Just nu i M3-nätverket
Jump to content

Bli av med MSN Content Plus


1stcaveman

Recommended Posts

Hej jag kan inte bli av med MSN Content +

har kollat här

//eforum.idg.se/viewmsg.asp?EntriesId=894750

 

men det fungerade inte för mig.

Kopia på hijackthis loggen

[log]Logfile of HijackThis v1.99.1

Scan saved at 11:27:35, on 2006-12-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Comodo\Firewall\cmdagent.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Eset\nod32kui.exe

C:\Program\Comodo\Firewall\CPF.exe

C:\Program\Java\jre1.5.0_10\bin\jusched.exe

C:\WINDOWS\msnlogm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\msnlogs.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program\mIRC\mirc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\uTorrent\utorrent.exe

C:\hijack\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program\Comodo\Firewall\CPF.exe" /background

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_10\bin\npjpi150_10.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159632660812

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159632647875

O17 - HKLM\System\CCS\Services\Tcpip\..\{79FDDA46-EFA1-47A3-8F4A-E917539BD4D2}: NameServer = 192.168.1.254

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program\Comodo\Firewall\cmdagent.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

[/log]

 

Link to comment
Share on other sites

Skanna med HijackThis och bocka för:

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnlogm.exe

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

 

Ställ in Utforskaren så att du kan se alla filer:

Verktyg - (Mapp)alternativ eller liknande - Visning

Välj Visa dolda filer och mappar

Avbocka Dölj filnamnstillägg för kända filtyper

Avbocka Dölj skyddade operativsystemfiler

 

Ta bort filerna (om de finns kvar):

C:\WINDOWS\msnlogm.exe

 

Starta om i normalt läge.

Kontrollera själv att raden du bockade för nu är borta.

 

 

Link to comment
Share on other sites

Här kommer mina vanliga råd för en säkrare dator, men det är så klart viktigt att man använder sitt förnuft också.

 

Uppdatera från Windows Update och kör antispionprogrammen AVG Anti-Spyware (Ewido), SUPERAntiSpyware, Spybot S&D och/eller Ad-aware regelbundet.

http://www.ewido.net/en/

http://www.superantispyware.com/

http://www.safer-networking.org/en/download/index.html

http://www.lavasoft.com

 

Komplettera antivirusprogrammet med några online-skanningar då och då:

http://housecall.trendmicro.com/

http://www.bitdefender.com/scan8/ie.html

http://www.pandasoftware.com/products/activescan/

 

Använd en brandvägg (bättre än den inbyggda i XP), finns gratis från t ex ZoneLabs.

http://www.zonelabs.com/store/content/home.jsp

 

Om man använder Internet Explorer så kan det vara lämpligt att ha programmen SpywareBlaster och SpywareGuard, vilka hindrar en hel del otrevliga program från att laddas ner resp. köras:

http://www.javacoolsoftware.com

 

Se över säkerhetsinställningarna i Internet Explorer, det finns en hel del tips här:

http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

 

Samt kör IE-SpyAd som lägger en hel massa otrevliga webbplatser i zonen Ej tillförlitliga i Internet Explorer så att de inte kan göra något med datorn:

http://www.spywarewarrior.com/uiuc/resource.htm

 

Om man byter webbläsare så är det bara SpywareGuard som behövs. Andra webbläsare är t ex Mozilla Firefox och Opera:

http://www.mozilla.org

http://www.opera.com

 

Allt gratis för hemanvändare/personligt bruk.

 

Link to comment
Share on other sites

  • 1 year later...

Hej

 

Har samma problem, funkar ovanstående även för mig? Förstod inte riktigt hur man gör. Bifogar min logg. Oerhört tacksam för svar![log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:49:47, on 2008-10-30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Smith Micro\StuffIt11\ArcNameService.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\msnappm.exe

C:\Program\USB Disk Win98 Driver\Res.EXE

C:\WINDOWS\system32\iid.exe

C:\apps\ABoard\AOSD.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Winamp\winampa.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://patronerna.se/wordpress/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [admincfg.exe] C:\WINDOWS\system32\admincfg.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O15 - Trusted Zone: *.atg.se

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: karna.dat

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program\Smith Micro\StuffIt11\ArcNameService.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 10415 bytes

[/log]

 

Link to comment
Share on other sites

Fungerar Symantec/Norton som det ska?

 

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny HijackThis-logg.[/log]

 

Link to comment
Share on other sites

Vad jag vet så fungerar Norton bra. Men vid varje veckas sökning hittar den en "Tracking Cookie" som måste repareras. Jag vet inte vad det är.

 

Körde en sökning med Malawarebytes men den verkar inte hitta något:

 

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1337

Windows 5.1.2600 Service Pack 3

 

2008-10-30 20:33:45

mbam-log-2008-10-30 (20-33-45).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 53046

Förfluten tid: 10 minute(s), 24 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

Här kommer en ny hijack-log:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37:59, on 2008-10-30

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Smith Micro\StuffIt11\ArcNameService.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\msnappm.exe

C:\Program\USB Disk Win98 Driver\Res.EXE

C:\WINDOWS\system32\iid.exe

C:\apps\ABoard\AOSD.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\Winamp\winampa.exe

C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Personal\bin\Personal.exe

C:\WINDOWS\System32\SCardSvr.exe

C:\WINDOWS\System32\alg.exe

C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

C:\Program\Windows Live\Messenger\usnsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://patronerna.se/wordpress/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Program\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Telia] "C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton Internet Security\osCheck.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [admincfg.exe] C:\WINDOWS\system32\admincfg.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\sw.htm

O15 - Trusted Zone: *.atg.se

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {5BF56AD2-E297-416E-BC49-000004040507} - https://cve.trust.telia.com/TeliaEleg/iidsetup.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: karna.dat

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: SupportSoft Sprocket Service (telia) (sprtsvc_telia) - SupportSoft, Inc. - C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program\Smith Micro\StuffIt11\ArcNameService.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\SupportSoft\bin\ssrc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\DELADE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 10462 bytes

[/log]

 

Link to comment
Share on other sites

Tyckte det var så lite Norton-processer igång bara.

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\msnappm.exe

C:\WINDOWS\system32\admincfg.exe

C:\WINDOWS\system32\karna.dat

C:\WINDOWS\karna.dat

 

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt.

Bocka för Scan all Users.

Välj 30 dagar för File Age om det redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar.

 

Link to comment
Share on other sites

Ok hoppas jag gör rätt:

[log]C:\WINDOWS\msnappm.exe Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 - - -

AntiVir - - ADSPY/Paymsn

Authentium - - W32/Backdoor.KZO

Avast - - Win32:Trojan-gen {Other}

AVG - - -

BitDefender - - Adware.Paymsn.A

CAT-QuickHeal - - -

ClamAV - - -

DrWeb - - -

eSafe - - -

eTrust-Vet - - -

Ewido - - -

F-Prot - - W32/Backdoor.KZO

Fortinet - - PossibleThreat

GData - - Win32:Trojan-gen

Ikarus - - Virus.Win32.Trojan

K7AntiVirus - - -

Kaspersky - - -

McAfee - - -

Microsoft - - -

NOD32v2 - - -

Norman - - -

Panda - - Application/MSNContentPlus

PCTools - - Backdoor.Agent.AHGG

Prevx1 - - -

Rising - - -

Sophos - - -

Sunbelt - - -

Symantec - - -

TheHacker - - -

TrendMicro - - -

VBA32 - - -

ViRobot - - -

VirusBuster - - Backdoor.Agent.AHGG

Webwasher-Gateway - - Ad-Spyware.Paymsn

Övrig information

MD5: f6b65658a6bec411559672c25e5fc521

SHA1: 2d077099a33b156635630a735104799951f79df7

SHA256: 72c23f0d27b56594f741ce56cd21c58a703a29a9d8f4d05b6511e9770e62f98c

SHA512: a10ba43ebaecd352e5a78a93549ccc5235e0045f2fa76b3d241093dd817bab4adc45fe89941e702c3926646434adb6508d297e79b1d41332df7145428486532e

