Just nu i M3-nätverket
Gå till innehåll

Segt Internet


nataliej

Rekommendera Poster

När jag inte gör något alls har Systemets vänteprocess 98 i CPU, och de resterande 2 skiftar mellan explorer.exe, iexplore.exe och taskmgr.exe

 

När jag laddar en ny sida brukar Systemets vänteprocess gå ned till ca 60 och iexplore.exe öka till ca 40.

 

Länk till kommentar
Dela på andra webbplatser

  • Svars 52
  • Skapad
  • Senaste svar

Jag har gjort det nya testet på Bredbandskollen. Nu fick jag ett jättekonstigt resultat, 14.26 Mbit/s trots att nätet fortfarande är lika segt.

 

[bild bifogad 2008-12-04 13:46:46 av nataliej]

1104255_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Hög nedladdning, men liten uppladdning och lång svarstid. Men lite underligt att du får högre nedladdning än du betalar för. Gör testet en gång till.

 

Se om du kan ladda ner MBAM från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

 

 

Länk till kommentar
Dela på andra webbplatser

Nu har jag gjort testet igen, och fick ett mer rimligt resultat.

 

Jag har laddat ner MBAM, hur ska jag använda det?

 

[bild bifogad 2008-12-04 15:08:11 av nataliej]

1104274_thumb.jpg

Länk till kommentar
Dela på andra webbplatser

Dubbelklicka på mbam-setup för att installera programmet.

 

Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar.

 

Länk till kommentar
Dela på andra webbplatser

Okej, här kommer loggen:

 

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1306

Windows 5.1.2600 Service Pack 2

 

2008-12-04 18:40:06

mbam-log-2008-12-04 (18-40-06).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 59818

Förfluten tid: 8 minute(s), 27 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) ->

 

Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) ->

 

Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) ->

 

Quarantined and deleted successfully.[/log]

 

Länk till kommentar
Dela på andra webbplatser

Så det var lite skadliga filer i datorn i alla fall.

 

Trojan.Goldun är en som brukar stjäla inloggningsinformation till banker och liknande, så det kan vara bra om du har extra koll på bankkonton, paypal etc.

 

MBAM är inte uppdaterad. Kan du uppdatera den inifrån programmet?

Om inte så ladda hem senaste databasversionen från:

http://www.gt500.org/malwarebytes/database.jsp

Skanna sedan en gång till och klistra in den nya loggen om något hittas.

 

Länk till kommentar
Dela på andra webbplatser

Ojdå, det lät ju inte så trevligt. Ska tänka på det i fortsättningen.

 

Jag har försökt att uppdatera programmet, men tyvärr är hastigheten alldeles för dålig för att jag ska kunna ladda ner någonting just nu.

 

Länk till kommentar
Dela på andra webbplatser

Kan det vara så att internet fungerar bättre just efter att datorn har startats om?

 

Det här är inte så stort program så det bör gå bra.

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar.

 

Länk till kommentar
Dela på andra webbplatser

Efter många om och men lyckades jag ladda ner uppdateringen för MBAM, så här kommer en ny logg därifrån:

 

[log]Malwarebytes' Anti-Malware 1.30

Databasversion: 1442

Windows 5.1.2600 Service Pack 2

 

2008-12-04 23:11:30

mbam-log-2008-12-04 (23-11-30).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 62402

Förfluten tid: 7 minute(s), 11 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 2

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) ->

Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)[/log]

 

Och här kommer loggarna från OTViewIt:

 

[log]OTViewIt logfile created on: 2008-12-04 23:31:02 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\****\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511.48 Mb Total Physical Memory | 167.57 Mb Available Physical Memory | 32.76% Memory free

1.22 Gb Paging File | 0.63 Gb Available in Paging File | 51.94% Paging File free

Paging file location(s): C:\pagefile.sys 766 766;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 141.54 Gb Total Space | 65.42 Gb Free Space | 46.22% Space Free | Partition Type: NTFS

Unable to calculate disk information.

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive O: | 1.92 Gb Total Space | 1.92 Gb Free Space | 100.00% Space Free | Partition Type: FAT

 

Computer Name: PACKARDBELL

Current User Name: ****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2006-07-19 03:51:42 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2001-12-12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

[2008-06-12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\sched.exe

[2006-07-19 03:51:42 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2008-08-07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avguard.exe

[2008-05-09 13:22:43 | 00,041,217 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avesvc.exe

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2007-11-20 20:29:03 | 00,361,040 | ---- | M] (COMODO) -- C:\Program\Comodo\Firewall\cmdagent.exe

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe

[2007-03-10 16:49:12 | 00,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe

[2004-02-26 15:53:30 | 00,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2008-07-11 12:23:26 | 00,164,097 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avmailc.exe

[2007-06-29 05:24:52 | 00,286,720 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QTTask.exe

[2004-06-25 15:20:46 | 00,081,920 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe

[2008-06-12 14:59:51 | 00,258,305 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe

[2003-12-31 16:39:04 | 00,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

[2005-09-30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program\Canon\CAL\CALMAIN.exe

