Just nu i M3-nätverket
Jump to content

Låst skrivbord? Virus/trojan


Sibbem

Recommended Posts

Hej,

efter att en winrar-fil öppnats och en *.scr-fil aktiverats har nu skumma saker hänt.

Har kört visusprogrammet som hittat och tagit bort något.

Men nu kan jag varken höger eller vänsterklicka på ikonerna? Går inte öppna eller ta bort några ikoner. Däremot kan jag via "start" och "den här datorn" komma vidare.

Det enda som inte verkar funka är skrivbordet? Vet inte om det beror på scr filen eller något annat??

 

Har Ni någon idé?

 

Link to comment
Share on other sites

Har kört visusprogrammet som hittat och tagit bort något.
Kan du få fram någon logg som visar vad som har tagits bort? Det ger ju bra ledtrådar.

 

Gärna även en länk till filen du laddat ner.

 

Link to comment
Share on other sites

Hur gör jag det? Filen är borttagen och finns inte längre.

Fick filen via msn. Det verkar som att det funkar så länge msn fönstret är uppe, när man klickat ner det låser sig skrivbordet.

 

MSN verkar ha en viss betydelse i detta.

 

 

Link to comment
Share on other sites

Där fick jag i alla fall lite mer nyttig information, det gäller alltså en MSN-mask.

 

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:55:24, on 2008-12-16

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccProxy.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Norton Internet Security\ISSVC.exe

C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\Synaptics\SynTP\SynTPLpr.exe

C:\Program\Synaptics\SynTP\SynTPEnh.exe

C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\Program\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program\Java\jre1.6.0_07\bin\jusched.exe

C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program\Search Settings\SearchSettings.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\Program\DAEMON Tools Pro\DTProAgent.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

C:\Program\HPQ\shared\hpqwmi.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program\Philips\Media Manager\Philips Media Manager.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\Search Settings\kb126\SearchSettings.dll

O1 - Hosts: 68.142.79.69 www.happysex.ch

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\Search Settings\kb126\SearchSettings.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\Program\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [synTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [searchSettings] C:\Program\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [AutoTBar] AUTOTBAR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Logon] wsnhost.exe

O4 - HKLM\..\Run: [xpsys.exe] C:\WINDOWS\system32\xpsysw.exe

O4 - HKLM\..\RunServices: [Windows Logon] wsnhost.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Media Player.lnk = C:\Program\Adobe Media Player\Adobe Media Player.exe

O4 - Startup: Philips Media Manager.lnk = C:\Program\Philips\Media Manager\Philips Media Manager.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Skicka till &Bluetooth - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O15 - Trusted Zone: *.handelsbanken.se

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229080257765

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program\HPQ\shared\hpqwmi.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program\Norton Internet Security\ISSVC.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 11682 bytes

[/log]

 

Link to comment
Share on other sites

Om du hittar något med SearchSettings i Kontrollpanelen - Lägg till eller ta bort program så ta bort det. Samma sak om där finns något

 

Är det här något du har ställt in själv?

O1 - Hosts: 68.142.79.69 www.happysex.ch

IP-adressen är till USA och inte till något land som har .ch

 

Surfa till http://www.virustotal.com klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn.

C:\WINDOWS\system32\xpsysw.exe

C:\WINDOWS\system32\wsnhost.exe

C:\WINDOWS\wsnhost.exe

 

Link to comment
Share on other sites

Har tagit bort SearchSettings.

 

Har ingen aning om vad happysex är för något, eller vart det kommer från?

 

Hitter endest xpsysw.exe filen fick svaret nedna.

 

0 bytes size received / Se ha recibido un archivo vacio

 

 

 

Link to comment
Share on other sites

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

[log]"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

 

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (770 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

68.142.79.69 www.happysex.ch

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

{BDF3E430-B101-42AD-A544-FADC6B084872} (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"AutoTBar"=AUTOTBAR.EXE File not found

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"Cpqset"=C:\Program\HPQ\Default Settings\cpqset.exe ()

"eabconfg.cpl"=C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )

"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

"hpWirelessAssistant"=C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"Symantec NetDriver Monitor"=C:\Program\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)

"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

"URLLSTCK.exe"=C:\Program\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

"Windows Logon"=wsnhost.exe File not found

"xpsys.exe"=C:\WINDOWS\system32\xpsysw.exe ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

 

========== (O4) RunServices Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Windows Logon"=wsnhost.exe File not found

 

========== (O4) Startup Folders ==========

 

[2004-12-14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2004-06-02 16:48:22 | 00,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\BTTray.lnk = C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

[2008-05-12 14:37:49 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

File not found -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Adobe Media Player.lnk = C:\Program\Adobe Media Player\Adobe Media Player.exe

