från: c:\documents and settings\somo.000\Skrivbord\ComboFix.exe

AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Internet Security 2011 10.51 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\page

c:\documents and settings\All Users\Application Data\page\page.ico

c:\documents and settings\All Users\Application Data\page\page.URL

.

---- Föregående körning -------

.

c:\documents and settings\All Users\Start-meny\HP Image Zone .lnk

c:\documents and settings\somo.000\Application Data\EurekaLog

c:\documents and settings\somo.000\g2mdlhlpx.exe

c:\windows\s.bat

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\Thumbs.db

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FAD

-------\Legacy_INDEXING_SERVICE

-------\Legacy_ULEAD_SERVICE

-------\Service_Indexing Service

-------\Service_Ulead Service

-------\Legacy_FAD

-------\Legacy_INDEXING_SERVICE

-------\Legacy_ULEAD_SERVICE

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-12-25 till 2011-01-25 ))))))))))))))))))))))))))))))

.

 

2011-01-25 15:23 . 2011-01-25 15:23 -------- d--h--w- c:\windows\PIF

2011-01-23 21:24 . 2011-01-23 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-01-23 21:24 . 2011-01-24 13:51 -------- d-----w- c:\program\Security Task Manager

2011-01-23 13:53 . 2011-01-23 13:53 -------- d-----w- C:\NVIDIA

2011-01-22 21:04 . 2011-01-22 21:04 83806056 ----a-w- c:\program\Delade filer\Windows Live\.cache\wlc28.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-15 12:20 . 2010-08-22 15:00 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15 . 2004-03-26 22:32 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 17:53 . 2010-07-12 09:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34 . 2009-03-16 10:21 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-09 14:52 . 2003-10-27 19:09 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:22 . 2004-12-07 18:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:22 . 2004-03-26 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:22 . 2004-03-26 22:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 2004-08-04 08:13 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-03-26 22:33 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2004-03-26 22:30 290048 ----a-w- c:\windows\system32\atmfd.dll

2008-03-15 17:23 . 2008-03-15 17:23 5275624 -c--a-w- c:\program\SFTPMSI.exe

2005-05-23 14:46 . 2005-05-23 14:46 774144 -c--a-w- c:\program\RngInterstitial.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]

2008-06-25 21:38 2401584 ----a-w- c:\program\MozyHome\mozyshell.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]

2008-06-25 21:38 2401584 ----a-w- c:\program\MozyHome\mozyshell.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"NWTRAY"="NWTRAY.EXE" [2001-12-18 28672]

"ZENRC Tray Icon"="zentray.exe" [2001-06-15 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-06 7118848]

"LogitechCommunicationsManager"="c:\program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Dell QuickSet"="c:\program\Dell\QuickSet\Quickset.exe" [2004-05-16 528384]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2010-05-07 202256]

"nwiz"="nwiz.exe" [2005-07-06 1519616]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2010-10-18 201384]

"F-Secure TNB"="c:\program\F-Secure\FSGUI\TNBUtil.exe" [2010-10-18 1655464]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"LOGITECH SETPOINT Logitech Inc"="KHALMNPR.exe" [2008-02-29 76304]

"Picasa Media Detector"="c:\program\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\jntest\Start-meny\Program\Autostart\

Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\SOMO\Start-meny\Program\Autostart\

Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BTTray.lnk - c:\program\Dell\Bluetooth-programvara\BTTray.exe [2004-4-26 561213]

Windows Skrivbordss”kning.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

"NoPopUpsOnBoot"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 00:42 72208 ----a-w- c:\program\Delade filer\LogiShrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrkWksrv]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BankID säkerhetsprogram.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk

backup=c:\windows\pss\BankID säkerhetsprogram.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\HP Image Zone Snabbstarta.lnk

backup=c:\windows\pss\HP Image Zone Snabbstarta.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Phone Connection Monitor.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Phone Connection Monitor.lnk

backup=c:\windows\pss\Phone Connection Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Service Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^somo.000^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\somo.000\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^somo.000^Start-meny^Program^Autostart^Skärmurklipp och start för OneNote 2007.lnk]

path=c:\documents and settings\somo.000\Start-meny\Program\Autostart\Skärmurklipp och start för OneNote 2007.lnk

backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2009-10-13 17:55 684032 ----a-w- c:\program\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 14:09 63712 ----a-w- c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2008-09-03 18:12 111936 -c--a-w- c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 16:05 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2004-05-16 19:18 528384 ----a-w- c:\program\Dell\QuickSet\quickset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2002-07-17 09:18 28672 -c--a-w- c:\windows\SYSTEM32\DSentry.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-kort]

2008-12-11 12:14 377856 ----a-w- c:\program\ekort\ekort.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-03-25 23:10 142120 ----a-w- c:\program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2010-05-07 21:25 91440 ----a-w- c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2009-06-02 06:59 5451536 -c--a-w- c:\program\Logitech\Logitech Vid\Vid.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-05-08 08:35 2780432 -c--a-w- c:\program\Logitech\Logitech WebCam Software\LWS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2010-05-07 14:11 75320 ----a-w- c:\program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]

2000-01-21 01:47 28672 -c--a-w- c:\windows\SYSTEM32\dpmw32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-07-06 17:52 1519616 ----a-w- c:\windows\SYSTEM32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]

2008-07-10 16:09 9499928 ----a-w- c:\program\RETROS~1\RETROS~1.5\RetroExpress.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2008-04-14 16:05 143872 -c--a-w- c:\windows\SYSTEM32\mobsync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=3 (0x3)

"a2AntiMalware"=2 (0x2)

"a2AntiDialer"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpmw32.exe"=

"c:\\Program\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=

"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=

"c:\\Program\\Messenger\\MsMsgs.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\phpdev5\\mysql\\bin\\mysqld-nt.exe"=

"c:\\phpdev5\\Apache\\Apache.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program\\Logitech\\Logitech Vid\\Vid.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2799:UDP"= 2799:UDP:*:Disabled:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:*:Disabled:Altova License Metering Port (TCP)

"1755:TCP"= 1755:TCP:*:Disabled:Aftonbladet

"1755:UDP"= 1755:UDP:*:Disabled:Aftonbladet

"1024:UDP"= 1024:UDP:*:Disabled:Aftonbaldet

"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)

"81:TCP"= 81:TCP:Axon Virtual PBX Web Server

 

R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [2010-08-22 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [2010-08-22 82824]

R1 a2injectiondriver;a2injectiondriver;c:\program\a-squared Anti-Malware\a2dix86.sys [2010-05-10 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:\program\a-squared Anti-Malware\a2util32.sys [2010-05-10 11776]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\F-Secure\HIPS\drivers\fshs.sys [2010-08-22 72520]

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\SYSTEM32\DRIVERS\mchInjDrv.sys [2008-09-16 2560]

R2 BlankScreen;HBDevice;c:\windows\SYSTEM32\DRIVERS\blankscreen.sys [2004-11-11 4480]

R2 Kblock;Kblock;c:\windows\SYSTEM32\DRIVERS\kblock.sys [2001-06-15 3742]

R2 Mouslock;Mouslock;c:\windows\SYSTEM32\DRIVERS\mouslock.sys [2001-06-15 3779]

R2 navi;VeriSign Updater;c:\program\VeriSign\NAVI\naviagent.exe uimode=agentupdate --> c:\program\VeriSign\NAVI\naviagent.exe uimode=agentupdate [?]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\SYSTEM32\DRIVERS\ousbehci.sys [2010-05-08 45824]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-08-22 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program\F-Secure\ORSP Client\fsorsp.exe [2010-08-22 63992]

R3 GTICARD;GTICARD;c:\windows\SYSTEM32\DRIVERS\gticard.sys [2003-10-23 76160]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\SYSTEM32\DRIVERS\ousb2hub.sys [2010-05-08 56960]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-09-21 136176]

S2 TrkWksrv;Distributed Link Tracking Server;c:\windows\System32\TrkWksrv.exe --> c:\windows\System32\TrkWksrv.exe [?]