[2008-10-16 10:07:48 | 00,201,976 | ---- | M] (TeliaSonera AB) -- C:\Program\Telia\Supportassistent\bin\sprtcmd.exe

[2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program\ekort\ekort.exe

[2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program\ATI Technologies\ATI.ACE\CLI.exe

[2004-01-08 08:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\MouseWare\system\EM_EXEC.EXE

[2005-03-17 13:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program\ScanSoft\PaperPort\pptd40nt.exe

[2007-05-10 09:35:50 | 00,102,400 | ---- | M] () -- C:\WINDOWS\system32\OBroker.exe

[2008-06-12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avgnt.exe

[2008-07-20 15:22:34 | 01,506,544 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[2008-05-04 07:09:46 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2005-04-23 18:12:00 | 00,802,816 | ---- | M] (Brother Industries, Ltd.) -- C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

[2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program\ATI Technologies\ATI.ACE\CLI.exe

[2006-01-02 16:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program\ATI Technologies\ATI.ACE\CLI.exe

[2007-11-20 20:29:05 | 01,115,728 | ---- | M] (COMODO) -- C:\Program\Comodo\Firewall\cpf.exe

[2004-11-19 19:50:26 | 00,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program\Brother\Brmfcmon\BrMfcMon.exe

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe

[2008-11-18 18:25:54 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program\Delade filer\Real\Update_OB\realsched.exe

[2004-08-04 09:34:34 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe

[2008-09-04 01:47:58 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe

[2008-12-04 23:30:04 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2005-07-10 16:09:00 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])

[2008-07-11 12:23:26 | 00,164,097 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService [Auto | Running])

[2008-06-12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler [Auto | Running])

[2008-08-07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService [Auto | Running])

[2008-06-12 14:59:51 | 00,258,305 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe -- (antivirwebservice [Auto | Running])

[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2006-07-19 03:51:42 | 00,401,408 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2006-07-18 20:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

[2008-05-09 13:22:43 | 00,041,217 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService [Auto | Running])

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2002-04-11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Stopped])

[2005-09-30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])

[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007-11-20 20:29:03 | 00,361,040 | ---- | M] (COMODO) -- C:\Program\Comodo\Firewall\cmdagent.exe -- (CmdAgent [Auto | Running])

[2008-03-11 18:18:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2007-10-09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])

[2007-10-11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped])

[2005-02-01 14:44:37 | 00,068,096 | ---- | M] () -- C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])

[2007-10-11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])

[2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2003-01-17 01:02:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Stopped])

[2007-10-16 15:42:06 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program\Delade filer\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])

[2008-10-16 10:07:50 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Telia\Supportassistent\bin\sprtsvc.exe -- (sprtsvc_telia [Auto | Running])

[2008-10-16 10:07:04 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [Auto | Stopped])

[2007-03-10 16:49:12 | 00,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7 [Auto | Running])

[2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])

[2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 10:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2004-02-24 10:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])

[2004-02-26 23:50:38 | 00,611,820 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2001-08-17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2004-08-04 07:07:42 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [boot | Running])

[2004-08-04 09:06:21 | 00,041,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Running])

[2001-08-17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001-08-17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[2006-07-19 03:58:14 | 01,621,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2008-11-18 21:55:46 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])

[2007-02-27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio [system | Running])

[2008-05-20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt [On_Demand | Running])

[2008-06-27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [system | Running])

[2004-10-15 11:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Running])

[2001-09-06 18:54:56 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2007-11-20 20:29:31 | 00,075,520 | ---- | M] (Comodo Research Lab., Inc.) -- C:\WINDOWS\system32\drivers\cmdmon.sys -- (CmdMon [system | Running])

[2001-08-17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2003-11-11 17:41:08 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB [On_Demand | Running])

[2004-11-05 10:08:06 | 00,670,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])

[2007-11-20 20:29:31 | 00,051,328 | ---- | M] (COMODO) -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect [boot | Running])

[2004-08-04 10:18:46 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2003-12-17 08:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])

[2008-01-09 09:22:24 | 00,083,584 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\lgmcbus.sys -- (lgmcbus [On_Demand | Stopped])

[2008-01-09 09:22:26 | 00,014,976 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\lgmcmdfl.sys -- (lgmcmdfl [On_Demand | Stopped])

[2008-01-09 09:22:26 | 00,110,464 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\lgmcmdm.sys -- (lgmcmdm [On_Demand | Stopped])

[2008-11-10 13:05:40 | 00,025,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])

[2003-12-17 08:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])

[2001-08-17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2003-02-16 15:08:18 | 00,210,128 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])

[2004-08-04 06:41:38 | 01,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])

[2002-08-08 15:51:32 | 00,038,951 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB [On_Demand | Stopped])

[2004-08-04 06:41:40 | 00,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax [On_Demand | Stopped])

[2003-04-28 10:16:07 | 00,050,816 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06 [system | Running])