[2006-07-14 08:48:16 | 00,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk = C:\Program\Philips\Media Manager\Philips Media Manager.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referensinformation -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-4017 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229080257765 -- WUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab -- Java Plug-in 1.5.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

 

========== (O17) DNS Name Servers ==========

 

{3F44E469-DE46-409A-B8EF-DA7402612F54} (Servers: | Description: 1394 Net Adapter)

{A67D86FA-AA51-4278-A1A1-E4B4314019B2} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{C9F6D075-BE73-4880-8A71-22324FCC4D8E} (Servers: | Description: Broadcom 802.11b/g WLAN)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2008-05-09 11:57:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

Autorun.inf [;DA2007 Installer ver.: 2.1 | [autorun] | open=WAC_installer.exe | ]

[2007-06-06 04:17:41 | 00,000,064 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[19 C:\WINDOWS\System32\*.tmp files]

[2008-12-19 09:10:49 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-16 18:52:10 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:08 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-12-16 18:51:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-15 22:57:28 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-14 15:55:11 | 00,026,841 | ---- | C] () -- C:\WINDOWS\System32\xpsysw

[2008-12-14 15:54:22 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\xpsysw.exe

[2008-12-13 10:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Philips Media Manager Sample Media

[2008-12-13 10:06:00 | 00,000,886 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-13 10:05:34 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\i4j_jres

[2008-12-12 18:19:11 | 00,000,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 18:19:11 | 00,000,000 | ---D | C] -- C:\Program\Philips

[2008-12-12 12:33:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:11:38 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2008-12-08 21:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Games

[2008-12-08 21:17:36 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2008-12-08 21:17:36 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2008-12-08 21:17:35 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2008-12-08 21:17:34 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2008-12-08 21:17:33 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2008-12-08 21:17:19 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2008-12-08 21:17:18 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2008-12-08 21:17:18 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2008-12-08 21:17:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2008-12-08 21:17:16 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2008-12-08 21:17:15 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2008-12-08 21:17:14 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll

[2008-12-08 21:17:13 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2008-12-08 21:17:11 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2008-12-08 21:17:11 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

[2008-12-08 21:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\SherlockHolmesTheAwakenedv1.3NoDVDFixedexeEng

[2008-12-08 21:16:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2008-12-08 21:16:03 | 00,000,000 | ---D | C] -- C:\Program\AGEIA Technologies

[2008-12-08 21:15:41 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard

[2008-12-08 21:15:40 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-12-08 21:14:59 | 05,296,128 | R--- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\game.exe

[2008-12-08 21:08:38 | 00,000,000 | ---D | C] -- C:\Program\Focus

[2008-12-04 11:48:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\VA - Absolute Hits 2008

[2008-12-03 18:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Segelsemester 2008

[2008-11-24 14:35:01 | 00,000,957 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:34:09 | 01,122,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll

[2008-11-24 14:34:08 | 01,650,688 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll

[2008-11-24 14:34:08 | 01,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll

[2008-11-24 14:34:08 | 01,552,384 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll

[2008-11-24 14:34:08 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaw7.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaa6.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplapx.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplam6.dll

[2008-11-24 14:34:08 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2008-11-24 14:34:04 | 00,417,792 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl

[2008-11-24 14:34:03 | 00,000,000 | ---D | C] -- C:\Program\ACE Mega CoDecS Pack

[2008-11-24 12:12:55 | 51,622,242 | ---- | C] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:06:00 | 00,136,704 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\iacenc.dll

[2008-11-24 12:06:00 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008-11-24 12:05:57 | 00,000,000 | ---D | C] -- C:\Program\Ligos

[2008-11-24 12:03:49 | 02,068,266 | ---- | C] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:20 | 14,618,605 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:07:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Euro Truck Simulator

[2008-11-23 23:03:43 | 00,240,240 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

[2008-11-23 23:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:466F9D5D

[2008-11-22 16:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Ny mapp

[2008-11-22 16:25:04 | 00,000,000 | ---D | C] -- C:\Program\iPod

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Program\iTunes

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008-11-22 16:21:32 | 00,000,000 | ---D | C] -- C:\Program\QuickTime

 

========== Files - Modified Within 30 Days ==========

 

[19 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008-12-19 09:10:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-19 09:10:05 | 00,026,841 | ---- | M] () -- C:\WINDOWS\System32\xpsysw

[2008-12-19 09:03:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-19 09:03:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-19 09:02:50 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-19 07:16:00 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-16 18:55:20 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:31 | 00,000,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008-12-16 18:51:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-14 15:54:22 | 00,023,040 | ---- | M] () -- C:\WINDOWS\System32\xpsysw.exe

[2008-12-14 15:36:35 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Mina delade mappar.lnk