[/log]

 

På alla de andra tre står det: 0 bytes size received / Se ha recibido un archivo vacio

 

OTViewIt

[log]OTViewIt logfile created on: 2008-10-30 21:21:51 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ägaren\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

447,48 Mb Total Physical Memory | 150,46 Mb Available Physical Memory | 33,62% Memory free

1,03 Gb Paging File | 0,64 Gb Available in Paging File | 62,26% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 143,03 Gb Total Space | 106,09 Gb Free Space | 74,17% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 115,04 Gb Total Space | 87,50 Gb Free Space | 76,06% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN049209520126

Current User Name: Ägaren

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE

[2008-02-09 17:06:34 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2005-01-28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

[2005-01-28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

[2005-01-28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

[2005-01-28 10:11:42 | 00,737,379 | ---- | M] (Cyberlink) -- C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

[2005-01-07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

[2005-03-08 02:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2005-03-11 16:33:28 | 00,147,456 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe

[2005-01-20 19:04:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2007-10-08 08:52:36 | 00,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program\Smith Micro\StuffIt11\ArcNameService.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_07\bin\jusched.exe

[2005-01-28 10:10:32 | 00,110,740 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe

[2003-05-02 10:31:50 | 00,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE

[2006-02-27 21:40:44 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program\Delade filer\Real\Update_OB\realsched.exe

[2005-11-17 06:50:02 | 00,147,456 | ---- | M] (MSN Content Plus) -- C:\WINDOWS\msnappm.exe

[2005-09-14 19:44:14 | 00,065,536 | ---- | M] (ali) -- C:\Program\USB Disk Win98 Driver\Res.exe

[2007-03-15 09:11:58 | 00,067,112 | ---- | M] (NetMaker Consulting Group AB) -- C:\WINDOWS\system32\iid.exe

[2003-05-02 10:31:38 | 00,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

[2007-10-19 19:16:26 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QTTask.exe

[2008-07-09 22:33:34 | 00,036,352 | ---- | M] () -- C:\Program\Winamp\winampa.exe

[2008-10-16 10:07:48 | 00,201,976 | ---- | M] (TeliaSonera AB) -- C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

[2007-08-24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe

[2006-03-10 15:33:43 | 00,401,408 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2008-10-03 09:27:49 | 01,245,064 | ---- | M] () -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[2007-08-22 01:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe

[2008-08-23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2008-10-30 21:21:11 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2005-09-23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-02-09 17:06:34 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2008-02-09 17:06:34 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisk LiveUpdate-schemaläggare [Auto | Stopped])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])

[2005-01-28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])

[2005-09-23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2005-01-28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])

[2007-08-22 01:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Running])

[2005-01-28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])

[2005-01-07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService [Auto | Running])

[2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008-09-05 10:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe -- (sprtsvc_telia [Auto | Running])

[2007-10-08 08:52:36 | 00,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service [Auto | Running])

[2008-10-16 10:07:04 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Auto | Stopped])

[2008-10-03 09:27:49 | 01,245,064 | ---- | M] () -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2008-01-18 15:16:00 | 00,083,880 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus [On_Demand | Stopped])

[2005-01-28 16:48:58 | 02,310,272 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2001-08-17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2008-04-13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [boot | Running])

[2004-08-11 15:30:00 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2001-08-17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001-08-17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2001-09-06 18:54:56 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2008-07-30 16:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])

[2007-08-08 17:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])

[2001-08-17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2008-09-15 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008-04-13 19:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx [boot | Running])

[2008-04-14 16:41:34 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2001-08-17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2008-08-25 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081030.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008-08-25 09:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081030.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2006-11-13 08:32:00 | 00,009,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])

[2006-11-13 08:32:00 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])

[2006-11-13 08:32:02 | 00,138,240 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])

[2006-11-13 08:32:00 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008-01-04 22:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2001-08-17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001-08-17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001-08-17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2004-12-02 15:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2001-08-17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2008-01-16 21:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008-01-31 18:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])

[2008-01-31 18:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])

[2008-01-31 18:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running])

[2001-08-17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001-08-17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2008-06-13 13:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2008-10-06 16:35:42 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2008-06-13 13:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2008-06-13 13:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008-09-12 08:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SymcData\ipsdefs\20081029.003\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2008-06-13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])

[2008-06-13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])

[2008-06-13 13:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2008-06-13 13:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2008-06-13 13:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001-08-17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001-08-17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2001-08-17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2003-07-02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2005-04-06 17:31:36 | 00,173,696 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])

[2004-07-06 22:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://www.google.com/ie

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://www.google.com

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.google.com

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://www.google.com

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Live Search

"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

"Start Page"=http://patronerna.se/wordpress/

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://www.google.com

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Live Search

"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

"Start Page"=http://patronerna.se/wordpress/

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://www.google.com

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (710 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe (NEC Computers International)

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

"msnsyslog"=C:\WINDOWS\msnappm.exe (MSN Content Plus)

"Net iD"=C:\WINDOWS\system32\iid.exe (NetMaker Consulting Group AB)

"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" (Symantec Corporation)

"PCMService"="c:\Apps\Powercinema\PCMService.exe" (CyberLink Corp.)

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia (TeliaSonera AB)

"USB Storage Toolbox"=C:\Program\USB Disk Win98 Driver\Res.EXE (ali)

"WinampAgent"=C:\Program\Winamp\winampa.exe ()

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

 

========== (O4) Startup Folders ==========

 

[2002-04-19 21:36:32 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

[2005-09-23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2006-03-10 15:33:43 | 00,401,408 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=-1

"ForceClassicControlPanel"=1

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=-1

"ForceClassicControlPanel"=1

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\Software\Microsoft\Internet Explorer\MenuExt\]

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe File not found

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

CmdMapping\\{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

CmdMapping\\{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found

CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{E6073F93-9541-4be4-9800-109D378EB99B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

CmdMapping\\{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

CmdMapping\\{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found

CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{E6073F93-9541-4be4-9800-109D378EB99B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

atg.se: * in Trusted sites

 

[HKEY_USERS\S-1-5-21-1535736259-4178413893-3904063129-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

atg.se: * in Trusted sites

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/FacebookPhotoUploader5.cab -- Facebook Photo Uploader 5

{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab -- MessengerStatsClient Class

{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool

{45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1}: http://www.king.com/ctl/kingcomie.cab -- king.com

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{5BF56AD2-E297-416E-BC49-000004040507}: https://cve.trust.telia.com/TeliaEleg/iidsetup.cab -- Reg Error: Key does not exist or could not be opened.