[2003-04-28 11:12:21 | 00,094,464 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02 [boot | Running])

[2003-04-04 08:41:46 | 00,006,848 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1 [boot | Running])

[2003-04-24 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-05-29 15:52:59 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2001-08-17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001-08-17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001-08-17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2004-08-04 06:41:39 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys -- (RecAgent [On_Demand | Stopped])

[2008-07-20 15:22:37 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [system | Running])

[2006-02-16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])

[2008-07-20 15:22:40 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [system | Running])

[2004-11-21 18:25:37 | 00,012,400 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])

[2006-03-26 13:22:14 | 00,051,200 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01 [boot | Running])

[2003-04-29 12:10:40 | 00,004,448 | ---- | M] (StarForce Technologies, Inc.) -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01 [boot | Running])

[2006-03-13 10:38:23 | 00,006,656 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02 [boot | Running])

[2006-03-24 17:27:01 | 00,050,176 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04 [boot | Running])

[2005-11-03 15:40:07 | 00,063,488 | ---- | M] (Protection Technology) -- C:\WINDOWS\system32\drivers\sfvfs02.sys -- (sfvfs02 [boot | Running])

[2004-08-04 07:07:42 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [boot | Running])

[2003-02-16 15:11:56 | 00,516,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr [On_Demand | Running])

[2004-08-04 06:41:44 | 00,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal [On_Demand | Stopped])

[2003-01-17 00:19:32 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup [On_Demand | Running])

[2001-08-17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2008-07-28 19:43:48 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2005-05-23 14:27:00 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus [On_Demand | Stopped])

[2005-05-23 14:27:00 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])

[2005-05-23 14:27:00 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])

[2007-03-01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [system | Running])

[2001-08-17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001-08-17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2001-08-17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001-08-17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2004-08-04 07:03:17 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Stopped])

[2001-08-17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2002-12-27 03:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2003-04-24 12:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [system | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.eniro.se/

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://ie.search.msn.com/sv/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

"Start Page"=http://securityresponse.symantec.com/avcenter/fix_homepage/

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.eniro.se/

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Internet Explorer\Search]

"SearchAssistant"=http://ie.search.msn.com/sv/srchasst/srchasst.htm

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (710 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File not found

{1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} (HKLM) -- C:\Program\ekort\Bhoekort.dll (Orbiscom Ltd. All rights reserved.)

{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{C08DF07A-3E49-4E25-9AB0-D3882835F153} (HKLM) -- C:\Program\IDM\QUICKfind\PlugIns\IEHelp.dll ()

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Program\ATI Technologies\ATI.ACE\CLIStart.exe" ()

"avgnt"="C:\Program\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min (Avira GmbH)

"COMODO Firewall Pro"="C:\Program\Comodo\Firewall\CPF.exe" /background (COMODO)

"ControlCenter2.0"=C:\Program\Brother\ControlCenter2\brctrcen.exe /autorun (Brother Industries, Ltd.)

"e-kort"=C:\Program\ekort\ekort.exe /dontopenmycards (Orbiscom Ltd. All rights reserved.)

"IndexSearch"=C:\Program\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)

"Logitech Utility"=Logi_MwX.Exe (Logitech Inc.)

"PaperPort PTD"=C:\Program\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

"PCMService"="c:\Apps\Powercinema\PCMService.exe" (CyberLink Corp.)

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" -atboottime (Apple Inc.)

"SetDefPrt"=C:\Program\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)

"snpstd"=C:\WINDOWS\vsnpstd.exe ()

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"SSBkgdUpdate"="C:\Program\Delade filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Scansoft, Inc.)

"Telia"="C:\Program\Telia\Supportassistent\bin\sprtcmd.exe" /P Telia (TeliaSonera AB)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"=C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"=C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

 

========== (O4) RunOnce Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

 

========== (O4) Startup Folders ==========

 

[2008-05-04 07:09:46 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

[2005-04-23 18:12:00 | 00,802,816 | ---- | M] (Brother Industries, Ltd.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Status Monitor.lnk = C:\Program\Brother\Brmfcmon\BrMfcWnd.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=0

"DisableRegedit"=0

"NoFind"=0

"NoRun"=0

"NoDesktop"=0

"NoControlPanel"=0

"NoClose"=0

"StartMenuLogOff"=0

"HideClock"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=0

"DisableRegedit"=0

"NoFind"=0

"NoRun"=0

"NoDesktop"=0

"NoControlPanel"=0

"NoClose"=0

"StartMenuLogOff"=0

"HideClock"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 09:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 09:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 09:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2003-08-13 09:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [2007-07-12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referensinformation -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003-07-15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6}: Button: e-kort -- %ProgramFiles%\ekort\ekort.exe [2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [sun Java-konsol] -> [2007-07-12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{4C730913-3961-439b-83D5-F4E445520422} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2003-07-15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} [HKLM] -> %ProgramFiles%\ekort\ekort.exe [e-kort] -> [2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [sun Java-konsol] -> [2007-07-12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2003-07-15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} [HKLM] -> %ProgramFiles%\ekort\ekort.exe [e-kort] -> [2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [sun Java-konsol] -> [2007-07-12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2003-07-15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} [HKLM] -> %ProgramFiles%\ekort\ekort.exe [e-kort] -> [2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [sun Java-konsol] -> [2007-07-12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{4C730913-3961-439b-83D5-F4E445520422} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2003-07-15 05:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)