[2008-12-13 12:58:56 | 00,181,760 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-13 10:09:36 | 00,000,886 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-12 18:19:11 | 00,000,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 12:33:39 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:31:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-12 12:28:02 | 00,933,196 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-12-12 12:28:02 | 00,412,338 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-12-12 12:28:02 | 00,409,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-12-12 12:28:02 | 00,076,836 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-12-12 12:28:02 | 00,064,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-12-11 23:38:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008-12-11 23:38:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-09 23:13:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008-12-09 23:13:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008-12-08 21:15:40 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-11-24 14:35:01 | 00,000,957 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:23:11 | 00,000,831 | ---- | M] () -- C:\WINDOWS\system.ini

[2008-11-24 12:16:29 | 51,622,242 | ---- | M] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:03:50 | 02,068,266 | ---- | M] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:55 | 14,618,605 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:03:43 | 00,240,240 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

< End of report >

 

 

 

OTViewIt Extras logfile created on: 2008-12-19 09:11:48 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1022,48 Mb Total Physical Memory | 471,81 Mb Available Physical Memory | 46,14% Memory free

2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 93,15 Gb Total Space | 35,31 Gb Free Space | 37,91% Space Free | Partition Type: NTFS

Drive D: | 426,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 968,96 Mb Total Space | 968,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOP-21455814C3

Current User Name: Sibbe

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-11-30 11:32:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2007-06-05 14:12:14 | 04,681,785 | ---- | M] (Philips) -- C:\Program\Philips\WADM\WADM.exe:*:Enabled:WADM Application

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2004-06-02 16:16:20 | 00,110,592 | ---- | M] (WIDCOMM, Inc.) C:\WINDOWS\system32\BTXPPanel.dll (widimg:{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} (HKLM) [WidImg Class])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

""Fugawi40"_is1"=Fugawi 4

"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{12E2B9E9-05B1-407d-B0FD-B5F350535125}"=Norton Internet Security

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}"=MarketResearch

"{15C70064-2463-49dd-9A88-B700F75BB428}"=dj_sf_ProductContext

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet

"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}"=D2400

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager

"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}"=HP Image Zone Plus 4.8.5

"{33565C22-2E44-4B36-9147-23912E838F81}"=Wireless Audio Device Manager

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant

"{3B29A786-5803-4e9e-9B58-3014A5B4E519}"=Norton AntiSpam

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 1.01 A2

"{449F3A9E-9903-4a0d-A209-08030D45A935}"=Norton Internet Security

"{48185814-A224-447a-81DA-71BD20580E1B}"=Norton Internet Security

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}"=HPSSupply

"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}"=Norton Internet Security

"{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport

"{5677563D-0CB1-485f-9E18-C5025306BB3F}"=Norton AntiSpam

"{612DC38A-B36A-4699-88EB-12C7394DE2FC}"=TIxx21

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}"=HP Update

"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}"=AGEIA PhysX v6.10.25

"{75C22B40-6D12-4439-80DC-CAB3313EADA5}"=dj_sf_software_req

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC

"{87885939-F824-42bf-B790-231B1E8EF2BB}"=dj_sf_software

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8DE292EC-FA26-4526-BFEB-3EE820E97005}"=OpenOffice.org Installer 1.0

"{90120000-0020-041D-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}"=Bluetooth by hp

"{9112041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD

"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel

"{93F54611-2701-454e-94AB-623F458D9E6B}"=DeviceDiscovery

"{94FB906A-CF42-4128-A509-D353026A607E}"=REALTEK Gigabit and Fast Ethernet NIC Driver

"{9521B818-19CE-4d28-8200-DD26133E19E6}"=D2400_Help

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}"=The Awakened

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support

"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module

"{AC76BA86-7AD7-1053-7B44-A70000000000}"=Adobe Reader 7.0 - Svenska

"{AEA07F97-9088-497c-8821-0F36BD5DC251}"=HPProductAssistant

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist

"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005

"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari

"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 A2

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}"=Symantec Script Blocking Installer

"{D8F6834B-D5E7-4451-8681-B051ABD8561D}"=ccCommon

"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}"=CC_ccProxyExt

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security

"{E85FA9A1-C241-4698-893B-DD99509B8DB0}"=Norton WMI Update

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support

"{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}"=Microsoft Works

"{F5936267-D467-4e7b-8940-A7D9F0398EF3}"=HP Deskjet Printer Driver Software 9.0

"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update

"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime

"{FC08587A-4F01-4188-819F-F55880022917}"=ccPxyCore

"{FC2C0536-583C-46c0-844A-62CECAE01F22}"=Norton Internet Security

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}"=Status

"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1"=ACE Mega CoDecS Pack

"Adobe AIR"=Adobe AIR

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"All ATI Software"=ATI - Hjälp för avinstallation av program

"ATI Display Driver"=ATI Display Driver

"AviSynth"=AviSynth 2.5

"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter

"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C"=Conexant Data Fax Modem with SmartCP

"Conexant PCI Audio"=Conexant AC-97 Audio

"coverXP"=coverXP (remove only)

"DVD Shrink_is1"=DVD Shrink 3.2

"HijackThis"=HijackThis 2.0.2

"HP Imaging Device Functions"=HP Imaging Device Functions 9.0

"HP Solution Center & Imaging Support Tools"=HP Solution Center 9.0

"HPExtendedCapabilities"=HP Customer Participation Program 9.0

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"Indeo® Software"=Indeo® Software

"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}"=Texas Instruments PCIxx21/x515 drivers.