S3 a2acc;a2acc;c:\program\a-squared Anti-Malware\a2accx86.sys [2010-05-10 72808]

S3 bvrp_pci;bvrp_pci;c:\windows\SYSTEM32\DRIVERS\bvrp_pci.sys [2005-02-20 4272]

S3 Capicgpdia;Capicgpdia; [x]

S3 dev5_ap1;dev5_ap1;c:\phpdev5\Apache\Apache.exe [2007-01-24 20480]

S3 dev5_ap2;dev5_ap2;c:\phpdev5\apache2\bin\Apache.exe [2007-01-24 20480]

S3 FTLUND;Lundinova Filter Driver;c:\windows\SYSTEM32\DRIVERS\ftlund.sys [2008-06-12 6828]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

S4 a2AntiDialer;a-squared Anti-Dialer Service;c:\program\a-squared Anti-Dialer\a2service.exe [2010-05-11 425080]

S4 a2AntiMalware;a-squared Anti-Malware Service;c:\program\a-squared Anti-Malware\a2service.exe [2008-02-18 2850296]

S4 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\fsfilter.sys [2010-08-22 41896]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\fsrec.sys [2010-08-22 27304]

S4 ScaWPrintManager;ScaWPrintManager;c:\program\Scala Business Solutions NV\iScala\System\Services\Print\ScaWPrintManager.exe --> c:\program\Scala Business Solutions NV\iScala\System\Services\Print\ScaWPrintManager.exe [?]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*Deregistered* - uphcleanhlp

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2011-01-24 c:\windows\Tasks\AWC Update.job

- c:\program\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-05-05 09:08]

 

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-09-21 12:21]

 

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-09-21 12:21]

 

2011-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2011-01-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2011-01-16 c:\windows\Tasks\SmartDefrag.job

- c:\program\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-05 17:08]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.kompislaget.se/

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZZ&fl=0&ptb=l3TvLutEvR_g3G2I1iTpaA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &MSN Search - c:\program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka till &Bluetooth - c:\program\Dell\Bluetooth-programvara\btsendto_ie_ctx.htm

LSP: c:\program\F-Secure\FSPS\program\FSLSP.DLL

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\documents and settings\somo.000\Application Data\Mozilla\Firefox\Profiles\pv1uhlxv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MICVE3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.kompislaget.se/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Svensk ordlista: sv@dictionaries.addons.mozilla.org - %profile%\extensions\sv@dictionaries.addons.mozilla.org

FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org

FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff

FF - Ext: e-kort for Firefox: ekort@orbiscom - c:\program\ekort

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program\F-Secure\NRS\litmus-ff@f-secure.com

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.urlbar.hideGoButton - false

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKU-Default-Run-SETPOINT Logitech Inc - KHALMNP.exe

HKU-Default-Run-msnmsgr - c:\program\MSN Messenger\msnmsgr.exe

ShellExecuteHooks-{B4870B70-F390-11d2-9FB9-F4ED725EA20D} - \\ZEN\SYS\PUBLIC\NalExpEx.dll

SafeBoot-DirectX DLL

SafeBoot-Ulead Systems

MSConfigStartUp-ShStatEXE - c:\program\Network Associates\VirusScan\SHSTAT.EXE

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-25 18:02

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(600)

c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

c:\program\delade filer\logishrd\bluetooth\LBTServ.dll

 

- - - - - - - > 'Explorer.exe'(3624)

c:\program\a-squared Anti-Malware\a2hooks32.dll

c:\program\MozyHome\mozyshell.dll

c:\windows\system32\WS2_32.dll

c:\windows\system32\WS2HELP.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\WSOCK32.dll

c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL

c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Delade filer\LogiShrd\Bluetooth\LBTServ.exe

c:\windows\System32\basfipm.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Dell\Bluetooth-programvara\bin\btwdins.exe

c:\program\F-Secure\Anti-Virus\fsgk32st.exe

c:\program\F-Secure\Common\FSMA32.EXE

c:\program\F-Secure\Anti-Virus\FSGK32.EXE

c:\program\F-Secure\Common\FSHDLL32.EXE

c:\windows\system32\inetsrv\inetinfo.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\MozyHome\mozybackup.exe

c:\program\MICROS~2\MSSQL\binn\sqlservr.exe

c:\program\VeriSign\NAVI\naviagent.exe

c:\windows\system32\nvsvc32.exe

c:\program\RETROS~1\RETROS~1.5\retrorun.exe

c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program\UPHClean\uphclean.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\wm.exe

c:\windows\System32\bcmwltry.exe

c:\program\VeriSign\NAVI\NAVICL~1.EXE

c:\novell\ZENRC\WUOLService.exe

c:\program\F-Secure\FWES\Program\fsdfwd.exe

c:\program\F-Secure\Anti-Virus\fssm32.exe

c:\windows\System32\vssvc.exe

c:\windows\system32\wscntfy.exe

c:\program\F-Secure\Anti-Virus\fsav32.exe

c:\windows\system32\NWTRAY.EXE

c:\program\Logitech\SetPoint\LBTWiz.exe

c:\program\Windows Desktop Search\WindowsSearchIndexer.exe

c:\program\Windows Desktop Search\WindowsSearchFilter.exe

.

**************************************************************************

.

Sluttid: 2011-01-25 18:13:07 - datorn startades om.

ComboFix-quarantined-files.txt 2011-01-25 17:13

 

Före genomsökningen: 5,270,839,296 byte ledigt

Efter genomsökningen: 4,031,823,872 byte ledigt

 

- - End Of File - - 7F0172B298CAD41C7C1BCBB84A897A15

[Cecilia]

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.malwarebytes.org/mbam-download.php

http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-8022_4-10804572&ontId=8022_4&spi=b4a0904e0f02b40bf2ae9ce030ef5c99&lop=link&tag=tdw_dltext&ltype=dl_dlnow&pid=11375988&mfgId=6290020&merId=6290020&pguid=XI3P-goPjFwAACI-g4wAAAA4&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-8022_4-10804572.html%3Fspi%3Db4a0904e0f02b40bf2ae9ce030ef5c99

http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Klicka på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj Utför snabb skanning och klicka på Skanna.

Skanningen tar ett tag.

När den är klar så klicka på OK och sedan Visa resultat.

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Klistra in en ny DDS-logg också.

[Hämtaren]

Här kommer mbam-log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databasversion: 5603

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

2011-01-25 22:57:03

mbam-log-2011-01-25 (22-57-03).txt

 

Skanningstyp: Snabbskanning

Antal skannade objekt: 198658

Förfluten tid: 11 minut(er), 36 sekund(er)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

 

OCH HÄR KOMMER

DDS (Ver_10-12-12.02) - NTFSx86

Run by somo at 22:59:18.22 on 2011-01-25

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1023.188 [GMT 1:00]

 

AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

FW: F-Secure Internet Security 2011 10.51 *Enabled*

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program\Delade filer\LogiShrd\Bluetooth\LBTServ.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\basfipm.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\Dell\Bluetooth-programvara\bin\btwdins.exe

C:\Program\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program\F-Secure\Common\FSMA32.EXE

C:\Program\F-Secure\Anti-Virus\FSGK32.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program\F-Secure\Common\FSHDLL32.EXE

C:\WINDOWS\system32\svchost.exe -k HPService

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\MozyHome\mozybackup.exe

C:\Program\MICROS~2\MSSQL\binn\sqlservr.exe

C:\Program\VeriSign\NAVI\naviagent.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program\RETROS~1\RETROS~1.5\retrorun.exe

C:\Program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program\UPHClean\uphclean.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\wm.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\NOVELL\ZENRC\WUOLService.exe

C:\Program\F-Secure\FWES\Program\fsdfwd.exe

C:\Program\F-Secure\Anti-Virus\fssm32.exe

C:\Program\F-Secure\Anti-Virus\fsav32.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\NWTRAY.EXE

C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program\Logitech\SetPoint\LBTWiz.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\Dell\QuickSet\Quickset.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Delade filer\Java\Java Update\jusched.exe

C:\Program\F-Secure\Common\FSM32.EXE

C:\Program\Dell\Bluetooth-programvara\BTTray.exe

C:\Program\Windows Desktop Search\WindowsSearch.exe

C:\Program\Windows Desktop Search\WindowsSearchIndexer.exe

C:\WINDOWS\Explorer.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\SYSTEM32\OBroker.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Mozilla Firefox\plugin-container.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\somo.000\Skrivbord\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.kompislaget.se/