{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/FacebookPhotoUploader.cab -- Facebook Photo Uploader Control

{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}: http://zone.msn.com/bingame/luxr/default/mjolauncher.cab -- MJLauncherCtrl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab -- MessengerStatsClient Class

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab -- MSN Games - Installer

{BD393C14-72AD-4790-A095-76522973D6B8}: http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab -- CBreakshotControl Class

{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab -- Java Plug-in 1.4.2_05

{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab -- Java Plug-in 1.5.0_06

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab -- Java Plug-in 1.5.0_09

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab -- Java Plug-in 1.5.0_10

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -- Java Plug-in 1.5.0_11

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{8404EB87-18D6-46D0-8875-C6DE28C8B438} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=karna.datFIGURATIO

>File not found --

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf4ae59c-e576-11dc-8de3-00148553804f}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf4ae59c-e576-11dc-8de3-00148553804f}\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[5 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008-10-30 21:21:06 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTViewIt.exe

[2008-10-30 20:49:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Application Data\GlarySoft

[2008-10-30 20:43:45 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2008-10-30 20:43:40 | 00,000,646 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\Glary Utilities.lnk

[2008-10-30 20:43:35 | 00,000,000 | ---D | C] -- C:\Program\Glary Utilities

[2008-10-30 17:49:17 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.lnk

[2008-10-30 17:49:16 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-10-30 09:07:17 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys

[2008-10-29 22:45:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Application Data\Malwarebytes

[2008-10-29 22:44:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-10-29 22:44:54 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-10-29 22:44:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-10-29 22:44:51 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2008-10-29 22:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008-10-29 22:17:24 | 00,000,000 | ---D | C] -- C:\Program\Enigma Software Group

[2008-10-29 21:57:20 | 00,019,310 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\lajud.dat

[2008-10-29 21:57:20 | 00,018,950 | ---- | C] () -- C:\Program\Delade filer\hynib._sy

[2008-10-29 21:57:20 | 00,018,849 | ---- | C] () -- C:\WINDOWS\lymyzi.db

[2008-10-29 21:57:20 | 00,018,742 | ---- | C] () -- C:\Program\Delade filer\fuxe.ban

[2008-10-29 21:57:20 | 00,017,036 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\veriwuse._sy

[2008-10-29 21:57:20 | 00,016,324 | ---- | C] () -- C:\Program\Delade filer\xecygofi.inf

[2008-10-29 21:57:20 | 00,016,048 | ---- | C] () -- C:\WINDOWS\System32\xomiw.db

[2008-10-29 21:57:20 | 00,015,859 | ---- | C] () -- C:\WINDOWS\System32\wutomyp.dat

[2008-10-29 21:57:20 | 00,015,214 | ---- | C] () -- C:\WINDOWS\utinavu.lib

[2008-10-29 21:57:20 | 00,015,024 | ---- | C] () -- C:\WINDOWS\ydynogy._dl

[2008-10-29 21:57:20 | 00,014,670 | ---- | C] () -- C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

[2008-10-29 21:57:20 | 00,013,457 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

[2008-10-29 21:57:20 | 00,013,280 | ---- | C] () -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

[2008-10-29 21:57:20 | 00,013,063 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\mibata.pif

[2008-10-29 21:57:20 | 00,012,445 | ---- | C] () -- C:\WINDOWS\System32\capuzebyhy.dll

[2008-10-29 21:57:20 | 00,010,856 | ---- | C] () -- C:\Documents and Settings\Ägaren\Application Data\yvose.inf

[2008-10-29 21:57:20 | 00,010,812 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\bupenyxa.com

[2008-10-29 21:57:20 | 00,010,796 | ---- | C] () -- C:\WINDOWS\System32\fykaroqon._dl

[2008-10-29 21:21:29 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\TDSSmtve.dat

[2008-10-26 17:57:10 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin

[2008-10-24 19:28:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2008-10-24 19:14:53 | 00,000,000 | ---D | C] -- C:\Program\Messenger

[2008-10-24 19:14:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv

[2008-10-24 19:14:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2008-10-24 19:14:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2008-10-24 19:10:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2008-10-24 19:02:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2008-10-24 19:02:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome

[2008-10-24 02:25:52 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-22 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\TVU Networks

[2008-10-22 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\LocalLow

[2008-10-22 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks

[2008-10-22 20:46:59 | 00,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\TVUPlayer.lnk

[2008-10-22 20:46:32 | 00,000,000 | ---D | C] -- C:\Program\TVUPlayer

[2008-10-21 07:23:13 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2008-10-21 07:22:23 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2008-10-21 07:18:25 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2008-10-20 21:08:59 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\Telia Supportassistent.lnk

[2008-10-20 21:08:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2008-10-15 19:28:25 | 02,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008-10-15 19:28:25 | 02,066,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2008-10-15 19:28:24 | 02,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008-10-15 19:28:23 | 02,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008-10-15 19:27:33 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2008-10-15 19:16:44 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2008-10-03 09:44:08 | 00,000,774 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\Internet Explorer.lnk

[2008-10-03 09:33:52 | 00,000,624 | ---- | C] () -- C:\WINDOWS\tasks\Norton Internet Security - Kör fullständig systemsökning - Ägaren.job

[2008-10-03 09:29:33 | 00,000,000 | ---D | C] -- C:\Program\Windows Sidebar

[2008-10-03 09:27:54 | 00,000,000 | ---D | C] -- C:\Program\Norton Internet Security

[2008-10-03 09:26:26 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2008-10-03 09:26:26 | 00,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2008-10-03 09:26:26 | 00,010,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2008-10-03 09:26:26 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2008-10-03 09:09:55 | 00,000,000 | ---D | C] -- C:\Program\NortonInstaller

[2008-10-03 09:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller

[2008-10-03 09:07:01 | 00,015,644 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2008-10-01 08:38:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates

[2008-10-01 08:38:00 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2008-10-01 08:38:00 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2008-10-01 08:37:58 | 01,011,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui

[2008-10-01 08:37:58 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2008-10-01 08:37:58 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe

[2008-10-01 08:37:54 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-10-01 08:37:54 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat

[2008-10-01 08:37:54 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll

[2008-10-01 08:37:54 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll

[2008-10-01 08:37:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2008-10-01 08:37:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-se

[2008-10-01 08:35:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7

[2008-10-01 08:35:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

[2008-10-01 08:35:14 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

[2008-10-01 08:34:31 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll

[2008-10-01 08:31:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic

 

========== Files - Modified Within 30 Days ==========

 

[5 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008-10-30 21:21:11 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTViewIt.exe

[2008-10-30 20:43:45 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2008-10-30 20:43:40 | 00,000,646 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\Glary Utilities.lnk

[2008-10-30 17:49:17 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.lnk

[2008-10-30 11:04:48 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-30 10:59:27 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\Ägaren\Mina dokument\Mina delade mappar.lnk

[2008-10-30 09:07:18 | 00,002,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\mchInjDrv.sys

[2008-10-30 09:06:19 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-10-30 09:05:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-10-30 09:05:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-10-30 09:04:51 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys

[2008-10-29 22:44:54 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-10-29 21:57:20 | 00,019,310 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\lajud.dat

[2008-10-29 21:57:20 | 00,018,950 | ---- | M] () -- C:\Program\Delade filer\hynib._sy

[2008-10-29 21:57:20 | 00,018,849 | ---- | M] () -- C:\WINDOWS\lymyzi.db

[2008-10-29 21:57:20 | 00,018,742 | ---- | M] () -- C:\Program\Delade filer\fuxe.ban

[2008-10-29 21:57:20 | 00,017,036 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\veriwuse._sy

[2008-10-29 21:57:20 | 00,016,324 | ---- | M] () -- C:\Program\Delade filer\xecygofi.inf

[2008-10-29 21:57:20 | 00,016,048 | ---- | M] () -- C:\WINDOWS\System32\xomiw.db

[2008-10-29 21:57:20 | 00,015,859 | ---- | M] () -- C:\WINDOWS\System32\wutomyp.dat

[2008-10-29 21:57:20 | 00,015,214 | ---- | M] () -- C:\WINDOWS\utinavu.lib

[2008-10-29 21:57:20 | 00,015,024 | ---- | M] () -- C:\WINDOWS\ydynogy._dl

[2008-10-29 21:57:20 | 00,014,670 | ---- | M] () -- C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