"LiveReg"=LiveReg (Symantec Corporation)

"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)

"Media Player - Codec Pack"=Media Player Codec Pack 3.1.0

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Personal"=Personal 4.8.1

"Philips Media Manager 3.3.12.0004"=Philips Media Manager 3.3.12.0004

"RealPlayer 6.0"=RealPlayer

"ShbGuide"=Handelsbanken Installationsguide

"SopCast"=SopCast 3.0.3

"SuperMegaSpoof_is1"=SuperMegaSpoof 2.0

"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security 2005 (Symantec Corporation)

"SynTPDeinstKey"=Synaptics Pointing Device Driver

"Videora iPod Converter"=Videora iPod Converter 3.08

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"winpwn"=winpwn 2.0.0.4

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VLC media player 0.9.2

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-11-24 09:20:41 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x043db860.

 

Error - 2008-11-24 09:22:10 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.5512, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-30 06:55:34 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program DashBoard.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-02 13:08:07 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program applemobiledevicehelper.exe, version 8.0.445.16,

felaktig modul ntdll.dll, version 5.1.2600.5512, felaktig adress 0x00011d8f.

 

Error - 2008-12-09 14:39:56 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

 

Error - 2008-12-09 14:40:04 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

 

Error - 2008-12-09 14:40:21 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

 

Error - 2008-12-11 14:51:20 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program wmplayer.exe, version 11.0.5721.5145, felaktig modul

avisplitter.ax, version 1.0.0.3, felaktig adress 0x0000a91c.

 

Error - 2008-12-12 07:08:01 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

mplvw7.dll, version 1.0.0.3, felaktig adress 0x0001c33a.

 

Error - 2008-12-15 19:18:00 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.5512, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-19 03:02:55 | Computer Name = STOP-21455814C3 | Source = DCOM | ID = 10010

Description = Servern {F3A614DC-ABE0-11D2-A441-00C04F795683} registrerades inte

med DCOM inom erforderlig timeout.

 

 

< End of report >

 

 

[/log]

 

Link to comment
Share on other sites

Du har missat början av första loggen så klistra in den bit som finns innan rubriken ========== (O1) Hosts File ==========

 

Link to comment
Share on other sites

[log]OTViewIt logfile created on: 2008-12-19 09:11:48 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1022,48 Mb Total Physical Memory | 471,81 Mb Available Physical Memory | 46,14% Memory free

2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 93,15 Gb Total Space | 35,31 Gb Free Space | 37,91% Space Free | Partition Type: NTFS

Drive D: | 426,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 968,96 Mb Total Space | 968,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOP-21455814C3

Current User Name: Sibbe

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2005-03-08 22:34:28 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2006-08-01 09:39:44 | 00,239,264 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE

[2008-02-12 17:53:26 | 00,177,488 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSETMGR.EXE

[2005-05-06 03:27:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\ISSVC.exe

[2007-03-28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

[2005-03-30 22:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

[2005-03-08 22:34:28 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2008-02-12 17:53:02 | 00,185,680 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCEVTMGR.EXE

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

[2008-11-17 18:30:02 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe

[2006-08-03 17:08:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2004-06-03 12:14:16 | 00,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe

[2008-05-12 08:49:47 | 00,826,512 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe

[2008-04-14 17:05:24 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

[2008-02-12 17:52:46 | 00,049,488 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCAPP.EXE

[2005-02-02 13:12:22 | 00,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPLpr.exe

[2005-02-02 13:11:12 | 00,692,316 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPEnh.exe

[2005-03-08 20:05:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe

[2007-03-11 20:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\Hp\HP Software Update\hpwuSchd2.exe

[2004-12-03 12:24:20 | 00,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program\HPQ\Quick Launch Buttons\eabservr.exe

[2008-06-10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_07\bin\jusched.exe

[2005-04-01 14:11:14 | 00,794,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[2008-07-01 13:42:36 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program\Delade filer\Real\Update_OB\realsched.exe

[2008-11-04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program\QuickTime\QTTask.exe

[2008-11-20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunesHelper.exe

[2008-04-14 17:05:24 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe

[2008-01-15 15:17:09 | 00,277,960 | ---- | M] (DT Soft Ltd.) -- C:\Program\DAEMON Tools Pro\DTProAgent.exe