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZZ&fl=0&ptb=l3TvLutEvR_g3G2I1iTpaA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: i-Nav IDN SearchHook: {ce000994-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

mURLSearchHooks: i-Nav IDN SearchHook: {ce000994-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

mURLSearchHooks: i-Nav IDN SearchHook: {ce000994-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program\delade filer\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: EKortBrowserHelper Class: {1c900459-deef-4aa9-b260-1ef0f0c70a8d} - c:\program\ekort\Bhoekort.dll

BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program\windows desktop search\dsWebAllow.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program\spybot - search & destroy\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: e-kort Helper Class: {9065e913-4f23-4b47-9b5d-b055d32db1f3} - c:\program\ekort\EKortHelper.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program\f-secure\nrs\iescript\baselitmus.dll

BHO: i-Nav IDN Resolver: {ce000992-a58c-4441-8938-744cd72ab27f} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program\yahoo!\companion\installs\cpn\yt.dll

TB: e-kort Toolbar: {8db2b2e8-579f-48a8-a496-18fefcf8f4df} - c:\program\ekort\EKortToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program\windows live\toolbar\wltcore.dll

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program\f-secure\nrs\iescript\baselitmus.dll

EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [ZENRC Tray Icon] zentray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [LogitechCommunicationsManager] "c:\program\delade filer\logishrd\lcommgr\Communications_Helper.exe"

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [bluetooth Connection Assistant] LBTWIZ.EXE -silent

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

mRun: [HP Software Update] c:\program\hp\hp software update\HPWuSchd2.exe

mRun: [Dell QuickSet] c:\program\dell\quickset\Quickset.exe

mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot

mRun: [nwiz] nwiz.exe /installquiet

mRun: [sunJavaUpdateSched] "c:\program\delade filer\java\java update\jusched.exe"

mRun: [F-Secure Manager] "c:\program\f-secure\common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "c:\program\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [Adobe Reader Speed Launcher] "c:\program\adobe\reader 9.0\reader\Reader_sl.exe"

mRunOnce: [Malwarebytes' Anti-Malware] c:\program\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRun: [LOGITECH SETPOINT Logitech Inc] KHALMNPR.exe

dRun: [Picasa Media Detector] c:\program\picasa2\PicasaMediaDetector.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\bttray.lnk - c:\program\dell\bluetooth-programvara\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\window~1.lnk - c:\program\windows desktop search\WindowsSearch.exe

mPolicies-explorer: NoResolveTrack = 1 (0x1)

mPolicies-explorer: NoFileAssociate = 0 (0x0)

mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: &MSN Search - c:\program\msn toolbar suite\tb\02.05.0000.1105\sv-se\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\program\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka till &Bluetooth - c:\program\dell\bluetooth-programvara\btsendto_ie_ctx.htm

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program\dell\bluetooth-programvara\btsendto_ie.htm

IE: {CE000992-A58C-4441-8938-744CD72AB27F}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office12\REFIEBAR.DLL

IE: {CE000996-A58C-4441-8938-744CD72AB27F} - {CE000996-A58C-4441-8938-744CD72AB27F} - c:\program\verisign\i-nav\i-nav_4_2_1.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program\spybot - search & destroy\SDHelper.dll

LSP: c:\program\f-secure\fsps\program\FSLSP.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: LBTWlgn - c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\somo.000\applic~1\mozilla\firefox\profiles\pv1uhlxv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MICVE3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.kompislaget.se/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll

FF - component: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - component: c:\program\ekort\components\SlimOrbAddonEkort.dll

FF - component: c:\program\f-secure\nrs\litmus-ff@f-secure.com\components\litmus-ff.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\somo.000\application data\mozilla\firefox\profiles\pv1uhlxv.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\program files\garmin gps plugin\npGarmin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - plugin: c:\program\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program\personal\bin\np_prsnl.dll

FF - plugin: c:\program\picasa2\npPicasa3.dll

FF - plugin: c:\program\windows media player\npatgpc.dll

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Svensk ordlista: sv@dictionaries.addons.mozilla.org - %profile%\extensions\sv@dictionaries.addons.mozilla.org

FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org

FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\java\jre6\lib\deploy\jqs\ff

FF - Ext: e-kort for Firefox: ekort@orbiscom - c:\program\ekort

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program\f-secure\nrs\litmus-ff@f-secure.com

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.urlbar.hideGoButton - false

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

 

============= SERVICES / DRIVERS ===============

 

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-8-22 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2010-8-22 82824]

R1 a2injectiondriver;a2injectiondriver;c:\program\a-squared anti-malware\a2dix86.sys [2010-5-10 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:\program\a-squared anti-malware\a2util32.sys [2010-5-10 11776]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\f-secure\hips\drivers\fshs.sys [2010-8-22 72520]

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\system32\drivers\mchInjDrv.sys [2008-9-16 2560]

R2 BlankScreen;HBDevice;c:\windows\system32\drivers\blankscreen.sys [2004-11-11 4480]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program\f-secure\anti-virus\fsgk32st.exe [2010-8-22 221864]

R2 Kblock;Kblock;c:\windows\system32\drivers\kblock.sys [2001-6-15 3742]

R2 Mouslock;Mouslock;c:\windows\system32\drivers\mouslock.sys [2001-6-15 3779]

R2 navi;VeriSign Updater;c:\program\verisign\navi\naviagent.exe uimode=agentupdate --> c:\program\verisign\navi\naviagent.exe uimode=agentupdate [?]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2010-5-8 45824]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\f-secure\anti-virus\minifilter\fsgk.sys [2010-8-22 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program\f-secure\orsp client\fsorsp.exe [2010-8-22 63992]

R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [2003-10-23 76160]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2010-5-8 56960]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\google\update\GoogleUpdate.exe [2010-9-21 136176]

S2 TrkWksrv;Distributed Link Tracking Server;c:\windows\system32\trkwksrv.exe --> c:\windows\system32\TrkWksrv.exe [?]

S3 a2acc;a2acc;c:\program\a-squared anti-malware\a2accx86.sys [2010-5-10 72808]

S3 bvrp_pci;bvrp_pci;c:\windows\system32\drivers\bvrp_pci.sys [2005-2-20 4272]

S3 Capicgpdia;Capicgpdia; [x]

S3 cpuz132;cpuz132;\??\c:\docume~1\somo.000\lokala~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\somo.000\lokala~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 dev5_ap1;dev5_ap1;c:\phpdev5\apache\Apache.exe [2007-1-24 20480]

S3 dev5_ap2;dev5_ap2;c:\phpdev5\apache2\bin\Apache.exe [2007-1-24 20480]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2008-6-12 6828]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

S4 a2AntiDialer;a-squared Anti-Dialer Service;c:\program\a-squared anti-dialer\a2service.exe [2010-5-11 425080]

S4 a2AntiMalware;a-squared Anti-Malware Service;c:\program\a-squared anti-malware\a2service.exe [2008-2-18 2850296]

S4 F-Secure Filter;F-Secure File System Filter;c:\program\f-secure\anti-virus\win2k\fsfilter.sys [2010-8-22 41896]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\f-secure\anti-virus\win2k\fsrec.sys [2010-8-22 27304]

S4 ScaWPrintManager;ScaWPrintManager;c:\program\scala business solutions nv\iscala\system\services\print\scawprintmanager.exe --> c:\program\scala business solutions nv\iscala\system\services\print\ScaWPrintManager.exe [?]