[2008-10-29 21:57:20 | 00,013,457 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

[2008-10-29 21:57:20 | 00,013,280 | ---- | M] () -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

[2008-10-29 21:57:20 | 00,013,063 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\mibata.pif

[2008-10-29 21:57:20 | 00,012,445 | ---- | M] () -- C:\WINDOWS\System32\capuzebyhy.dll

[2008-10-29 21:57:20 | 00,010,856 | ---- | M] () -- C:\Documents and Settings\Ägaren\Application Data\yvose.inf

[2008-10-29 21:57:20 | 00,010,812 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\bupenyxa.com

[2008-10-29 21:57:20 | 00,010,796 | ---- | M] () -- C:\WINDOWS\System32\fykaroqon._dl

[2008-10-29 21:21:29 | 00,000,164 | ---- | M] () -- C:\WINDOWS\System32\TDSSmtve.dat

[2008-10-27 21:45:11 | 00,000,624 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Kör fullständig systemsökning - Ägaren.job

[2008-10-26 18:41:34 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin

[2008-10-26 18:22:47 | 00,052,193 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2008-10-26 08:59:02 | 00,961,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-10-26 08:59:02 | 00,407,240 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-10-26 08:59:02 | 00,404,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-10-26 08:59:02 | 00,074,780 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-10-26 08:59:02 | 00,063,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-10-24 23:05:47 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-10-24 19:28:06 | 00,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-10-24 19:07:05 | 00,250,560 | ---- | M] () -- C:\NTLDR

[2008-10-24 16:22:14 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-10-22 20:46:59 | 00,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\TVUPlayer.lnk

[2008-10-22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-10-22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-10-20 21:08:59 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\Telia Supportassistent.lnk

[2008-10-15 17:38:27 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008-10-15 17:38:27 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-10-06 16:35:42 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2008-10-06 16:35:42 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2008-10-06 16:35:42 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2008-10-06 16:35:42 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2008-10-03 18:26:34 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll

[2008-10-03 18:26:34 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2008-10-03 09:44:08 | 00,000,774 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\Internet Explorer.lnk

[2008-10-03 09:25:34 | 00,015,644 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate

[2008-10-01 10:07:59 | 00,000,146 | -HS- | M] () -- C:\Documents and Settings\Ägaren\Mina dokument\desktop.ini

< End of report >

[/log]

 

Extras

[log]OTViewIt Extras logfile created on: 2008-10-30 21:21:51 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ägaren\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

447,48 Mb Total Physical Memory | 150,46 Mb Available Physical Memory | 33,62% Memory free

1,03 Gb Paging File | 0,64 Gb Available in Paging File | 62,26% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 143,03 Gb Total Space | 106,09 Gb Free Space | 74,17% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 115,04 Gb Total Space | 87,50 Gb Free Space | 76,06% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN049209520126

Current User Name: Ägaren

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=1

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2005-04-19 15:14:02 | 13,192,360 | ---- | M] () -- C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype

[2006-08-22 16:45:55 | 00,159,744 | ---- | M] () -- C:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-01-30 03:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program\Winamp Remote\bin\Orb.exe:*:Enabled:Orb

[2008-04-01 02:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray

[2008-03-28 02:00:24 | 05,844,992 | ---- | M] (Orb Networks) -- C:\Program\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client

[2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006-10-26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17014473-0098-4DF0-827D-7D582697C78C}"=Microsoft .NET Framework 2.0 Language Pack - SVE

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD

"{2B43252C-A1E3-4C47-927C-9F2C276D3515}"=S3GSetup

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework

"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{35F866C0-D23D-421D-B0EE-E85125DCA6C7}"=SymNet

"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}"=USB Disk Win98 Driver

"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core

"{5B09BD67-4C99-46A1-8161-B7208CE18121}"=QuickTime

"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0

"{7148F0A8-6813-11D6-A77B-00B0D0142050}"=Java 2 Runtime Environment, SE v1.4.2_05

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec

"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}"=Macromedia Shockwave Player

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9D2B054C-D335-4870-ADFB-BC645CCC3C76}"=StuffIt 11

"{AC76BA86-7AD7-1053-7B44-A70500000002}"=Adobe Reader 7.0.5 - Svenska

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver

"{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton AntiVirus Help

"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)

"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}"=Football Manager 2005

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore

"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Photoshop 7.0"=Adobe Photoshop 7.0

"Azureus Vuze"=Azureus Vuze

"c474c3891a130b8bd0297680e91988cd-1864537760"=Football Manager 2007

"DC++"=DC++ 0.698

"ENTERPRISE"=Microsoft Office Enterprise 2007

"Glary Utilities_is1"=Glary Utilities 2.8.0.366

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"king.com"=king.com (remove only)

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0

"Microsoft .NET Framework 2.0 Language Pack - SVE"=Microsoft .NET Framework 2.0 Language Pack - SVE

"Mozilla Firefox (1.5.0.12)"=Mozilla Firefox (1.5.0.12)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"Net iD"=Net iD 4.4

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Orb"=Winamp Remote

"Personal"=Personal 4.2.5

"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)

"RealPlayer 6.0"=RealPlayer

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security (Symantec Corporation)

"Telia Supportassistent_is1"=Telia Supportassistent

"TPTEST5_is1"=TPTEST 5.0.1

"TVAnts 1.0"=TVAnts 1.0

"TVUPlayer"=TVUPlayer 2.4.0.1

"VIA/S3G UniChrome Family Win2K/XP Display"=VIA/S3G Display Driver

"Winamp"=Winamp

"Winamp Toolbar for Firefox"=Winamp Toolbar for Firefox

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.5

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-10-17 15:23:52 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-23 12:39:27 | Computer Name = SN049209520126 | Source = Application Hang | ID = 1002

Description = Stoppat program WINWORD.EXE, version 12.0.6308.5000, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-26 14:12:56 | Computer Name = SN049209520126 | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-26 14:17:14 | Computer Name = SN049209520126 | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-10-29 17:09:47 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatic

LiveUpdate Scheduler ska ansluta.

 

Error - 2008-10-29 17:09:47 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2008-10-29 17:09:47 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2008-10-29 17:09:47 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Symantec

Lic NetConnect service ska ansluta.

 

Error - 2008-10-29 18:05:54 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2008-10-29 18:05:54 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2008-10-29 18:05:54 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541

amdagp

amsint

asc

asc3350p

asc3550

Beep

cbidf

cd20xrnt

CmdIde

Cpqarray

dac2w2k

dac960nt

dpti2o

gagp30kx

hpn

i2omp

ini910u

IntelIde

mraid35x

PCIIde

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

Sparrow

symc810

symc8xx

sym_hi

sym_u3

TosIde

ultra

viaagp

 

Error - 2008-10-30 04:06:30 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2008-10-30 04:06:30 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2008-10-30 04:06:30 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: Beep

 

 

< End of report >

[/log]

 

Link to comment
Share on other sites

Avinstallera de gamla Java-versionerna med säkerhetshål:

[log]"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1

"{7148F0A8-6813-11D6-A77B-00B0D0142050}"=Java 2 Runtime Environment, SE v1.4.2_05[/log]

 

Ahaa, du har kört MBAM tidigare. Klistra in den logg där MBAM hittade något.