[2006-11-15 09:49:42 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnscfg.exe

[2004-06-02 16:48:22 | 00,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

[2008-05-12 14:37:49 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Program\Personal\bin\Personal.exe

[2005-03-04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\HPQ\shared\hpqwmi.exe

[2004-06-02 16:46:52 | 01,249,364 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\BTStackServer.exe

[2006-07-14 08:48:16 | 00,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Program\Philips\Media Manager\Philips Media Manager.exe

[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe

[2007-01-15 11:24:14 | 00,128,112 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe

[2008-06-10 03:27:03 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_07\bin\jucheck.exe

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe

[2008-12-19 09:10:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-11-07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])

[2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2005-03-08 22:34:28 | 00,352,256 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2006-08-03 17:08:02 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisk LiveUpdate-schemaläggare [Auto | Running])

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2004-06-03 12:14:16 | 00,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe -- (btwdins [Auto | Running])

[2008-02-12 17:53:02 | 00,185,680 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCEVTMGR.EXE -- (ccEvtMgr [Auto | Running])

[2006-08-01 09:39:44 | 00,239,264 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPROXY.EXE -- (ccProxy [Auto | Running])

[2008-02-12 17:53:20 | 00,083,280 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPWDSVC.EXE -- (ccPwdSvc [On_Demand | Stopped])

[2008-02-12 17:53:26 | 00,177,488 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCSETMGR.EXE -- (ccSetMgr [Auto | Running])

[2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2005-03-04 11:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Running])

[2008-11-20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2005-05-06 03:27:24 | 00,083,584 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\ISSVC.exe -- (ISSVC [Auto | Running])

[2006-08-03 17:08:02 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])

[2007-01-15 11:24:14 | 00,128,112 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe -- (navapsvc [On_Demand | Running])

[2003-07-28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2005-10-10 22:28:24 | 00,198,368 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -- (SAVScan [On_Demand | Stopped])

[2005-11-09 15:28:08 | 00,067,184 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\Script Blocking\SBSERV.EXE -- (SBService [Auto | Stopped])

[2007-03-28 17:41:56 | 00,206,552 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])

[2005-03-30 22:48:22 | 00,992,864 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])

[2008-05-12 08:49:47 | 00,826,512 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 09:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

 

========== Driver Services ==========

 

[2005-03-08 22:36:52 | 00,988,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2008-12-08 21:15:40 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])

[2005-03-10 10:41:52 | 00,371,712 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])

[2004-06-02 16:07:28 | 01,240,938 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [boot | Running])

[2004-06-02 15:50:16 | 00,053,816 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])

[2004-11-17 11:17:14 | 00,293,120 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD [On_Demand | Running])

[2004-11-17 11:17:58 | 00,280,192 | R--- | M] (Conexant Systems Inc.) -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA [On_Demand | Running])

[2004-04-14 06:36:50 | 00,007,432 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr [system | Running])

[2003-06-06 10:46:16 | 00,005,220 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb [On_Demand | Stopped])

[2008-09-03 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008-04-17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2004-12-15 16:18:34 | 00,207,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])

[2004-12-15 16:18:26 | 01,038,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP [On_Demand | Running])

[2008-04-14 16:41:34 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Running])

[2008-12-08 21:15:39 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])

[2004-03-17 12:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])

[2008-11-12 10:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081217.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008-11-12 10:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20081217.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2008-11-23 23:03:43 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2005-04-25 01:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2005-03-04 12:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2004-08-03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])

[2005-10-10 22:28:18 | 00,334,984 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT [On_Demand | Running])

[2005-10-10 22:28:22 | 00,053,896 | ---- | M] (Symantec Corporation) -- C:\Program\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL [system | Running])

[2008-04-13 19:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])

[2008-04-13 17:39:17 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005-03-30 22:48:20 | 00,372,832 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008-08-04 15:05:31 | 00,716,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2007-03-28 17:41:12 | 00,011,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2006-09-15 21:52:12 | 00,124,016 | ---- | M] (Symantec Corporation) -- C:\Program\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2007-03-28 17:41:14 | 00,171,928 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2007-03-28 17:41:20 | 00,037,016 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008-09-12 08:33:21 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Program\Delade filer\Symantec Shared\SymcData\idsdefs\20081213.001\SymIDSCo.sys -- (SYMIDSCO [On_Demand | Running])

[2008-05-12 08:49:47 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])

[2007-03-28 17:41:18 | 00,047,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2007-03-28 17:41:24 | 00,018,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2007-03-28 17:41:26 | 00,266,552 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2005-02-02 12:58:58 | 00,191,456 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])

[2005-03-16 13:43:06 | 00,159,488 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])

[2008-10-01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])

[2004-12-15 16:18:28 | 00,703,232 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

[2008-04-13 19:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [system | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.daemon-search.com/startpage

 

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (770 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

68.142.79.69 www.happysex.ch

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

{BDF3E430-B101-42AD-A544-FADC6B084872} (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" (HKLM) -- C:\Program\Delade filer\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- C:\Program\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AppleSyncNotifier"=C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

"ATIPTA"=C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"AutoTBar"=AUTOTBAR.EXE File not found

"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"Cpqset"=C:\Program\HPQ\Default Settings\cpqset.exe ()

"eabconfg.cpl"=C:\Program\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )

"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

"hpWirelessAssistant"=C:\Program\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" (Apple Inc.)