CmdMapping\\{F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} [HKLM] -> %ProgramFiles%\ekort\ekort.exe [e-kort] -> [2007-05-10 09:36:26 | 00,233,472 | ---- | M] (Orbiscom Ltd. All rights reserved.)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{166B1BCA-3F9C-11CF-8075-444553540000}: http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control

{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool

{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control

{8569D715-FF88-44BA-8D1D-AD3E59543DDE}: https://213.180.94.106/podb/elev/arview2.cab -- ActiveReports Viewer2

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -- Java Plug-in 1.6.0_02

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{917623D1-D8E5-11D2-BE8B-00104B06BDE3}: http://axis.retea.se/activex/AxisCamControl.ocx -- CamImage Class

{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab -- MSN Games - Installer

{C36112BF-2FA3-4694-8603-3B510EA3B465}: http://f007.mail.spray.se/app/uploader/FileUploader.cab -- Lycos File Upload Component

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -- MessengerStatsClient Class

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -- Java Plug-in 1.6.0_01

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -- Java Plug-in 1.6.0_02

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -- Java Plug-in 1.6.0_02

{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{6D944ED8-D92C-468D-876D-82626658AA8B} (Servers: 195.67.199.12,195.67.199.13 | Description: VIA Rhine II Fast Ethernet Adapter)

{E52D529A-2DBA-40ED-AD5B-00C0233E1B6D} (Servers: | Description: )

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Files/Folders - Created Within 30 Days ==========

 

[8 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

File not found -- C:\Documents and Settings\****\Skrivbord\CAVIGZZ1.

File not found -- C:\Documents and Settings\****\Skrivbord\CA0525TA.

[2008-12-04 23:30:06 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\****\Skrivbord\OTViewIt.exe

[2008-12-04 14:52:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Malwarebytes

[2008-12-04 14:52:40 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-04 14:52:40 | 00,000,667 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-12-04 14:52:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-04 14:52:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008-12-04 14:52:34 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2008-12-03 17:48:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Avira

[2008-12-03 14:27:04 | 00,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\AntiVir PE Premium.lnk

[2008-12-03 14:26:53 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2008-12-03 14:26:53 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2008-12-03 14:26:52 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2008-12-03 14:26:50 | 00,094,465 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\avsda.dll

[2008-12-03 14:26:49 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2008-12-03 14:26:48 | 00,000,000 | ---D | C] -- C:\Program\Avira

[2008-12-03 14:26:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira

[2008-12-02 20:40:14 | 00,001,681 | ---- | C] () -- C:\Documents and Settings\****\Skrivbord\HijackThis.lnk

[2008-12-02 20:40:14 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-12-02 18:24:45 | 00,001,430 | ---- | C] () -- C:\ZB20081202182424001.xml

[2008-11-25 12:39:28 | 00,001,334 | ---- | C] () -- C:\ZB20081125123926001.xml

[2008-11-24 15:13:52 | 00,003,367 | ---- | C] () -- C:\ZB20081124151341001.xml

[2008-11-24 12:40:01 | 01,578,246 | -H-- | C] () -- C:\Documents and Settings\****\Lokala inställningar\Application Data\IconCache.db

[2008-11-22 09:59:32 | 00,000,636 | ---- | C] () -- C:\Documents and Settings\****\Skrivbord\PC Wizard 2008.lnk

[2008-11-22 09:59:31 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\PCWizard.cpl

[2008-11-22 09:59:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Java

[2008-11-22 09:59:30 | 00,000,000 | ---D | C] -- C:\Program\PC Wizard 2008

[2008-11-21 14:59:22 | 00,001,227 | ---- | C] () -- C:\ZB20081121145919001.xml

[2008-11-18 21:59:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\****\Application Data\Games

[2008-11-18 21:57:36 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll

[2008-11-18 21:57:36 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll

[2008-11-18 21:57:34 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll

[2008-11-18 21:56:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2008-11-18 21:56:09 | 00,000,000 | ---D | C] -- C:\Program\AGEIA Technologies

[2008-11-18 18:26:26 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\xing shared

[2008-11-18 01:06:11 | 00,000,000 | ---D | C] -- C:\Program\Extractor

[2008-11-17 13:47:26 | 00,001,869 | ---- | C] () -- C:\ZB20081117134723001.xml

[2008-11-13 14:20:01 | 00,000,040 | ---- | C] () -- C:\WINDOWS\RUNAWAY2.INI

[2008-11-13 14:05:37 | 00,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Runaway 2.lnk