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

[log]C:\WINDOWS\System32\drivers\mchInjDrv.sys

C:\Documents and Settings\All Users\Dokument\lajud.dat

C:\Program\Delade filer\hynib._sy

C:\WINDOWS\lymyzi.db

C:\Program\Delade filer\fuxe.ban

C:\Documents and Settings\All Users\Dokument\veriwuse._sy

C:\Program\Delade filer\xecygofi.inf

C:\WINDOWS\System32\xomiw.db

C:\WINDOWS\System32\wutomyp.dat

C:\WINDOWS\utinavu.lib

C:\WINDOWS\ydynogy._dl

C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

C:\Documents and Settings\All Users\Dokument\mibata.pif

C:\WINDOWS\System32\capuzebyhy.dll

C:\Documents and Settings\Ägaren\Application Data\yvose.inf

C:\Documents and Settings\All Users\Dokument\bupenyxa.com

C:\WINDOWS\System32\fykaroqon._dl

C:\WINDOWS\System32\TDSSmtve.dat[/log]

 

 

Link to comment
Share on other sites

Javafilerna är nu avinstallerade.

 

Fick någon form av virus häromdagen och läste mig till i detta utmärkta forum hur jag skulle bli av med dem. Använde då MBAM. Loggen kommer här:

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1337

Windows 5.1.2600 Service Pack 3

 

2008-10-29 22:59:51

mbam-log-2008-10-29 (22-59-51).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 53053

Förfluten tid: 7 minute(s), 6 second(s)

 

Infekterade minnesprocesser: 1

Infekterade minnesmoduler: 4

Infekterade registernycklar: 11

Infekterade registervärden: 2

Infekterade registerdataposter: 0

Infekterade mappar: 12

Infekterade filer: 294

 

Infekterade minnesprocesser:

C:\Program\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Unloaded process successfully.

 

Infekterade minnesmoduler:

C:\Program\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Delete on reboot.

C:\Program\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Delete on reboot.

C:\Program\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Delete on reboot.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Delete on reboot.

 

Infekterade registernycklar:

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724 (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\logs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\promo (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\data (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\Microsoft.VC80.CRT (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

 

Infekterade filer:

C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\creditdebit.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\msvcp71.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\msvcr71.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\zlib1.dll (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\bj_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\pot_bets.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\tabs_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\archive.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\history_0740.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\history_0811.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\session119539571.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\session119544727.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\session167323361.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\session167339343.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\session167341392.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\session167472413.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\history\1830724\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\promo\pafpokerclassic.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\promo\ppc2008.jpg (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\ext_creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Casino\PAF Diamond Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\AntiSpywareXP2009.cfg (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\wscui.cpl (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\data\daily.cvd (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\Program\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.

C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Delete on reboot.

C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.

C:\Documents and Settings\Ägaren\Skrivbord\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\TDSSfecd.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Ägaren\Lokala inställningar\Temp\TDSSff69.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSarxx.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSScfbv.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSieys.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoity.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSvoql.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSmplt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

[/log]

 

Här kommer loggar på alla filerna:

 

[log]C:\WINDOWS\System32\drivers\mchInjDrv.sys

ClamAV - - Trojan.Small-4369

TheHacker - - Trojan/Agent.go

 

C:\Documents and Settings\All Users\Dokument\lajud.dat

Inget resultat

 

C:\Program\Delade filer\hynib._sy

Inget resultat

 

C:\WINDOWS\lymyzi.db

Inget resultat

 

C:\Program\Delade filer\fuxe.ban

Inget resultat

 

C:\Documents and Settings\All Users\Dokument\veriwuse._sy

Inget resultat

 

C:\Program\Delade filer\xecygofi.inf

Inget resultat

 

C:\WINDOWS\System32\xomiw.db

Inget resultat

 

C:\WINDOWS\System32\wutomyp.dat

Inget resultat

 

C:\WINDOWS\utinavu.lib

Inget resultat

 

C:\WINDOWS\ydynogy._dl

Inget resultat

 

C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

Inget resultat

 

C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

Inget resultat

 

C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

Inget resultat

 

C:\Documents and Settings\All Users\Dokument\mibata.pif

Inget resultat

 

C:\WINDOWS\System32\capuzebyhy.dll

Inget resultat

 

C:\Documents and Settings\Ägaren\Application Data\yvose.inf

Inget resultat

 

C:\Documents and Settings\All Users\Dokument\bupenyxa.com

Inget resultat

 

C:\WINDOWS\System32\fykaroqon._dl

Inget resultat

 

C:\WINDOWS\System32\TDSSmtve.dat

Inget resultat[/log]

Lagt till LOG-taggar

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2008-10-31 23:35:58 av Cecilia]

Link to comment
Share on other sites

Ladda ner OTMoveIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Starta programmet

Kopiera alla dessa rader (använd markera kod):

:Files
C:\WINDOWS\System32\drivers\mchInjDrv.sys

Klistra in dem i rutan Paste Instructions for Items to be Moved

Tryck på MoveIt!

Om du blir tillfrågad om att starta om datorn så gör det.

Gå till mappen c:\_OTMoveIt\MovedFiles och öppna loggfilen som skapades med dagens datum och klockslag. Kopiera innehållet och klistra in här liksom en ny ComboFix-logg.

 

Vet du hur du skapar en zip-fil? För jag skulle vilja att du skapade en zip-fil som innehåller dessa filer:[log]

C:\Program\Delade filer\hynib._sy

C:\WINDOWS\lymyzi.db

C:\Program\Delade filer\fuxe.ban

C:\Documents and Settings\All Users\Dokument\veriwuse._sy

C:\Program\Delade filer\xecygofi.inf

C:\WINDOWS\System32\xomiw.db

C:\WINDOWS\System32\wutomyp.dat

C:\WINDOWS\utinavu.lib

C:\WINDOWS\ydynogy._dl

C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

C:\Documents and Settings\All Users\Dokument\mibata.pif

C:\WINDOWS\System32\capuzebyhy.dll

C:\Documents and Settings\Ägaren\Application Data\yvose.inf

C:\Documents and Settings\All Users\Dokument\bupenyxa.com

C:\WINDOWS\System32\fykaroqon._dl

C:\WINDOWS\System32\TDSSmtve.dat[/log]För även om inget hittades i dem så är det väldigt misstänkta filer. Samtliga, utom den sista, är skapade 2008-10-29 21:57, vilket är 20 minuter innan du installerade något program från Enigma Group och ca 45 minuter innan installationen av MBAM.

Jag är borta från datorn från lördag fm till söndag kväll.

 

[inlägget ändrat 2008-10-31 23:52:11 av Cecilia]

Link to comment
Share on other sites

Ok då ska vi se:

 

OTMoveIt-loggen:

[log]========== FILES ==========

C:\WINDOWS\System32\drivers\mchInjDrv.sys moved successfully.

 

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11022008_202311

[/log]

 

Vad menar du med Combofix-logg? (Kan tyvärr inte så mycket om sånt här)

 

Jag har gjort en zip-fil med de filer du angav. Vad ska jag göra med den?

 

Link to comment
Share on other sites

Förlåt det skulle inte vara ComboFix utan en ny OTViewIt-logg.

 

Ladda upp zip-filen på http://www.skickafilen.se/ , du behöver inte ange en e-postadress utan klistra bara in länken du får när uppladdningen är klar i ditt svar så kan jag ladda ner filen och kolla mer på filerna.