"QuickTime Task"="C:\Program\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

"Symantec NetDriver Monitor"=C:\Program\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)

"SynTPEnh"=C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

"SynTPLpr"=C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

"URLLSTCK.exe"=C:\Program\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

"Windows Logon"=wsnhost.exe File not found

"xpsys.exe"=C:\WINDOWS\system32\xpsysw.exe ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" -autorun (DT Soft Ltd.)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"WMPNSCFG"=C:\Program\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

 

========== (O4) RunServices Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Windows Logon"=wsnhost.exe File not found

 

========== (O4) Startup Folders ==========

 

[2004-12-14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[2004-06-02 16:48:22 | 00,565,309 | ---- | M] (WIDCOMM, Inc.) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\BTTray.lnk = C:\Program\WIDCOMM\Bluetooth-programvara\BTTray.exe

[2008-05-12 14:37:49 | 00,894,504 | ---- | M] (Technology Nexus AB) -- C:\Documents and Settings\All Users.WINDOWS\Start-meny\Program\Autostart\Personal.lnk = C:\Program\Personal\bin\Personal.exe

File not found -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Adobe Media Player.lnk = C:\Program\Adobe Media Player\Adobe Media Player.exe

[2006-07-14 08:48:16 | 00,136,704 | ---- | M] (Royal Philips Electronics Inc) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk = C:\Program\Philips\Media Manager\Philips Media Manager.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 15:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

Skicka till &Bluetooth: C:\Program\WIDCOMM\Bluetooth-programvara\btsendto_ie_ctx.htm [2003-05-29 12:53:12 | 00,001,320 | ---- | M] ()

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java-konsol -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referensinformation -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-4017 -- %ProgramFiles%\WIDCOMM\Bluetooth-programvara\btsendto_ie.htm [2003-05-29 12:53:08 | 00,002,681 | ---- | M] ()

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Java-konsol] -> [2008-06-10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)

CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

handelsbanken.se: * in Tillförlitliga platser

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab -- MSN Photo Upload Tool

{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229080257765 -- WUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab -- Java Plug-in 1.5.0_02

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07

{D821DC4A-0814-435E-9820-661C543A4679}: http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx -- CRLDownloadWrapper Class

 

========== (O17) DNS Name Servers ==========

 

{3F44E469-DE46-409A-B8EF-DA7402612F54} (Servers: | Description: 1394 Net Adapter)

{A67D86FA-AA51-4278-A1A1-E4B4314019B2} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{C9F6D075-BE73-4880-8A71-22324FCC4D8E} (Servers: | Description: Broadcom 802.11b/g WLAN)

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2008-05-09 11:57:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

Autorun.inf [;DA2007 Installer ver.: 2.1 | [autorun] | open=WAC_installer.exe | ]

[2007-06-06 04:17:41 | 00,000,064 | R--- | M] () -- D:\Autorun.inf -- [ CDFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[19 C:\WINDOWS\System32\*.tmp files]

[2008-12-19 09:10:49 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-16 18:52:10 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:08 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2008-12-16 18:51:34 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-15 22:57:28 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys

[2008-12-14 15:55:11 | 00,026,841 | ---- | C] () -- C:\WINDOWS\System32\xpsysw

[2008-12-14 15:54:22 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\xpsysw.exe

[2008-12-13 10:06:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Philips Media Manager Sample Media

[2008-12-13 10:06:00 | 00,000,886 | ---- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-13 10:05:34 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\i4j_jres

[2008-12-12 18:19:11 | 00,000,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 18:19:11 | 00,000,000 | ---D | C] -- C:\Program\Philips

[2008-12-12 12:33:39 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:11:38 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui

[2008-12-08 21:20:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Games

[2008-12-08 21:17:36 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll

[2008-12-08 21:17:36 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll

[2008-12-08 21:17:35 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll

[2008-12-08 21:17:34 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll

[2008-12-08 21:17:33 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll

[2008-12-08 21:17:19 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll

[2008-12-08 21:17:18 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll

[2008-12-08 21:17:18 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll

[2008-12-08 21:17:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll

[2008-12-08 21:17:16 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll

[2008-12-08 21:17:15 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll

[2008-12-08 21:17:14 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll

[2008-12-08 21:17:13 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll

[2008-12-08 21:17:11 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll

[2008-12-08 21:17:11 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll

[2008-12-08 21:16:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\SherlockHolmesTheAwakenedv1.3NoDVDFixedexeEng