[2008-11-13 14:05:37 | 00,000,000 | ---D | C] -- C:\Program\PENDULO Studios

[2008-11-10 16:09:54 | 00,001,120 | ---- | C] () -- C:\ZB20081110160953001.xml

[2008-11-10 13:05:41 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-11-10 13:05:40 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-11-10 13:05:31 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll

[2008-11-10 13:05:31 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll

[2008-11-10 13:05:31 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll

[2008-11-10 13:05:30 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll

[2008-11-10 13:05:30 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2008-11-10 13:05:30 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2008-11-10 13:05:29 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2008-11-10 13:05:29 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2008-11-10 13:05:28 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2008-11-10 13:05:18 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2008-11-10 13:05:18 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2008-11-10 13:05:18 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2008-11-10 13:05:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2008-11-10 13:05:17 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2008-11-10 13:05:16 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2008-11-10 13:05:15 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2008-11-10 13:05:14 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2008-11-10 13:05:10 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

[2008-11-07 13:26:49 | 00,001,227 | ---- | C] () -- C:\ZB20081107132647001.xml

 

========== Files - Modified Within 30 Days ==========

 

[8 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

File not found -- C:\Documents and Settings\****\Skrivbord\CAVIGZZ1.

File not found -- C:\Documents and Settings\****\Skrivbord\CA0525TA.

[2008-12-04 23:30:04 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\****\Skrivbord\OTViewIt.exe

[2008-12-04 14:52:40 | 00,000,667 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-12-04 01:56:05 | 00,143,360 | ---- | M] () -- C:\Documents and Settings\****\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-03 18:48:43 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-03 18:45:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-03 18:45:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-03 18:45:33 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-03 14:27:05 | 00,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\AntiVir PE Premium.lnk

[2008-12-02 20:40:14 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\****\Skrivbord\HijackThis.lnk

[2008-12-02 18:24:45 | 00,001,430 | ---- | M] () -- C:\ZB20081202182424001.xml

[2008-12-02 13:46:16 | 00,000,605 | ---- | M] () -- C:\Documents and Settings\****\Mina dokument\Mina delade mappar.lnk

[2008-12-01 21:14:08 | 01,578,246 | -H-- | M] () -- C:\Documents and Settings\****\Lokala inställningar\Application Data\IconCache.db

[2008-11-29 14:55:42 | 00,003,350 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2008-11-25 12:39:28 | 00,001,334 | ---- | M] () -- C:\ZB20081125123926001.xml

[2008-11-24 15:13:52 | 00,003,367 | ---- | M] () -- C:\ZB20081124151341001.xml

[2008-11-22 09:59:32 | 00,000,636 | ---- | M] () -- C:\Documents and Settings\****\Skrivbord\PC Wizard 2008.lnk

[2008-11-21 14:59:22 | 00,001,227 | ---- | M] () -- C:\ZB20081121145919001.xml

[2008-11-18 21:55:46 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-11-18 21:15:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2008-11-18 18:25:59 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll

[2008-11-18 18:25:59 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll

[2008-11-18 18:25:59 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2008-11-17 17:17:41 | 01,591,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008-11-17 13:47:26 | 00,001,869 | ---- | M] () -- C:\ZB20081117134723001.xml

[2008-11-14 20:07:03 | 00,076,624 | ---- | M] () -- C:\Documents and Settings\****\Lokala inställningar\Application Data\GDIPFONTCACHEV1.DAT

[2008-11-13 14:05:37 | 00,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Runaway 2.lnk

[2008-11-10 16:09:54 | 00,001,120 | ---- | M] () -- C:\ZB20081110160953001.xml

[2008-11-10 13:05:40 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-11-09 20:24:28 | 00,002,489 | ---- | M] () -- C:\Documents and Settings\****\Skrivbord\Microsoft Office Excel 2003.lnk

[2008-11-07 13:26:49 | 00,001,227 | ---- | M] () -- C:\ZB20081107132647001.xml

< End of report >

[/log]

 

[log]OTViewIt Extras logfile created on: 2008-12-04 23:31:02 - Run

OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\****\Skrivbord

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511.48 Mb Total Physical Memory | 167.57 Mb Available Physical Memory | 32.76% Memory free

1.22 Gb Paging File | 0.63 Gb Available in Paging File | 51.94% Paging File free

Paging file location(s): C:\pagefile.sys 766 766;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 141.54 Gb Total Space | 65.42 Gb Free Space | 46.22% Space Free | Partition Type: NTFS

Unable to calculate disk information.