 

Link to comment
Share on other sites

Ok

 

Adress till filen: http://skickafilen.se/download.jsp?fileid=Tu3zWHXKQG8fULiSxjKS

 

OTViewIt-logg:

[log]OTViewIt logfile created on: 2008-11-02 22:03:11 - Run 2

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ägaren\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

447,48 Mb Total Physical Memory | 124,32 Mb Available Physical Memory | 27,78% Memory free

1,03 Gb Paging File | 0,56 Gb Available in Paging File | 54,83% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 143,03 Gb Total Space | 101,35 Gb Free Space | 70,86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 115,04 Gb Total Space | 85,86 Gb Free Space | 74,64% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN049209520126

Current User Name: Ägaren

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE

[2008-09-10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-02-09 17:06:34 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2005-01-28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

[2005-01-28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

[2005-01-28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

[2005-01-07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

[2005-01-28 10:11:42 | 00,737,379 | ---- | M] (Cyberlink) -- C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

[2007-10-08 08:52:36 | 00,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program\Smith Micro\StuffIt11\ArcNameService.exe

[2005-03-08 02:33:28 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe

[2005-03-11 16:33:28 | 00,147,456 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe

[2005-01-20 19:04:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2005-01-28 10:10:32 | 00,110,740 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe

[2003-05-02 10:31:50 | 00,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE

[2005-11-17 06:50:02 | 00,147,456 | ---- | M] (MSN Content Plus) -- C:\WINDOWS\msnappm.exe

[2005-09-14 19:44:14 | 00,065,536 | ---- | M] (ali) -- C:\Program\USB Disk Win98 Driver\Res.exe

[2007-03-15 09:11:58 | 00,067,112 | ---- | M] (NetMaker Consulting Group AB) -- C:\WINDOWS\system32\iid.exe

[2008-07-09 22:33:34 | 00,036,352 | ---- | M] () -- C:\Program\Winamp\winampa.exe

[2008-10-16 10:07:48 | 00,201,976 | ---- | M] (TeliaSonera AB) -- C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

[2003-05-02 10:31:38 | 00,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

[2007-08-24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE

[2008-09-06 15:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QTTask.exe

[2008-09-10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunesHelper.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_07\bin\jusched.exe

[2006-02-27 21:40:44 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program\Delade filer\Real\Update_OB\realsched.exe

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe

[2006-03-10 15:33:43 | 00,401,408 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2008-09-10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe

[2008-10-03 09:27:49 | 01,245,064 | ---- | M] () -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe

[2008-08-23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2008-08-23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe

[2008-10-30 21:21:11 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-09-10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2005-09-23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008-02-09 17:06:34 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2008-02-09 17:06:34 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisk LiveUpdate-schemaläggare [Auto | Stopped])

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])

[2005-01-28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])

[2005-09-23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2005-01-28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])

[2007-08-22 01:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])

[2005-01-28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])

[2005-01-07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService [Auto | Running])

[2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008-09-10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2008-09-05 10:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe -- (sprtsvc_telia [Auto | Running])

[2007-10-08 08:52:36 | 00,157,000 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program\Smith Micro\StuffIt11\ArcNameService.exe -- (Stuffit Archive Name Service [Auto | Running])

[2008-10-16 10:07:04 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Auto | Stopped])

[2008-10-03 09:27:49 | 01,245,064 | ---- | M] () -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Running])

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2008-01-18 15:16:00 | 00,083,880 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus [On_Demand | Stopped])

[2005-01-28 16:48:58 | 02,310,272 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2001-08-17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2008-04-13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [boot | Running])

[2004-08-11 15:30:00 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2001-08-17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001-08-17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2001-09-06 18:54:56 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2008-07-30 16:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])

[2007-08-08 17:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])

[2001-08-17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2008-09-15 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008-09-15 09:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2008-04-13 19:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx [boot | Running])

[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2008-04-14 16:41:34 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2001-08-17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2008-08-25 09:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081102.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008-08-25 09:00:00 | 00,873,552 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081102.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2006-11-13 08:32:00 | 00,009,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])

[2006-11-13 08:32:00 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])

[2006-11-13 08:32:02 | 00,138,240 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])

[2006-11-13 08:32:00 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2008-01-04 22:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2001-08-17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001-08-17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001-08-17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2004-12-02 15:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2001-08-17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2008-01-16 21:05:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008-01-31 18:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])

[2008-01-31 18:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])

[2008-01-31 18:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running])

[2001-08-17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001-08-17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2008-06-13 13:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2008-10-06 16:35:42 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2008-06-13 13:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2008-06-13 13:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008-09-12 08:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SymcData\ipsdefs\20081029.003\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2008-06-13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])

[2008-06-13 13:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])

[2008-06-13 13:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2008-06-13 13:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2008-06-13 13:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001-08-17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001-08-17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2001-08-17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2003-07-02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2005-04-06 17:31:36 | 00,173,696 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])

[2004-07-06 22:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://www.google.com/ie

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://www.google.com

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.google.com

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://www.google.com

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Live Search

"SearchMigratedDefaultURL"=http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

"Start Page"=http://patronerna.se/wordpress/

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://www.google.com

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (710 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe (NEC Computers International)

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"msnsyslog"=C:\WINDOWS\msnappm.exe (MSN Content Plus)

"Net iD"=C:\WINDOWS\system32\iid.exe (NetMaker Consulting Group AB)

"osCheck"="C:\Program\Norton Internet Security\osCheck.exe" (Symantec Corporation)

"PCMService"="c:\Apps\Powercinema\PCMService.exe" (CyberLink Corp.)

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"=C:\Program\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia (TeliaSonera AB)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

"USB Storage Toolbox"=C:\Program\USB Disk Win98 Driver\Res.EXE (ali)

"WinampAgent"=C:\Program\Winamp\winampa.exe ()

"VTTimer"=VTTimer.exe (S3 Graphics, Inc.)

"VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

 

========== (O4) Startup Folders ==========

 

[2002-04-19 21:36:32 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

[2005-09-23 21:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2006-03-10 15:33:43 | 00,401,408 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=-1

"ForceClassicControlPanel"=1

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xport to Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-07-30 02:25:02 | 17,930,264 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- Reg Error: Key does not exist or could not be opened. File not found

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe File not found

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe File not found

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [sun Java-konsol] -> File not found

CmdMapping\\{2670000A-7350-4f3c-8081-5663EE0C6C49} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [send to OneNote] -> [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

CmdMapping\\{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

CmdMapping\\{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKLM] -> %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [PartyPoker.com] -> File not found

CmdMapping\\{C2A80015-C447-4dc4-82DD-AED83D6ED57E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{E6073F93-9541-4be4-9800-109D378EB99B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

atg.se: * in Trusted sites

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/FacebookPhotoUploader5.cab -- Facebook Photo Uploader 5

{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab -- MessengerStatsClient Class

{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool

{45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1}: http://www.king.com/ctl/kingcomie.cab -- king.com

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{5BF56AD2-E297-416E-BC49-000004040507}: https://cve.trust.telia.com/TeliaEleg/iidsetup.cab -- Reg Error: Key does not exist or could not be opened.