[2008-12-08 21:16:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA

[2008-12-08 21:16:03 | 00,000,000 | ---D | C] -- C:\Program\AGEIA Technologies

[2008-12-08 21:15:41 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard

[2008-12-08 21:15:40 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-12-08 21:14:59 | 05,296,128 | R--- | C] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\game.exe

[2008-12-08 21:08:38 | 00,000,000 | ---D | C] -- C:\Program\Focus

[2008-12-04 11:48:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\VA - Absolute Hits 2008

[2008-12-03 18:02:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Segelsemester 2008

[2008-11-24 14:35:01 | 00,000,957 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:34:09 | 01,122,304 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvpx.dll

[2008-11-24 14:34:08 | 01,650,688 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplva6.dll

[2008-11-24 14:34:08 | 01,581,056 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvw7.dll

[2008-11-24 14:34:08 | 01,552,384 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplvm6.dll

[2008-11-24 14:34:08 | 00,152,064 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaw7.dll

[2008-11-24 14:34:08 | 00,077,824 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplaa6.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplapx.dll

[2008-11-24 14:34:08 | 00,065,536 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\mplam6.dll

[2008-11-24 14:34:08 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2008-11-24 14:34:04 | 00,417,792 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.cpl

[2008-11-24 14:34:03 | 00,000,000 | ---D | C] -- C:\Program\ACE Mega CoDecS Pack

[2008-11-24 12:12:55 | 51,622,242 | ---- | C] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:06:00 | 00,136,704 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\iacenc.dll

[2008-11-24 12:06:00 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2008-11-24 12:05:57 | 00,000,000 | ---D | C] -- C:\Program\Ligos

[2008-11-24 12:03:49 | 02,068,266 | ---- | C] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:20 | 14,618,605 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:07:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Euro Truck Simulator

[2008-11-23 23:03:43 | 00,240,240 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | C] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

[2008-11-23 23:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:466F9D5D

[2008-11-22 16:34:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\Ny mapp

[2008-11-22 16:25:04 | 00,000,000 | ---D | C] -- C:\Program\iPod

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Program\iTunes

[2008-11-22 16:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2008-11-22 16:21:32 | 00,000,000 | ---D | C] -- C:\Program\QuickTime

 

========== Files - Modified Within 30 Days ==========

 

[19 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008-12-19 09:10:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\OTViewIt.exe

[2008-12-19 09:10:05 | 00,026,841 | ---- | M] () -- C:\WINDOWS\System32\xpsysw

[2008-12-19 09:03:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-19 09:03:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-19 09:02:50 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys

[2008-12-19 07:16:00 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-16 18:55:20 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HijackThis.lnk

[2008-12-16 18:52:31 | 00,000,770 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2008-12-16 18:51:34 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\HJTInstall.exe

[2008-12-14 15:54:22 | 00,023,040 | ---- | M] () -- C:\WINDOWS\System32\xpsysw.exe

[2008-12-14 15:36:35 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\Mina delade mappar.lnk

[2008-12-13 12:58:56 | 00,181,760 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-13 10:09:36 | 00,000,886 | ---- | M] () -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Start-meny\Program\Autostart\Philips Media Manager.lnk

[2008-12-13 10:06:00 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Philips Media Manager.lnk

[2008-12-12 18:19:11 | 00,000,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\WADM.lnk

[2008-12-12 12:33:39 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

[2008-12-12 12:31:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-12 12:28:02 | 00,933,196 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-12-12 12:28:02 | 00,412,338 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-12-12 12:28:02 | 00,409,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-12-12 12:28:02 | 00,076,836 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-12-12 12:28:02 | 00,064,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-12-11 23:38:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2008-12-11 23:38:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-09 23:13:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2008-12-09 23:13:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2008-12-08 21:15:40 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys

[2008-12-08 21:15:39 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys

[2008-12-08 21:15:32 | 00,001,728 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Play The Awakened game.lnk

[2008-11-24 14:35:01 | 00,000,957 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Skrivbord\Media Player Classic.lnk

[2008-11-24 14:23:11 | 00,000,831 | ---- | M] () -- C:\WINDOWS\system.ini

[2008-11-24 12:16:29 | 51,622,242 | ---- | M] (ACE DESIGN Software ) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\acemcp603pro.exe

[2008-11-24 12:03:50 | 02,068,266 | ---- | M] (Ligos Technology) -- C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\iv5setup.exe

[2008-11-24 11:42:55 | 14,618,605 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\vlc-0.9.6-win32.exe

[2008-11-23 23:03:43 | 00,240,240 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\wpcap.dll