 

=============== Created Last 30 ================

 

2011-01-25 15:23:18 -------- d--h--w- c:\windows\PIF

2011-01-25 14:44:51 -------- d-sha-r- C:\cmdcons

2011-01-25 14:38:44 89088 ----a-w- c:\windows\MBR.exe

2011-01-25 14:38:43 98816 ----a-w- c:\windows\sed.exe

2011-01-25 14:38:43 256512 ----a-w- c:\windows\PEV.exe

2011-01-25 14:38:43 161792 ----a-w- c:\windows\SWREG.exe

2011-01-23 21:24:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan

2011-01-23 21:24:42 -------- d-----w- c:\program\Security Task Manager

2011-01-23 13:53:45 -------- d-----w- C:\NVIDIA

2011-01-22 21:04:13 83806056 ----a-w- c:\program\delade filer\windows live\.cache\wlc28.tmp

 

==================== Find3M ====================

 

2010-12-02 03:35:18 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 17:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-09 14:52:37 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:22:40 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:22:39 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:22:39 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27:25 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:09:45 290048 ----a-w- c:\windows\system32\atmfd.dll

2008-03-15 17:23:53 5275624 -c--a-w- c:\program\SFTPMSI.exe

2005-05-23 14:46:44 774144 -c--a-w- c:\program\RngInterstitial.dll

 

============= FINISH: 23:01:32.95 ===============

Ingen ATTACH.txt denna gång då?

[Cecilia]

Firefox - Verktyg - Tillägg - Insticksmoduler

Avinstallera/Inaktivera alla Java utom den senaste.

 

Kopiera alla rader i rutan:

Killall::
DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZZ&fl=0&ptb=l3TvLutEvR_g3G2I1iTpaA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program\microsoft office\office12\GrooveShellExtensions.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program\microsoft office\office12\GrooveShellExtensions.dll
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {CE000992-A58C-4441-8938-744CD72AB27F}
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program\microsoft office\office12\GrooveShellExtensions.dll
Firefox::
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
Driver::
TrkWksrv
Capicgpdia
cpuz132

och klistra in i Anteckningar. Kontrollera att det ser exakt likadant ut, t ex när det gäller radbrytningar.

Spara filen på Skrivbordet med namnet CFScript.

 

Förbered datorn på samma sätt som tidigare för ComboFix.

Dra CFScript med musen och släpp den ovanpå ComboFix-ikonen på Skrivbordet så startar programmet på ett särskilt sätt.

Klistra in loggen som kommer ut.

Berätta hur det gick att köra ComboFix denna gång.

 

Hur fungerar Den här datorn, Sök mm nu?

[Hämtaren]

ComboFix 11-01-24.02 - somo 2011-01-25 23:54:47.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1053.18.1023.374 [GMT 1:00]

Körs från: c:\documents and settings\somo.000\Skrivbord\ComboFix.exe

Använda kommandoväxlar :: c:\documents and settings\somo.000\Skrivbord\CFScript.txt

AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Internet Security 2011 10.51 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\program\microsoft office\office12\GrooveShellExtensions.dll

c:\program\microsoft office\office12\GrooveSystemServices.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_CPUZ132

-------\Legacy_TRKWKSRV

-------\Service_Capicgpdia

-------\Service_cpuz132

-------\Service_TrkWksrv

 

 

(((((((((((((((((((((((( Filer Skapade från 2010-12-25 till 2011-01-25 ))))))))))))))))))))))))))))))

.

 

2011-01-25 15:23 . 2011-01-25 15:23 -------- d--h--w- c:\windows\PIF

2011-01-23 21:24 . 2011-01-23 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan

2011-01-23 21:24 . 2011-01-24 13:51 -------- d-----w- c:\program\Security Task Manager

2011-01-23 13:53 . 2011-01-23 13:53 -------- d-----w- C:\NVIDIA

2011-01-22 21:04 . 2011-01-22 21:04 83806056 ----a-w- c:\program\Delade filer\Windows Live\.cache\wlc28.tmp

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-20 17:09 . 2010-05-09 17:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-20 17:08 . 2010-05-09 17:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-15 12:20 . 2010-08-22 15:00 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:15 . 2004-03-26 22:32 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-12 17:53 . 2010-07-12 09:11 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-12 15:34 . 2009-03-16 10:21 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-09 14:52 . 2003-10-27 19:09 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:22 . 2004-12-07 18:20 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:22 . 2004-03-26 22:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:22 . 2004-03-26 22:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:27 . 2004-08-04 08:13 385024 ----a-w- c:\windows\system32\html.iec

2010-11-02 15:17 . 2004-03-26 22:33 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys

2010-10-28 13:09 . 2004-03-26 22:30 290048 ----a-w- c:\windows\system32\atmfd.dll

2008-03-15 17:23 . 2008-03-15 17:23 5275624 -c--a-w- c:\program\SFTPMSI.exe

2005-05-23 14:46 . 2005-05-23 14:46 774144 -c--a-w- c:\program\RngInterstitial.dll

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]

2008-06-25 21:38 2401584 ----a-w- c:\program\MozyHome\mozyshell.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]

2008-06-25 21:38 2401584 ----a-w- c:\program\MozyHome\mozyshell.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]

"NWTRAY"="NWTRAY.EXE" [2001-12-18 28672]

"ZENRC Tray Icon"="zentray.exe" [2001-06-15 28672]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-06 7118848]

"LogitechCommunicationsManager"="c:\program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-30 196608]

"HP Software Update"="c:\program\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"Dell QuickSet"="c:\program\Dell\QuickSet\Quickset.exe" [2004-05-16 528384]

"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2010-05-07 202256]

"nwiz"="nwiz.exe" [2005-07-06 1519616]

"SunJavaUpdateSched"="c:\program\Delade filer\Java\Java Update\jusched.exe" [2010-05-14 248552]

"F-Secure Manager"="c:\program\F-Secure\Common\FSM32.EXE" [2010-10-18 201384]

"F-Secure TNB"="c:\program\F-Secure\FSGUI\TNBUtil.exe" [2010-10-18 1655464]

"Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"LOGITECH SETPOINT Logitech Inc"="KHALMNPR.exe" [2008-02-29 76304]

"Picasa Media Detector"="c:\program\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\jntest\Start-meny\Program\Autostart\

Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\SOMO\Start-meny\Program\Autostart\

Microsoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

 

c:\documents and settings\All Users\Start-meny\Program\Autostart\

BTTray.lnk - c:\program\Dell\Bluetooth-programvara\BTTray.exe [2004-4-26 561213]

Windows Skrivbordss”kning.lnk - c:\program\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

"NoPopUpsOnBoot"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 00:42 72208 ----a-w- c:\program\Delade filer\LogiShrd\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^BankID säkerhetsprogram.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk

backup=c:\windows\pss\BankID säkerhetsprogram.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^HP Image Zone Snabbstarta.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\HP Image Zone Snabbstarta.lnk

backup=c:\windows\pss\HP Image Zone Snabbstarta.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Logitech SetPoint.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Phone Connection Monitor.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Phone Connection Monitor.lnk

backup=c:\windows\pss\Phone Connection Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^Service Manager.lnk]

path=c:\documents and settings\All Users\Start-meny\Program\Autostart\Service Manager.lnk

backup=c:\windows\pss\Service Manager.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^somo.000^Start-meny^Program^Autostart^Microsoft Office.lnk]

path=c:\documents and settings\somo.000\Start-meny\Program\Autostart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^somo.000^Start-meny^Program^Autostart^Skärmurklipp och start för OneNote 2007.lnk]

path=c:\documents and settings\somo.000\Start-meny\Program\Autostart\Skärmurklipp och start för OneNote 2007.lnk

backup=c:\windows\pss\Skärmurklipp och start för OneNote 2007.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

2009-10-13 17:55 684032 ----a-w- c:\program\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07 932288 ----a-r- c:\program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2007-03-22 14:09 63712 ----a-w- c:\program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2008-09-03 18:12 111936 -c--a-w- c:\program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 16:05 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2004-05-16 19:18 528384 ----a-w- c:\program\Dell\QuickSet\quickset.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]

2002-07-17 09:18 28672 -c--a-w- c:\windows\SYSTEM32\DSentry.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e-kort]

2008-12-11 12:14 377856 ----a-w- c:\program\ekort\ekort.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 10:44 31072 ----a-w- c:\program\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-03-25 23:10 142120 ----a-w- c:\program\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2010-05-07 21:25 91440 ----a-w- c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]

2009-06-02 06:59 5451536 -c--a-w- c:\program\Logitech\Logitech Vid\Vid.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-05-08 08:35 2780432 -c--a-w- c:\program\Logitech\Logitech WebCam Software\LWS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]