{5F8469B4-B055-49DD-83F7-62B522420ECC}: http://upload.facebook.com/controls/FacebookPhotoUploader.cab -- Facebook Photo Uploader Control

{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}: http://zone.msn.com/bingame/luxr/default/mjolauncher.cab -- MJLauncherCtrl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab'>http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab -- Java Plug-in 1.6.0_07

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab -- MessengerStatsClient Class

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab -- MSN Games - Installer

{BD393C14-72AD-4790-A095-76522973D6B8}: http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab -- CBreakshotControl Class

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{8404EB87-18D6-46D0-8875-C6DE28C8B438} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=karna.datFIGURATIO

>File not found --

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf4ae59c-e576-11dc-8de3-00148553804f}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf4ae59c-e576-11dc-8de3-00148553804f}\Shell\AutoRun\command]

""=F:\LaunchU3.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[5 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008-11-02 20:27:43 | 00,259,818 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\Misstänkta filer.zip

[2008-11-02 20:23:11 | 00,000,000 | ---D | C] -- C:\_OTMoveIt

[2008-11-02 20:21:51 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTMoveIt3.exe

[2008-11-01 18:44:05 | 03,677,599 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\nyttjobbkanske.wmv

[2008-10-31 15:17:31 | 00,031,122 | ---- | C] () -- C:\Documents and Settings\Ägaren\Mina dokument\Programlicensavtal för iTunes.rtf

[2008-10-31 15:03:55 | 00,002,111 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2008-10-31 14:58:33 | 00,000,000 | ---D | C] -- C:\Program\iPod

[2008-10-31 14:57:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008-10-31 14:57:02 | 00,000,000 | ---D | C] -- C:\Program\iTunes

[2008-10-31 14:54:59 | 00,000,000 | ---D | C] -- C:\Program\Bonjour

[2008-10-31 14:53:45 | 00,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\QuickTime Player.lnk

[2008-10-31 14:48:16 | 00,000,272 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-10-31 14:48:07 | 00,000,000 | ---D | C] -- C:\Program\Apple Software Update

[2008-10-31 14:44:12 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Apple

[2008-10-30 21:21:06 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTViewIt.exe

[2008-10-30 20:49:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Application Data\GlarySoft

[2008-10-30 20:43:45 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2008-10-30 20:43:40 | 00,000,646 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\Glary Utilities.lnk

[2008-10-30 20:43:35 | 00,000,000 | ---D | C] -- C:\Program\Glary Utilities

[2008-10-30 17:49:17 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.lnk

[2008-10-30 17:49:16 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-10-29 22:45:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Application Data\Malwarebytes

[2008-10-29 22:44:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-10-29 22:44:54 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-10-29 22:44:52 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-10-29 22:44:51 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2008-10-29 22:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008-10-29 22:17:24 | 00,000,000 | ---D | C] -- C:\Program\Enigma Software Group

[2008-10-29 21:57:20 | 00,019,310 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\lajud.dat

[2008-10-29 21:57:20 | 00,018,950 | ---- | C] () -- C:\Program\Delade filer\hynib._sy

[2008-10-29 21:57:20 | 00,018,849 | ---- | C] () -- C:\WINDOWS\lymyzi.db

[2008-10-29 21:57:20 | 00,018,742 | ---- | C] () -- C:\Program\Delade filer\fuxe.ban

[2008-10-29 21:57:20 | 00,017,036 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\veriwuse._sy

[2008-10-29 21:57:20 | 00,016,324 | ---- | C] () -- C:\Program\Delade filer\xecygofi.inf

[2008-10-29 21:57:20 | 00,016,048 | ---- | C] () -- C:\WINDOWS\System32\xomiw.db

[2008-10-29 21:57:20 | 00,015,859 | ---- | C] () -- C:\WINDOWS\System32\wutomyp.dat

[2008-10-29 21:57:20 | 00,015,214 | ---- | C] () -- C:\WINDOWS\utinavu.lib

[2008-10-29 21:57:20 | 00,015,024 | ---- | C] () -- C:\WINDOWS\ydynogy._dl

[2008-10-29 21:57:20 | 00,014,670 | ---- | C] () -- C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

[2008-10-29 21:57:20 | 00,013,457 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

[2008-10-29 21:57:20 | 00,013,280 | ---- | C] () -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

[2008-10-29 21:57:20 | 00,013,063 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\mibata.pif

[2008-10-29 21:57:20 | 00,012,445 | ---- | C] () -- C:\WINDOWS\System32\capuzebyhy.dll

[2008-10-29 21:57:20 | 00,010,856 | ---- | C] () -- C:\Documents and Settings\Ägaren\Application Data\yvose.inf

[2008-10-29 21:57:20 | 00,010,812 | ---- | C] () -- C:\Documents and Settings\All Users\Dokument\bupenyxa.com

[2008-10-29 21:57:20 | 00,010,796 | ---- | C] () -- C:\WINDOWS\System32\fykaroqon._dl

[2008-10-29 21:21:29 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\TDSSmtve.dat

[2008-10-26 17:57:10 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin

[2008-10-24 19:28:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2008-10-24 19:14:53 | 00,000,000 | ---D | C] -- C:\Program\Messenger

[2008-10-24 19:14:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\sv

[2008-10-24 19:14:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas

[2008-10-24 19:14:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits

[2008-10-24 19:10:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2008-10-24 19:02:32 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2008-10-24 19:02:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome

[2008-10-24 02:25:52 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-22 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\TVU Networks

[2008-10-22 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\LocalLow

[2008-10-22 20:47:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks

[2008-10-22 20:46:59 | 00,000,653 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\TVUPlayer.lnk

[2008-10-22 20:46:32 | 00,000,000 | ---D | C] -- C:\Program\TVUPlayer

[2008-10-21 07:23:13 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2008-10-21 07:22:23 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2008-10-21 07:18:25 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2008-10-20 21:08:59 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\Ägaren\Skrivbord\Telia Supportassistent.lnk

[2008-10-20 21:08:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2008-10-15 19:28:25 | 02,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2008-10-15 19:28:25 | 02,066,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2008-10-15 19:28:24 | 02,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2008-10-15 19:28:23 | 02,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2008-10-15 19:27:33 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

[2008-10-15 19:16:44 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

 

========== Files - Modified Within 30 Days ==========

 

[5 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008-11-02 20:39:35 | 00,259,818 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\Misstänkta filer.zip

[2008-11-02 20:22:00 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTMoveIt3.exe

[2008-11-02 18:30:26 | 00,000,593 | ---- | M] () -- C:\Documents and Settings\Ägaren\Mina dokument\Mina delade mappar.lnk

[2008-11-02 10:23:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-11-02 10:22:12 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2008-11-02 10:21:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-11-02 10:21:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-11-02 10:21:32 | 46,929,1008 | -HS- | M] () -- C:\hiberfil.sys

[2008-11-01 18:44:05 | 03,677,599 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\nyttjobbkanske.wmv

[2008-10-31 23:28:36 | 00,000,272 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2008-10-31 22:20:27 | 00,002,111 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\iTunes.lnk

[2008-10-31 16:01:40 | 00,052,612 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2008-10-31 15:17:31 | 00,031,122 | ---- | M] () -- C:\Documents and Settings\Ägaren\Mina dokument\Programlicensavtal för iTunes.rtf

[2008-10-31 14:53:45 | 00,001,575 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\QuickTime Player.lnk

[2008-10-31 14:18:16 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-10-30 21:21:11 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ägaren\Skrivbord\OTViewIt.exe

[2008-10-30 20:43:40 | 00,000,646 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\Glary Utilities.lnk

[2008-10-30 17:49:17 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\HijackThis.lnk

[2008-10-29 22:44:54 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-10-29 21:57:20 | 00,019,310 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\lajud.dat

[2008-10-29 21:57:20 | 00,018,950 | ---- | M] () -- C:\Program\Delade filer\hynib._sy

[2008-10-29 21:57:20 | 00,018,849 | ---- | M] () -- C:\WINDOWS\lymyzi.db

[2008-10-29 21:57:20 | 00,018,742 | ---- | M] () -- C:\Program\Delade filer\fuxe.ban

[2008-10-29 21:57:20 | 00,017,036 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\veriwuse._sy

[2008-10-29 21:57:20 | 00,016,324 | ---- | M] () -- C:\Program\Delade filer\xecygofi.inf

[2008-10-29 21:57:20 | 00,016,048 | ---- | M] () -- C:\WINDOWS\System32\xomiw.db

[2008-10-29 21:57:20 | 00,015,859 | ---- | M] () -- C:\WINDOWS\System32\wutomyp.dat