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive O: | 1.92 Gb Total Space | 1.92 Gb Free Space | 100.00% Space Free | Partition Type: FAT

 

Computer Name: PACKARDBELL

Current User Name: ****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=1

"AntiVirusOverride"=1

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2004-08-04 09:34:42 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2004-08-04 09:34:42 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

File not found -- C:\Program\Direct Connect\Direct Connect.exe:*:Enabled:Direct Connect

File not found -- C:\Program\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer

File not found -- C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++

File not found -- C:\Documents and Settings\****\Skrivbord\DCPlusPlus.exe:*:Enabled:DC++

[2007-08-17 11:25:34 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer

File not found -- C:\Documents and Settings\****\Skrivbord\Natalie\Musik\DOWNLOADS\Rise of the nations\thrones.exe:*:Enabled:Rise of Nations

File not found -- C:\Program\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations

File not found -- C:\Program\Hasbro Interactive\RollerCoaster Tycoon\rct.exe:*:Enabled:rct

File not found -- C:\WINDOWS\system32\opeB8.exe:*:Enabled:opeB8

File not found -- C:\Program\BitTorrent\btdownloadgui.exe:*:Disabled:btdownloadgui

File not found -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

File not found -- C:\Program\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8

File not found -- C:\Documents and Settings\***\Skrivbord\Natalie\Downloads\DCPlusPlus-0.698\DCPlusPlus.exe:*:Enabled:DC++

File not found -- C:\Program\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

File not found -- C:\Documents and Settings\****\Skrivbord\Natalie\Downloads\Program\DCPlusPlus-0.698\DCPlusPlus.exe:*:Enabled:DC++

[2008-09-04 01:47:58 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox

[2006-11-15 10:49:18 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player

File not found -- C:\Program\PPLive\PPLive.exe:*:Enabled:PPLive

[2008-09-18 00:23:33 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program\LimeWire\LimeWire.exe:*:Enabled:LimeWire

[2008-11-04 13:59:55 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2007-10-18 11:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2006-02-28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found

Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== HKEY_USERS Protocol Defaults ==========

 

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols

shell -- shell protocol not assigned

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2003-07-11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2003-07-11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2003-07-11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2000-04-19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2003-08-01 22:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2003-07-15 05:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}"=OpenMG

"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}"=LG PC Suite II

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{1F4A7C46-FB51-4B49-8074-506E444E3C92}"=RUNAWAY 2 - The dream of the turtle

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD

"{224C47F4-CB95-406C-8AD6-81002FEED0CF}"=Hoyle Casino 2004

"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2

"{279FC9F9-1872-4927-AB0E-A93154F7D339}"=cdrLabel 7.1

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3

"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1

"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}"=Microsoft .NET Framework 3.5

"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java 6 Update 2

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}"=Music Visualizer Library 1.4.00

"{3BB87A96-FDDC-4435-8267-D9D70CF3ABD9}"=LG PC Suite II

"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}"=Adobe Photoshop CS3

"{45235788-142C-44BE-8A4D-DDE9A84492E5}"=AGEIA PhysX v7.09.13

"{470FB20B-0FCD-4DB4-9DE9-0744E2DAC93C}"=SolidWorks 2007-2008 Student Design Kit

"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}"=Logitech MouseWare 9.79.1

"{593AFFA4-D08E-4272-BABB-420949D32A10}"=QUICKfind

"{6059C682-4C5F-4106-8487-943E98225D3B}"=LG MC USB Modem driver

"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All

"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings

"{6E65247F-58F9-41CA-BE69-0316F7907170}"=Disc2Phone

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}"=SonicStage

"{77F09242-A107-4CB6-A295-D8656C2C3795}"=Samsung USB Driver (MCCI 4.24)

"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{9112041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!

"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{A17EABB6-D0C6-44E5-820C-72DC7F495064}"=PaperPort

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific

"{A4B31743-FC57-4DA6-944D-8195A36B344F}"=Microsoft Works 7.0

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}"=Packard Bell InfoCentre

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3

"{BA9632CB-2B93-4FD6-905C-BB325CE1C4DD}"=e-kort

"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}"=Brother MFL-Pro Suite

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{D1814774-15EF-4C8A-B928-2E013346B26D}"=ATI Catalyst Control Center

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files

"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}"=Samsung PC Studio 2.1

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}"=Microsoft XML Parser

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings

"{E142615E-5ED8-4511-9BF0-0284BFA25766}"=ArcSoft PhotoImpression

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E5A93086-C9A3-4BD6-9227-61C67D9F900C}"=eDrawings 2007

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{ED14F9FF-12A5-3BB6-A0D9-67B45FB16BF9}"=Microsoft .NET Framework 3.5 Language Pack - sve

"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}"=Adobe Setup

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player"=Adobe Shockwave Player

"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2

"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings

"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1"=Adobe Photoshop CS3

"AdobeESD"=Adobe Download Manager 2.0 (endast avinstallation)

"All ATI Software"=ATI - Software Uninstall Utility

"AntiVir PersonalEdition Premium"=Avira AntiVir Premium

"ATI Display Driver"=ATI Display Driver

"Audacity_is1"=Audacity 1.2.6

"AVI ReComp"=AVI ReComp 1.3.0

"Avi2Dvd"=Avi2Dvd 0.4.5 beta

"AviSynth"=AviSynth 2.5

"CAL"=Canon Camera Access Library

"CameraWindowDVC6"=Canon Camera Window DC_DV 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder"=Canon G.726 WMP-Decoder

"Canon Internet Library for ZoomBrowser EX"=Canon Internet Library for ZoomBrowser EX