2010-05-07 14:11 75320 ----a-w- c:\program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]

2000-01-21 01:47 28672 -c--a-w- c:\windows\SYSTEM32\dpmw32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2005-07-06 17:52 1519616 ----a-w- c:\windows\SYSTEM32\nwiz.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]

2008-07-10 16:09 9499928 ----a-w- c:\program\RETROS~1\RETROS~1.5\RetroExpress.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]

2008-04-14 16:05 143872 -c--a-w- c:\windows\SYSTEM32\mobsync.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Apple Mobile Device"=3 (0x3)

"a2AntiMalware"=2 (0x2)

"a2AntiDialer"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\SYSTEM32\\dpmw32.exe"=

"c:\\Program\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=

"c:\\Program\\Mozilla Firefox\\firefox.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=

"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=

"c:\\Program\\Messenger\\MsMsgs.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\phpdev5\\mysql\\bin\\mysqld-nt.exe"=

"c:\\phpdev5\\Apache\\Apache.exe"=

"c:\\xampp\\apache\\bin\\apache.exe"=

"c:\\xampp\\mysql\\bin\\mysqld.exe"=

"c:\\Program\\Bonjour\\mDNSResponder.exe"=

"c:\\Program\\iTunes\\iTunes.exe"=

"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program\\HP\\HP Software Update\\HPWUCli.exe"=

"c:\\Program\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

"c:\\Program\\Logitech\\Logitech Vid\\Vid.exe"=

"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"2799:UDP"= 2799:UDP:*:Disabled:Altova License Metering Port (UDP)

"2799:TCP"= 2799:TCP:*:Disabled:Altova License Metering Port (TCP)

"1755:TCP"= 1755:TCP:*:Disabled:Aftonbladet

"1755:UDP"= 1755:UDP:*:Disabled:Aftonbladet

"1024:UDP"= 1024:UDP:*:Disabled:Aftonbaldet

"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)

"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)

"81:TCP"= 81:TCP:Axon Virtual PBX Web Server

 

R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [2010-08-22 42664]

R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [2010-08-22 82824]

R1 a2injectiondriver;a2injectiondriver;c:\program\a-squared Anti-Malware\a2dix86.sys [2010-05-10 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:\program\a-squared Anti-Malware\a2util32.sys [2010-05-10 11776]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program\F-Secure\HIPS\drivers\fshs.sys [2010-08-22 72520]

R1 mchInjDrv;madCodeHook DLL injection driver;c:\windows\SYSTEM32\DRIVERS\mchInjDrv.sys [2008-09-16 2560]

R2 BlankScreen;HBDevice;c:\windows\SYSTEM32\DRIVERS\blankscreen.sys [2004-11-11 4480]

R2 Kblock;Kblock;c:\windows\SYSTEM32\DRIVERS\kblock.sys [2001-06-15 3742]

R2 Mouslock;Mouslock;c:\windows\SYSTEM32\DRIVERS\mouslock.sys [2001-06-15 3779]

R2 navi;VeriSign Updater;c:\program\VeriSign\NAVI\naviagent.exe uimode=agentupdate --> c:\program\VeriSign\NAVI\naviagent.exe uimode=agentupdate [?]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\SYSTEM32\DRIVERS\ousbehci.sys [2010-05-08 45824]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program\F-Secure\Anti-Virus\minifilter\fsgk.sys [2010-08-22 130728]

R3 FSORSPClient;F-Secure ORSP Client;c:\program\F-Secure\ORSP Client\fsorsp.exe [2010-08-22 63992]

R3 GTICARD;GTICARD;c:\windows\SYSTEM32\DRIVERS\gticard.sys [2003-10-23 76160]

R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\SYSTEM32\DRIVERS\ousb2hub.sys [2010-05-08 56960]

S2 gupdate;Tjänsten Google Update (gupdate);c:\program\Google\Update\GoogleUpdate.exe [2010-09-21 136176]

S3 a2acc;a2acc;c:\program\a-squared Anti-Malware\a2accx86.sys [2010-05-10 72808]

S3 bvrp_pci;bvrp_pci;c:\windows\SYSTEM32\DRIVERS\bvrp_pci.sys [2005-02-20 4272]

S3 dev5_ap1;dev5_ap1;c:\phpdev5\Apache\Apache.exe [2007-01-24 20480]

S3 dev5_ap2;dev5_ap2;c:\phpdev5\apache2\bin\Apache.exe [2007-01-24 20480]

S3 FTLUND;Lundinova Filter Driver;c:\windows\SYSTEM32\DRIVERS\ftlund.sys [2008-06-12 6828]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]

S4 a2AntiDialer;a-squared Anti-Dialer Service;c:\program\a-squared Anti-Dialer\a2service.exe [2010-05-11 425080]

S4 a2AntiMalware;a-squared Anti-Malware Service;c:\program\a-squared Anti-Malware\a2service.exe [2008-02-18 2850296]

S4 F-Secure Filter;F-Secure File System Filter;c:\program\F-Secure\Anti-Virus\win2k\fsfilter.sys [2010-08-22 41896]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program\F-Secure\Anti-Virus\win2k\fsrec.sys [2010-08-22 27304]

S4 ScaWPrintManager;ScaWPrintManager;c:\program\Scala Business Solutions NV\iScala\System\Services\Print\ScaWPrintManager.exe --> c:\program\Scala Business Solutions NV\iScala\System\Services\Print\ScaWPrintManager.exe [?]

 

--- Övriga tjänster/drivrutiner i minnet ---

 

*Deregistered* - uphcleanhlp

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Innehållet i mappen 'Schemalagda aktiviteter':

 

2011-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

 

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-09-21 12:21]

 

2011-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program\Google\Update\GoogleUpdate.exe [2010-09-21 12:21]

 

2011-01-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

 

2011-01-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3554365469-2736490223-2748996377-1009.job

- c:\program\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.kompislaget.se/

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZZ&fl=0&ptb=l3TvLutEvR_g3G2I1iTpaA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = localhost;*.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &MSN Search - c:\program\MSN Toolbar Suite\TB\02.05.0000.1105\sv-se\msntb.dll/search.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportera till Microsoft Excel - c:\program\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Skicka till &Bluetooth - c:\program\Dell\Bluetooth-programvara\btsendto_ie_ctx.htm

LSP: c:\program\F-Secure\FSPS\program\FSLSP.DLL

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB

FF - ProfilePath - c:\documents and settings\somo.000\Application Data\Mozilla\Firefox\Profiles\pv1uhlxv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MICVE3&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.kompislaget.se/

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Svensk ordlista: sv@dictionaries.addons.mozilla.org - %profile%\extensions\sv@dictionaries.addons.mozilla.org

FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: FirePHP: FirePHPExtension-Build@firephp.org - %profile%\extensions\FirePHPExtension-Build@firephp.org

FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program\Java\jre6\lib\deploy\jqs\ff

FF - Ext: e-kort for Firefox: ekort@orbiscom - c:\program\ekort

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: Browsing Protection: litmus-ff@f-secure.com - c:\program\F-Secure\NRS\litmus-ff@f-secure.com

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.urlbar.hideGoButton - false

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-26 00:09

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLer som "laddats" under processer som körs ---------------------

 

- - - - - - - > 'winlogon.exe'(644)

c:\program\delade filer\logishrd\bluetooth\LBTWlgn.dll

c:\program\delade filer\logishrd\bluetooth\LBTServ.dll

.