[2008-10-29 21:57:20 | 00,015,214 | ---- | M] () -- C:\WINDOWS\utinavu.lib

[2008-10-29 21:57:20 | 00,015,024 | ---- | M] () -- C:\WINDOWS\ydynogy._dl

[2008-10-29 21:57:20 | 00,014,670 | ---- | M] () -- C:\Documents and Settings\Ägaren\Application Data\nudahoroty.bin

[2008-10-29 21:57:20 | 00,013,457 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\vypurekyle._sy

[2008-10-29 21:57:20 | 00,013,280 | ---- | M] () -- C:\Documents and Settings\Ägaren\Lokala inställningar\Application Data\ypyx.exe

[2008-10-29 21:57:20 | 00,013,063 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\mibata.pif

[2008-10-29 21:57:20 | 00,012,445 | ---- | M] () -- C:\WINDOWS\System32\capuzebyhy.dll

[2008-10-29 21:57:20 | 00,010,856 | ---- | M] () -- C:\Documents and Settings\Ägaren\Application Data\yvose.inf

[2008-10-29 21:57:20 | 00,010,812 | ---- | M] () -- C:\Documents and Settings\All Users\Dokument\bupenyxa.com

[2008-10-29 21:57:20 | 00,010,796 | ---- | M] () -- C:\WINDOWS\System32\fykaroqon._dl

[2008-10-29 21:21:29 | 00,000,164 | ---- | M] () -- C:\WINDOWS\System32\TDSSmtve.dat

[2008-10-27 21:45:11 | 00,000,624 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Kör fullständig systemsökning - Ägaren.job

[2008-10-26 18:41:34 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin

[2008-10-26 08:59:02 | 00,961,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-10-26 08:59:02 | 00,407,240 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-10-26 08:59:02 | 00,404,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-10-26 08:59:02 | 00,074,780 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-10-26 08:59:02 | 00,063,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-10-24 23:05:47 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-10-24 19:28:06 | 00,349,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-10-24 19:07:05 | 00,250,560 | ---- | M] () -- C:\NTLDR

[2008-10-22 20:46:59 | 00,000,653 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\TVUPlayer.lnk

[2008-10-22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-10-22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-10-20 21:08:59 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\Ägaren\Skrivbord\Telia Supportassistent.lnk

[2008-10-15 17:38:27 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008-10-15 17:38:27 | 00,337,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2008-10-07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-10-06 16:35:42 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2008-10-06 16:35:42 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2008-10-06 16:35:42 | 00,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2008-10-06 16:35:42 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

< End of report >

[/log]

 

Extras logg:

[log]OTViewIt Extras logfile created on: 2008-11-02 22:03:11 - Run 2

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ägaren\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

447,48 Mb Total Physical Memory | 124,32 Mb Available Physical Memory | 27,78% Memory free

1,03 Gb Paging File | 0,56 Gb Available in Paging File | 54,83% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 143,03 Gb Total Space | 101,35 Gb Free Space | 70,86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 115,04 Gb Total Space | 85,86 Gb Free Space | 74,64% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN049209520126

Current User Name: Ägaren

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=1

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2005-04-19 15:14:02 | 13,192,360 | ---- | M] () -- C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype

[2006-08-22 16:45:55 | 00,159,744 | ---- | M] () -- C:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-01-30 03:19:32 | 00,073,728 | ---- | M] (Orb Networks, Inc.) -- C:\Program\Winamp Remote\bin\Orb.exe:*:Enabled:Orb

[2008-04-01 02:54:06 | 00,507,904 | ---- | M] (Orb Networks) -- C:\Program\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray

[2008-03-28 02:00:24 | 05,844,992 | ---- | M] (Orb Networks) -- C:\Program\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client

[2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-09-10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

ipp: [HKLM - No CLSID value]

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

msdaipp: [HKLM - No CLSID value]

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[2006-10-26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{17014473-0098-4DF0-827D-7D582697C78C}"=Microsoft .NET Framework 2.0 Language Pack - SVE

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD

"{2B43252C-A1E3-4C47-927C-9F2C276D3515}"=S3GSetup

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}"=Component Framework

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{35F866C0-D23D-421D-B0EE-E85125DCA6C7}"=SymNet

"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes

"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}"=USB Disk Win98 Driver

"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core

"{62120008-8E1E-4807-860D-A8B48F8552DB}"=Norton Protection Center

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}"=Norton AntiVirus

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec

"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}"=Macromedia Shockwave Player

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime

"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9D2B054C-D335-4870-ADFB-BC645CCC3C76}"=StuffIt 11

"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support

"{AC76BA86-7AD7-1053-7B44-A70500000002}"=Adobe Reader 7.0.5 - Svenska

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon

"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}"=Nokia Connectivity Cable Driver

"{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton AntiVirus Help

"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)

"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}"=Football Manager 2005

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore

"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Photoshop 7.0"=Adobe Photoshop 7.0

"Azureus Vuze"=Azureus Vuze

"c474c3891a130b8bd0297680e91988cd-1864537760"=Football Manager 2007

"DC++"=DC++ 0.707

"ENTERPRISE"=Microsoft Office Enterprise 2007

"Glary Utilities_is1"=Glary Utilities 2.8.0.366

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"king.com"=king.com (remove only)

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0

"Microsoft .NET Framework 2.0 Language Pack - SVE"=Microsoft .NET Framework 2.0 Language Pack - SVE

"Mozilla Firefox (1.5.0.12)"=Mozilla Firefox (1.5.0.12)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"Net iD"=Net iD 4.4

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Orb"=Winamp Remote

"Personal"=Personal 4.2.5

"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)

"RealPlayer 6.0"=RealPlayer

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}"=Norton Internet Security (Symantec Corporation)

"Telia Supportassistent_is1"=Telia Supportassistent

"TPTEST5_is1"=TPTEST 5.0.1

"TVAnts 1.0"=TVAnts 1.0

"TVUPlayer"=TVUPlayer 2.4.0.1

"VIA/S3G UniChrome Family Win2K/XP Display"=VIA/S3G Display Driver

"Winamp"=Winamp

"Winamp Toolbar for Firefox"=Winamp Toolbar for Firefox

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.5

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-10-17 15:23:52 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-17 15:23:53 | Computer Name = SN049209520126 | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Den här nätverksanslutningen finns inte.

 

Error - 2008-10-23 12:39:27 | Computer Name = SN049209520126 | Source = Application Hang | ID = 1002

Description = Stoppat program WINWORD.EXE, version 12.0.6308.5000, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-26 14:12:56 | Computer Name = SN049209520126 | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-10-26 14:17:14 | Computer Name = SN049209520126 | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16735, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-10-31 17:48:59 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-31 17:48:59 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-31 17:48:59 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-10-31 17:49:00 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-11-01 04:34:35 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2008-11-01 04:34:35 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2008-11-01 04:34:35 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: Beep

 

Error - 2008-11-02 05:23:41 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2008-11-02 05:23:42 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2008-11-02 05:23:42 | Computer Name = SN049209520126 | Source = Service Control Manager | ID = 7026

Description = Följande start- eller systemstartdrivrutin(er) avbröts på grund av

fel under start: Beep

 

 

< End of report >

[/log]

 

Link to comment
Share on other sites

Starta OTMoveIt

Kopiera alla dessa rader (använd markera kod):

:Files
C:\WINDOWS\msnappm.exe

Klistra in dem i rutan Paste Instructions for Items to be Moved

Tryck på MoveIt!

Om du blir tillfrågad om att starta om datorn så gör det.

Gå till mappen c:\_OTMoveIt\MovedFiles och öppna loggfilen som skapades med dagens datum och klockslag. Kopiera innehållet och klistra in här.

 

Hur fungerar datorn?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...