"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2007-07-22

"COMODO Firewall Pro"=COMODO Firewall Pro

"coverXP"=coverXP (remove only)

"CSCLIB"=Canon Camera Support Core Library

"dBpoweramp FLAC Codec"=dBpoweramp FLAC Codec

"EOS Utility"=Canon Utilities EOS Utility

"FotoLabo OnlineFoto"=FotoLabo OnlineFoto

"FrostWire"=FrostWire 4.13.4

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"IKEA Home Planner Kitchen"=IKEA Home Planner Kitchen

"ImageDrive!UninstallKey"=ImageDrive (ahead software)

"ImgBurn"=ImgBurn

"InstallShield_{224C47F4-CB95-406C-8AD6-81002FEED0CF}"=Hoyle Casino 2004

"InstallShield_{77F09242-A107-4CB6-A295-D8656C2C3795}"=Samsung USB Driver (MCCI 4.24)

"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}"=Samsung PC Sync 2.1

"iriver plus 3"=iriver plus 3 (remove only)

"ldoce4v2"=LONGMAN Dictionary of Contemporary English

"LimeWire"=LimeWire PRO 4.18.7

"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware

"Matematiska tecken"=Matematiska tecken

"Microsoft .NET Framework 3.5"=Microsoft .NET Framework 3.5

"Microsoft .NET Framework 3.5 Language Pack - sve"=Språkpaket för Microsoft .NET Framework 3.5 - Swedish

"Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Olympens härskare Zeus"=Olympens härskare Zeus

"OpenMG HotFix3.1-02-08-09-01"=OpenMG Limited Patch 3.1-02-12-04-01

"OpenMG HotFix3.1-02-08-15-01"=OpenMG Limited Patch 3.1-02-10-22-01

"OpenMG HotFix3.1-02-10-08-01"=OpenMG Limited Patch 3.1-02-10-22-02

"PC Wizard 2008_is1"=PC Wizard 2008.1.87

"Personal"=Personal 4.8.1

"Pharaoh"=Pharaoh

"RealPlayer 6.0"=RealPlayer

"RemoteCaptureTask"=Canon RemoteCapture Task for ZoomBrowser EX

"Telia Supportassistent_is1"=Telia Supportassistent

"WIC"=Windows Imaging Component

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 2

"WinGrodan"=WinGrodan

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6d

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"VobSub"=VobSub v2.23 (Remove Only)

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0

"Xvid_is1"=Xvid 1.1.2 final uninstall

"Yahoo! Toolbar"=Yahoo! Toolbar

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3542361404-2593181083-1284082804-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-11-26 17:09:26 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16544, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-28 03:35:46 | Computer Name = PACKARDBELL | Source = Application Error | ID = 1000

Description = Felaktigt program iexplore.exe, version 7.0.6000.16544, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x74657373.

 

Error - 2008-11-29 14:29:17 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16544, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-30 13:20:23 | Computer Name = PACKARDBELL | Source = Application Error | ID = 1000

Description = Felaktigt program superantispyware.exe, version 4.15.0.1000, felaktig

modul rpcrt4.dll, version 5.1.2600.3173, felaktig adress 0x000085f7.

 

Error - 2008-11-30 13:20:29 | Computer Name = PACKARDBELL | Source = Application Error | ID = 1000

Description = Felaktigt program drwtsn32.exe, version 5.1.2600.0, felaktig modul

dbghelp.dll, version 5.1.2600.2180, felaktig adress 0x0001295d.

 

Error - 2008-11-30 13:21:10 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program SUPERAntiSpyware.exe, version 4.15.0.1000, stoppad

modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-30 13:21:48 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program SUPERAntiSpyware.exe, version 4.15.0.1000, stoppad

modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-30 13:22:02 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program SUPERAntiSpyware.exe, version 4.15.0.1000, stoppad

modul hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-01 16:31:00 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program bcont_nm.exe, version 7.0.940.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-01 17:33:13 | Computer Name = PACKARDBELL | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16544, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-12-01 18:16:53 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten BrSplService registrerade ett ogiltigt aktuellt läge 0.

 

Error - 2008-12-01 18:16:53 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten SmartLinkService registrerade ett ogiltigt aktuellt läge

0.

 

Error - 2008-12-02 18:57:32 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten BrSplService registrerade ett ogiltigt aktuellt läge 0.

 

Error - 2008-12-02 18:57:32 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten SmartLinkService registrerade ett ogiltigt aktuellt läge

0.

 

Error - 2008-12-02 20:50:17 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten BrSplService registrerade ett ogiltigt aktuellt läge 0.

 

Error - 2008-12-02 20:50:18 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten SmartLinkService registrerade ett ogiltigt aktuellt läge

0.

 

Error - 2008-12-03 12:05:21 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten BrSplService registrerade ett ogiltigt aktuellt läge 0.

 

Error - 2008-12-03 12:05:22 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten SmartLinkService registrerade ett ogiltigt aktuellt läge

0.