------------------------ Andra processer som körs ------------------------

.

c:\program\Delade filer\LogiShrd\Bluetooth\LBTServ.exe

c:\windows\System32\basfipm.exe

c:\program\Bonjour\mDNSResponder.exe

c:\program\Dell\Bluetooth-programvara\bin\btwdins.exe

c:\program\F-Secure\Anti-Virus\fsgk32st.exe

c:\program\F-Secure\Common\FSMA32.EXE

c:\program\F-Secure\Anti-Virus\FSGK32.EXE

c:\program\F-Secure\Common\FSHDLL32.EXE

c:\windows\system32\inetsrv\inetinfo.exe

c:\program\Java\jre6\bin\jqs.exe

c:\program\MozyHome\mozybackup.exe

c:\program\MICROS~2\MSSQL\binn\sqlservr.exe

c:\program\VeriSign\NAVI\naviagent.exe

c:\windows\system32\nvsvc32.exe

c:\program\RETROS~1\RETROS~1.5\retrorun.exe

c:\program\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program\UPHClean\uphclean.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\wm.exe

c:\windows\System32\bcmwltry.exe

c:\program\VeriSign\NAVI\NAVICL~1.EXE

c:\novell\ZENRC\WUOLService.exe

c:\program\F-Secure\FWES\Program\fsdfwd.exe

c:\program\F-Secure\Anti-Virus\fssm32.exe

c:\windows\System32\vssvc.exe

c:\windows\system32\wscntfy.exe

c:\program\F-Secure\Anti-Virus\fsav32.exe

c:\windows\system32\NWTRAY.EXE

c:\program\Logitech\SetPoint\LBTWiz.exe

c:\program\Windows Desktop Search\WindowsSearchIndexer.exe

c:\program\Windows Desktop Search\WindowsSearchFilter.exe

.

**************************************************************************

.

Sluttid: 2011-01-26 00:20:07 - datorn startades om.

ComboFix-quarantined-files.txt 2011-01-25 23:20

ComboFix2.txt 2011-01-25 17:13

 

Före genomsökningen: 3,948,351,488 byte ledigt

Efter genomsökningen: 3,934,142,464 byte ledigt

 

- - End Of File - - B52BA5F4706492D91FC67C9904770D87

Så till dina undringar:

ComboFix visade denna gång hur backupförloppet fortskred med två färgade liggande staplar.

När den visade vilka två dll-filer den tagit bort kom den första signalen om att REGT.cfxxe måste stängas pga att problem uppstått

Efter att ComboFix startat om PC kom nästa signal om REGT.cfxxe

När ComboFix visade Kör inga andra program.....kom nästa signal om REGT.cfxxe

Jag tyckte mig se en skillnad efter omstart att det i huvudet på rutan stod ComboFix - Find 3M!

När ComboFix visar upp logfilen crashar REGEDIT.EXE

Den här Datorn åstadkommer samma problem med explorer.exe liksom Kontrollpanelen. Ingen av dessa två fungerar alltså nu heller.

Sök däremot ger mig möjlighet att se hela trädstrukturen och jag kan expandera katalogerna men när jag vill se innehållet i en katalog crashar explorer.exe

PS Jag upplevde att det tog längre tid för ComboFix att genomföra jobbet denna gång. DS

[Cecilia]

Vi söker lite djupare.

 

1.

Spara TDSSKiller på Skrivbordet:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Högerklicka och välj Extrahera alla. Kom ihåg var du packar upp filen.

Stäng av dina vanliga program, men du kan lämna antivirusprogram och liknande igång.

Kör programmet TDSSKiller.exe som finns i mappen där du packade upp filerna.

 

Klicka på Start Scan.

 

Om några hot hittas så välj Cure och klicka på Continue. Om inte Cure finns så välj Skip. Välj INTE Quarantine eller Delete. Eventuellt behöver datorn startas om.

 

Klistra in innehållet i loggen som du hittar i C:\ med namnet TDSSKiller följt av version och tidpunkt.

Starta om datorn.

 

2.

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom IAT/EAT, Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på och det kan ta några timmar.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.

Starta om datorn.

 

3.

Spara MBRCheck.exe av a_d_13 på Skrivbordet.

Kör programmet.

Vänta tills programmet är klart eller till texten "Enter 'Y' and hit ENTER for more options, or 'N' to exit:" visas. I det senare fallet tryck på N följt av Enter.

När det är klart skapas en loggfil på Skrivbordet som heter MBRCheckxxxxxx.txt där xxxxxx är klockslaget för körningen. Öppna loggen i Anteckningar genom att dubbelklicka på loggen och klistra in innehållet i ditt svar.

[Hämtaren]

Eftersom det är explorer.exe som ställer till det så tänkte jag vara lite smart när jag packade upp filerna i 1. och la dem på skrivbordet. Det innebar att jag fick en katalog där.Inte den heller gick att öppna. Nu kom problem med DRWTSN32.exe som måste avslutas. Dessutom försvann möjligheten att stänga av datorn därför att aktivitetsfältet aldrig gick att komma åt. Då gick jag den starka vägen och tvingade fram ett avslut. När jag sedan startade igen så tänkte jag på att jag brukar ju kunna få tag på filerna via FireFox. Jag öppnade katalogen den vägen och sparade filerna på skrivbordet och sedan gick den att köra men inga infektioner påträffades. Här kommer loggen:

2011/01/26 10:52:44.0253 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53

2011/01/26 10:52:44.0253 ================================================================================

2011/01/26 10:52:44.0253 SystemInfo:

2011/01/26 10:52:44.0253

2011/01/26 10:52:44.0253 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/26 10:52:44.0253 Product type: Workstation

2011/01/26 10:52:44.0253 ComputerName: SE20387134

2011/01/26 10:52:44.0253 UserName: somo

2011/01/26 10:52:44.0253 Windows directory: C:\WINDOWS

2011/01/26 10:52:44.0253 System windows directory: C:\WINDOWS

2011/01/26 10:52:44.0253 Processor architecture: Intel x86

2011/01/26 10:52:44.0253 Number of processors: 1

2011/01/26 10:52:44.0253 Page size: 0x1000

2011/01/26 10:52:44.0253 Boot type: Normal boot

2011/01/26 10:52:44.0253 ================================================================================

2011/01/26 10:52:44.0834 Initialize success

2011/01/26 10:52:52.0926 ================================================================================

2011/01/26 10:52:52.0926 Scan started

2011/01/26 10:52:52.0926 Mode: Manual;

2011/01/26 10:52:52.0926 ================================================================================

2011/01/26 10:52:54.0939 a2acc (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM\A-SQUARED ANTI-MALWARE\a2accx86.sys

2011/01/26 10:52:55.0109 a2injectiondriver (b4fba42bdd499eb94423166d65b67b93) C:\Program\a-squared Anti-Malware\a2dix86.sys

2011/01/26 10:52:55.0269 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program\a-squared Anti-Malware\a2util32.sys

2011/01/26 10:52:55.0800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/01/26 10:52:56.0501 ACPI (48547e29772befe3c554ff5e4855bf51) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/01/26 10:52:56.0571 ACPIEC (decedc736cef3c0fff6e981b31e73a61) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/01/26 10:52:56.0701 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/01/26 10:52:57.0002 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/01/26 10:52:57.0302 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/01/26 10:52:58.0444 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/01/26 10:52:58.0634 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/01/26 10:52:58.0954 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/01/26 10:52:59.0275 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/01/26 10:52:59.0525 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/01/26 10:53:00.0306 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/01/26 10:53:00.0867 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/01/26 10:53:00.0927 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/01/26 10:53:01.0037 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/01/26 10:53:01.0108 ApfiltrService (42860ba463d5c9c58a91d1ad208169a9) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/01/26 10:53:01.0218 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/01/26 10:53:01.0288 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/01/26 10:53:01.0448 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/01/26 10:53:01.0598 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/01/26 10:53:01.0759 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/01/26 10:53:01.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/01/26 10:53:02.0029 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/01/26 10:53:02.0169 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/01/26 10:53:02.0339 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/01/26 10:53:02.0660 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys

2011/01/26 10:53:02.0990 BCM43XX (ba58cf7f9e8243f19c3eed2f2dcec770) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/01/26 10:53:03.0171 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/01/26 10:53:03.0301 BlankScreen (c5562e415b60f33a8a5435101addcc8d) C:\WINDOWS\system32\drivers\BlankScreen.sys

2011/01/26 10:53:03.0451 btaudio (949626f7a2efef92497c1f27ab4e9a99) C:\WINDOWS\system32\drivers\btaudio.sys

2011/01/26 10:53:04.0232 BTDriver (bd6e781547061e8bc67d37fe6c8caa3b) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/01/26 10:53:04.0843 BTKRNL (d5623a2aee031ac1ad0635b25940622d) C:\WINDOWS\system32\drivers\btkrnl.sys

2011/01/26 10:53:05.0494 BTWDNDIS (972ab1a14ccc7d1be281e08db4c5d69b) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/01/26 10:53:05.0624 btwhid (1aeed2c9db2be1521b3a298597809925) C:\WINDOWS\system32\DRIVERS\btwhid.sys

2011/01/26 10:53:05.0955 BTWUSB (e3517d21ab97bacea222e32629722047) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/01/26 10:53:06.0135 bvrp_pci (73458867c8963c76260c18d7bdb15625) C:\WINDOWS\system32\drivers\bvrp_pci.sys

2011/01/26 10:53:06.0405 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/01/26 10:53:06.0445 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/01/26 10:53:06.0525 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/01/26 10:53:06.0676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/01/26 10:53:06.0806 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/01/26 10:53:06.0956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/01/26 10:53:07.0056 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/01/26 10:53:07.0156 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/01/26 10:53:07.0317 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/01/26 10:53:07.0437 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2011/01/26 10:53:07.0667 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/01/26 10:53:07.0747 CmdIde (4c36a458153f8d7329e96192e653cb01) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/01/26 10:53:07.0837 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/01/26 10:53:07.0947 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/01/26 10:53:08.0048 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/01/26 10:53:08.0208 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/01/26 10:53:08.0378 DevUpper (913938a5382bfb2487aacaea408a14d2) C:\WINDOWS\system32\DRIVERS\tiumflt.sys

2011/01/26 10:53:08.0508 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/01/26 10:53:08.0598 dmboot (80008bd0c19d97b0b3f4d1d9cbf190a8) C:\WINDOWS\system32\drivers\dmboot.sys

2011/01/26 10:53:08.0709 dmio (41862731f82be80f0cfba5d0da36b683) C:\WINDOWS\system32\drivers\dmio.sys

2011/01/26 10:53:08.0769 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/01/26 10:53:08.0919 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/01/26 10:53:09.0049 Dot4 HPH09 (577dc4c5f7102ba9957f302942eb2da4) C:\WINDOWS\system32\DRIVERS\hphid409.sys

2011/01/26 10:53:09.0139 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/01/26 10:53:09.0269 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/01/26 10:53:09.0400 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys

2011/01/26 10:53:09.0620 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2011/01/26 10:53:09.0910 F-Secure Filter (872a4de096f1b4b5d0cdfa369abf9388) C:\Program\F-Secure\Anti-Virus\Win2K\FSfilter.sys

2011/01/26 10:53:10.0040 F-Secure Gatekeeper (ba3a72b0d43954f8a92c6d896183017d) C:\Program\F-Secure\Anti-Virus\minifilter\fsgk.sys

2011/01/26 10:53:10.0161 F-Secure HIPS (91fc6a3c01a771a5aa65959a361c22c5) C:\Program\F-Secure\HIPS\drivers\fshs.sys

2011/01/26 10:53:10.0291 F-Secure Recognizer (504f83be6d94346e5288fc5881a38a9b) C:\Program\F-Secure\Anti-Virus\Win2K\FSrec.sys

2011/01/26 10:53:10.0481 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/01/26 10:53:11.0162 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/01/26 10:53:11.0623 Fips (b66ddb75642f6722468707840c67a394) C:\WINDOWS\system32\drivers\Fips.sys

2011/01/26 10:53:11.0733 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/01/26 10:53:11.0893 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/01/26 10:53:12.0023 fsbts (0e3e5d0486c4e2128b9f0e1c2fd410c4) C:\WINDOWS\system32\Drivers\fsbts.sys

2011/01/26 10:53:12.0143 FSFW (b7feb06217a421ffd9eee6604e60f903) C:\WINDOWS\system32\drivers\fsdfw.sys

2011/01/26 10:53:12.0244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/01/26 10:53:12.0364 FTDIBUS (8672947aeec467dc5907ba024baf06ef) C:\WINDOWS\system32\drivers\ftdibus.sys

2011/01/26 10:53:12.0484 Ftdisk (45fc410cfe68ff036ad232a141e69c19) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/01/26 10:53:12.0604 FTLUND (e51ec9d232494c0713e0a0938dd9c893) C:\WINDOWS\system32\drivers\ftlund.sys

2011/01/26 10:53:12.0704 FTSER2K (1baea6f4a629abcbd87267c2c732c982) C:\WINDOWS\system32\drivers\ftser2k.sys

2011/01/26 10:53:12.0824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/01/26 10:53:12.0965 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/01/26 10:53:13.0125 GTICARD (5ccb2f5cd9f8b6a7dfd57e5346ee5796) C:\WINDOWS\system32\DRIVERS\gticard.sys

2011/01/26 10:53:13.0275 gv3 (78a4b98b0a416474895aa1e8685fb0ee) C:\WINDOWS\system32\DRIVERS\gv3.sys

2011/01/26 10:53:13.0395 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/01/26 10:53:13.0495 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/01/26 10:53:13.0626 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/01/26 10:53:13.0716 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/01/26 10:53:13.0816 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/01/26 10:53:13.0966 HSFHWICH (a84bbbdd125d370593004f6429f8445c) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

2011/01/26 10:53:14.0407 HSF_DP (272914d8e356bbbffbe7e88871a188ef) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/01/26 10:53:14.0607 HSF_DPV (b678fa91cf4a1c19b462d8db04cd02ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS

2011/01/26 10:53:14.0998 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/01/26 10:53:15.0168 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/01/26 10:53:15.0278 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/01/26 10:53:15.0408 i8042prt (82e56cd09b2ce1edec3fba9111c7ee3a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/01/26 10:53:15.0588 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/01/26 10:53:15.0779 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/01/26 10:53:15.0889 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/01/26 10:53:15.0949 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/01/26 10:53:16.0029 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/01/26 10:53:16.0129 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/01/26 10:53:16.0370 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/01/26 10:53:16.0540 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/01/26 10:53:16.0780 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/01/26 10:53:16.0930 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/01/26 10:53:17.0111 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys

2011/01/26 10:53:17.0231 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/01/26 10:53:17.0331 IntelIde (3012ee13f357a99361ad8b0d93e13c45) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/01/26 10:53:17.0431 intelppm (02431778e84a525d29929d14bab71d53) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/01/26 10:53:17.0521 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/01/26 10:53:17.0661 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/01/26 10:53:17.0782 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/01/26 10:53:18.0012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/01/26 10:53:18.0142 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/01/26 10:53:18.0302 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/01/26 10:53:18.0463 isapnp (48f97c77daf8811598cfae21368eacb6) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/01/26 10:53:18.0613 Kbdclass (d655ca94c8e2e0223c1bc28bcd95723a) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/01/26 10:53:18.0713 kbdhid (e1e28876fe7602b0a1d040354de35c06) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/01/26 10:53:18.0833 Kblock (23a6719a9b25e0d9b23838b50ee2d936) C:\WINDOWS\system32\drivers\Kblock.sys

2011/01/26 10:53:19.0053 KBSTUFF (8b21540f7ad5c4dd650bbd3a379344b4) C:\WINDOWS\system32\drivers\KBSTUFF.sys

2011/01/26 10:53:19.0204 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/01/26 10:53:19.0414 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/01/26 10:53:19.0644 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys

2011/01/26 10:53:19.0754 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys

2011/01/26 10:53:20.0165 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2011/01/26 10:53:20.0495 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/01/26 10:53:20.0636 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2011/01/26 10:53:20.0756 mchInjDrv (9971aa2d16cb558358d6f6f3b5055cba) C:\WINDOWS\system32\Drivers\mchInjDrv.sys

2011/01/26 10:53:20.0976 MDC8021X (bee76ac58bb524523a84000ba8efe55a) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

2011/01/26 10:53:21.0307 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/01/26 10:53:21.0697 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys

2011/01/26 10:53:21.0907 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/01/26 10:53:22.0028 Modem (42ce19726d9c410dff75d3ff1cc79db2) C:\WINDOWS\system32\drivers\Modem.sys