 

Error - 2008-12-03 13:49:22 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten BrSplService registrerade ett ogiltigt aktuellt läge 0.

 

Error - 2008-12-03 13:49:22 | Computer Name = PACKARDBELL | Source = Service Control Manager | ID = 7016

Description = Tjänsten SmartLinkService registrerade ett ogiltigt aktuellt läge

0.

 

 

< End of report >

[/log]

Länk till kommentar
Dela på andra webbplatser

Jag ser att du har MSN igång. Hur fungerar det när internet är så dåligt?

 

Jag håller på och går igenom loggarna, det tar en stund.

 

Länk till kommentar
Dela på andra webbplatser

Har du några filer eller mappar på Skrivbordet som heter CAVIGZZ1 eller CA0525TA?

 

Starta Anteckningar och så öppna filen C:\ZB20081125123926001.xml. Är det något som du kan koppla ihop med något program?

 

Vet du vad det här är för program?

[2008-11-18 01:06:11 | 00,000,000 | ---D | C] -- C:\Program\Extractor

 

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java/J2SE/JRE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång) vid ett tillfälle då internet fungerar.

 

Jag hittar inga skadliga filer som har tillkommit de senaste 30 dagarna.

 

Länk till kommentar
Dela på andra webbplatser

MSN har jag inte haft igång på senare tiden, då man knappt kan logga in längre.

 

CAVIGZZ1 och CA0525TA har jag haft på skrivbordet jättelänge, de är omöjliga att ta bort, får bara felmeddelandet "Det går inte att ta bort fil. Det går inte att läsa från källfilen eller källdisken."

 

Filen ZB20081125123926001.xml innehåller filnamn på gamla raderade kamerabilder från den 25/11 2008.

 

Extractor installerade jag för några veckor sedan, kommer inte ihåg vad jag använde det till. Men jag avinstallerade det ganska snabbt, mappen är tom.

 

Jag ska försöka att uppdatera Java, men tvivlar på att jag kommer kunna ladda ner det.

 

Länk till kommentar
Dela på andra webbplatser

Okej, såg ut som att det var MSN-filer igång när OTViewIt-loggen skapades.

 

Har du någon länk till Extractor? så det går att kolla att det inte drog in något skadligt i datorn.

 

God natt!

 

[inlägget ändrat 2008-12-05 01:23:02 av Cecilia]

Länk till kommentar
Dela på andra webbplatser

Det ser inte ut att vara en bra webbplats:

http://www.mywot.com/sv/scorecard/volny.cz

Men det verkar inte vara något skadligt i just Extractor-filen.

Ta bort Extractor-mappen om du inte redan har gjort det. Om du har ett registerstädningsprogram som CCleaner så kör det och se om det har lämnat några rester i registret.

 

När det gäller spåret med infekterad dator så kan jag bara komma på en till kontroll. Ladda ner Gmer till Skrivbordet från en av dessa sidor:

http://www.gmer.net/

http://www.majorgeeks.com/GMER_d5198.html

Packa upp filen till Skrivbordet.

 

Stäng av webbläsare och andra vanliga program som du har igång. Starta gmer.exe.

Välj fliken rootkit, kontrollera att allt är förbockat till höger utom Show All. Tryck på Scan.

Tryck på Copy och klistra sedan in resultatet i ditt svar.

 

I Kommandtolken (Start - Program - Tillbehör) skriv:

ipconfig /all

kopiera och klistra in resultatet här.

 

Länk till kommentar
Dela på andra webbplatser

Formatering och ominstallation av Windows är kanske ett alternativ,

som en sista utväg,om inget annat hjälper.(bara ett förslag).

 

Länk till kommentar
Dela på andra webbplatser

Har försökt flera gånger men det är omöjligt att ladda ner något. Men det känns väl mest troligt att det inte är virus som är problemet, eller?

Kan det vara något fel på modemet? Jag har märkt att det har varit väldigt varmt, kan det vara överhettat eller något?

 

Länk till kommentar
Dela på andra webbplatser

Jag har testat laptopen på andra ställen, och det blir ingen skillnad. Så problemet ligger nog inte där.

 

Mjaäe, isf har du nog problem med själva datorn :) Fast du kan ju testa att stänga av routern över natten och se om det blir nån skillnad dagen efter. Min är också känslig för övervärme så den står på en "trådhylla" för att få ordentligt med luft

 

Länk till kommentar
Dela på andra webbplatser

Instämmer 2Many2, låt modem och router vara avstängda någon timme och se om det går bättre sedan.

 

Länk till kommentar
Dela på andra webbplatser

Jo, men om jag förstod det rätt hade datorn testats på andra routers och varit lika seg då, därför jag känner mig tveksam

 

Länk till kommentar
Dela på andra webbplatser

Nu funkar det!

Jag gjorde som ni sa, stängde av routern och modemet, drog ur strömmen och lät de vara avstängda i någon timme. När jag satte igång dem igen fungerade allt.

Då antar jag att det berodde på någon slags överhettning?

 

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...