2011/01/26 10:53:22.0108 Mouclass (e0c4c36573bcf0c0d2a1578caa791f7d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/01/26 10:53:22.0188 mouhid (98e474ecf11f1db62fb072157a95ea83) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/01/26 10:53:22.0298 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/01/26 10:53:22.0388 Mouslock (fa20da21833759c36cc5c7dd74b083a3) C:\WINDOWS\system32\drivers\Mouslock.sys

2011/01/26 10:53:22.0498 mozyFilter (1bf022621e3ed65f460ff1a1fa96b893) C:\WINDOWS\system32\DRIVERS\mozy.sys

2011/01/26 10:53:22.0749 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/01/26 10:53:22.0899 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/01/26 10:53:23.0149 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/01/26 10:53:23.0380 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/01/26 10:53:23.0550 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/01/26 10:53:23.0650 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/01/26 10:53:23.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/01/26 10:53:23.0900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/01/26 10:53:24.0011 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/01/26 10:53:24.0091 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/01/26 10:53:24.0201 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/01/26 10:53:24.0341 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/01/26 10:53:24.0451 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/01/26 10:53:24.0551 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/01/26 10:53:24.0631 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/01/26 10:53:24.0732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/01/26 10:53:24.0912 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/01/26 10:53:25.0082 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/01/26 10:53:25.0252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/01/26 10:53:25.0493 NetwareWorkstation (c5ca218a4d120cb3fe94987618e3d9f7) C:\WINDOWS\system32\NetWare\nwfs.sys

2011/01/26 10:53:25.0883 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/01/26 10:53:26.0083 NICM (d7a8e0330c9c88801b467b3f1211eb0e) C:\WINDOWS\system32\drivers\nicm.sys

2011/01/26 10:53:26.0254 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/01/26 10:53:26.0434 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/01/26 10:53:26.0604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/01/26 10:53:26.0815 nv (ecef9af156aafe2819a16230ad8968b7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/01/26 10:53:27.0145 NWDHCP (2d4542535a510ca58862d38e9d33949f) C:\WINDOWS\system32\NetWare\nwdhcp.sys

2011/01/26 10:53:27.0435 NWDNS (9a6a6fb5f99dc9b923723ed7474e9af5) C:\WINDOWS\system32\NetWare\nwdns.sys

2011/01/26 10:53:27.0596 NWHOST (5d2eb80ec0cb421ced7a6c4795cf0a6a) C:\WINDOWS\system32\NetWare\NWHOST.sys

2011/01/26 10:53:27.0816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/01/26 10:53:27.0986 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/01/26 10:53:28.0126 NWSAP (d4ec72237b67769b378506c8b68c9281) C:\WINDOWS\system32\NetWare\NWSAP.sys

2011/01/26 10:53:28.0247 NWSIPX32 (3affa3301fd1ae5d5fc03eefc9bc97e9) C:\WINDOWS\system32\NetWare\nwsipx32.sys

2011/01/26 10:53:28.0507 NWSLP (19f11b1846794dd2cbd579f278604745) C:\WINDOWS\system32\NetWare\nwslp.sys

2011/01/26 10:53:28.0587 NWSNS (36b9487085b60ef49b915b13d1716f1a) C:\WINDOWS\system32\NetWare\NWSNS.sys

2011/01/26 10:53:28.0837 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/01/26 10:53:28.0908 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/01/26 10:53:29.0118 ousb2hub (2fadd6e3aeaff1a6b84b8d304c395bd5) C:\WINDOWS\system32\DRIVERS\ousb2hub.sys

2011/01/26 10:53:29.0328 ousbehci (961414dacb73858b0a2e9075ab2d1ea8) C:\WINDOWS\system32\Drivers\ousbehci.sys

2011/01/26 10:53:29.0579 Parport (19e28ed86e7244d76fda792c2810188e) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/01/26 10:53:29.0619 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/01/26 10:53:29.0659 ParVdm (5cf71e14a108c492c1fb07543d579af5) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/01/26 10:53:29.0709 PCI (8a185f0112cf5b42ff1aaff31b8b3091) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/01/26 10:53:29.0779 PCIIde (239de4275ee40fdf9912761467025244) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/01/26 10:53:29.0909 Pcmcia (904053aa6e251c77cf85371ce644cfd7) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/01/26 10:53:30.0219 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys

2011/01/26 10:53:30.0370 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/01/26 10:53:30.0480 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/01/26 10:53:30.0800 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/01/26 10:53:31.0101 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/01/26 10:53:31.0221 Processor (992e4b2a91e6a2f3d21de89b9273353a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/01/26 10:53:31.0301 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/01/26 10:53:31.0712 pwd_2k (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2k.sys

2011/01/26 10:53:32.0012 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/01/26 10:53:32.0212 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/01/26 10:53:32.0302 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/01/26 10:53:32.0433 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/01/26 10:53:32.0523 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/01/26 10:53:32.0603 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/01/26 10:53:32.0683 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/01/26 10:53:32.0773 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/01/26 10:53:32.0823 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/01/26 10:53:32.0943 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/01/26 10:53:33.0013 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/01/26 10:53:33.0174 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/01/26 10:53:33.0334 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/01/26 10:53:33.0514 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/01/26 10:53:33.0594 redbook (97130d37842819fa39fd5f1e90a5d676) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/01/26 10:53:33.0734 RESMGR (fc5ec2e2e4c4471d5f2b4fb2b2768b5d) C:\WINDOWS\system32\NetWare\resmgr.sys

2011/01/26 10:53:33.0985 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/01/26 10:53:34.0305 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/01/26 10:53:34.0405 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/01/26 10:53:34.0466 Serial (f7d35464062edc08909e568bcd8ae77d) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/01/26 10:53:34.0556 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/01/26 10:53:34.0746 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/01/26 10:53:34.0826 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/01/26 10:53:35.0036 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/01/26 10:53:35.0137 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/01/26 10:53:35.0287 sr (1193ef00869f6367367e6e7cb96be325) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/01/26 10:53:35.0447 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/01/26 10:53:35.0637 SRVLOC (46e2141461f03208b5b1433e3e726939) C:\WINDOWS\system32\NetWare\srvloc.sys

2011/01/26 10:53:35.0968 STAC97 (5813d453ef8ce49d607c255cf128aceb) C:\WINDOWS\system32\drivers\STAC97.sys

2011/01/26 10:53:36.0448 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/01/26 10:53:36.0759 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/01/26 10:53:37.0220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/01/26 10:53:37.0550 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/01/26 10:53:37.0640 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/01/26 10:53:37.0740 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/01/26 10:53:37.0840 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/01/26 10:53:37.0991 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/01/26 10:53:38.0141 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/01/26 10:53:38.0311 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/01/26 10:53:38.0411 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/01/26 10:53:38.0481 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/01/26 10:53:38.0601 tiumfwl (7ed11f79540ff1bc2ac12d2ae489474a) C:\WINDOWS\system32\drivers\tiumfwl.sys

2011/01/26 10:53:38.0712 TosIde (67b0bb00b577d37e54497e5fdfcaadc0) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/01/26 10:53:38.0842 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2011/01/26 10:53:39.0142 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/01/26 10:53:39.0323 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/01/26 10:53:39.0483 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/01/26 10:53:39.0653 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/01/26 10:53:39.0743 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/01/26 10:53:39.0873 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/01/26 10:53:40.0064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/01/26 10:53:40.0244 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/01/26 10:53:40.0334 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/01/26 10:53:40.0444 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/01/26 10:53:40.0554 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/01/26 10:53:40.0654 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/01/26 10:53:40.0745 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/01/26 10:53:40.0835 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/01/26 10:53:40.0965 VolSnap (57187ec04878147e1f4f2d9224b12205) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/01/26 10:53:41.0205 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/01/26 10:53:41.0305 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/01/26 10:53:41.0846 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/01/26 10:53:42.0046 winachsf (0c5b9cf1bdf998750d9c5eeb5f8c55ac) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/01/26 10:53:42.0447 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/01/26 10:53:42.0637 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/01/26 10:53:43.0238 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/01/26 10:53:43.0569 ================================================================================

2011/01/26 10:53:43.0569 Scan finished

2011/01/26 10:53:43.0569 ================================================================================

Jag fortsätter med 2 och 3