[2008-11-23 23:03:43 | 00,088,704 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\packet.dll

[2008-11-23 23:03:43 | 00,042,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\System32\drivers\npf.sys

< End of report >

[/log]

 

Link to comment
Share on other sites

[log]OTViewIt Extras logfile created on: 2008-12-19 09:11:48 - Run

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

1022,48 Mb Total Physical Memory | 471,81 Mb Available Physical Memory | 46,14% Memory free

2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,65% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 93,15 Gb Total Space | 35,31 Gb Free Space | 37,91% Space Free | Partition Type: NTFS

Drive D: | 426,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive E: | 968,96 Mb Total Space | 968,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOP-21455814C3

Current User Name: Sibbe

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=1

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-14 17:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[2008-11-30 11:32:45 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-08-29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-11-20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program\iTunes\iTunes.exe:*:Enabled:iTunes

[2007-06-05 14:12:14 | 04,681,785 | ---- | M] (Philips) -- C:\Program\Philips\WADM\WADM.exe:*:Enabled:WADM Application

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-05-10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2004-06-02 16:16:20 | 00,110,592 | ---- | M] (WIDCOMM, Inc.) C:\WINDOWS\system32\BTXPPanel.dll (widimg:{EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} (HKLM) [WidImg Class])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2007-04-19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

""Fugawi40"_is1"=Fugawi 4

"{075473F5-846A-448B-BCB3-104AA1760205}"=Sonic Data Module

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel

"{12E2B9E9-05B1-407d-B0FD-B5F350535125}"=Norton Internet Security

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}"=MarketResearch

"{15C70064-2463-49dd-9A88-B700F75BB428}"=dj_sf_ProductContext

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD Plus

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}"=SymNet

"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}"=D2400

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager

"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes

"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}"=HP Image Zone Plus 4.8.5

"{33565C22-2E44-4B36-9147-23912E838F81}"=Wireless Audio Device Manager

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant

"{3B29A786-5803-4e9e-9B58-3014A5B4E519}"=Norton AntiSpam

"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}"=HP Wireless Assistant 1.01 A2

"{449F3A9E-9903-4a0d-A209-08030D45A935}"=Norton Internet Security

"{48185814-A224-447a-81DA-71BD20580E1B}"=Norton Internet Security

"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}"=HPSSupply

"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}"=Norton Internet Security

"{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport

"{5677563D-0CB1-485f-9E18-C5025306BB3F}"=Norton AntiSpam

"{612DC38A-B36A-4699-88EB-12C7394DE2FC}"=TIxx21

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}"=HP Update

"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}"=AGEIA PhysX v6.10.25

"{75C22B40-6D12-4439-80DC-CAB3313EADA5}"=dj_sf_software_req

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC

"{87885939-F824-42bf-B790-231B1E8EF2BB}"=dj_sf_software

"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour

"{8DE292EC-FA26-4526-BFEB-3EE820E97005}"=OpenOffice.org Installer 1.0

"{90120000-0020-041D-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system

"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}"=Bluetooth by hp

"{9112041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD

"{924EB80F-C2BB-4B9F-8412-88BBA937393F}"=MobileMe Control Panel

"{93F54611-2701-454e-94AB-623F458D9E6B}"=DeviceDiscovery

"{94FB906A-CF42-4128-A509-D353026A607E}"=REALTEK Gigabit and Fast Ethernet NIC Driver

"{9521B818-19CE-4d28-8200-DD26133E19E6}"=D2400_Help

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}"=Microsoft .NET Framework 1.1 Swedish Language Pack

"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}"=The Awakened

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}"=HP Help and Support

"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=Sonic Audio Module

"{AC76BA86-7AD7-1053-7B44-A70000000000}"=Adobe Reader 7.0 - Svenska

"{AEA07F97-9088-497c-8821-0F36BD5DC251}"=HPProductAssistant

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=Sonic Copy Module

"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}"=MSRedist

"{C6F5B6CF-609C-428E-876F-CA83176C021B}"=Norton AntiVirus 2005

"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari

"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}"=Symantec Network Drivers Update

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CEB326EC-8F40-47B2-BA22-BB092565D66F}"=Quick Launch Buttons 5.10 A2

"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}"=Symantec Script Blocking Installer

"{D8F6834B-D5E7-4451-8681-B051ABD8561D}"=ccCommon

"{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}"=CC_ccProxyExt

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}"=Norton Internet Security

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}"=Norton Internet Security

"{E85FA9A1-C241-4698-893B-DD99509B8DB0}"=Norton WMI Update

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support

"{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}"=Microsoft Works

"{F5936267-D467-4e7b-8940-A7D9F0398EF3}"=HP Deskjet Printer Driver Software 9.0

"{F64306A5-4C32-41bb-B153-53986527FAB4}"=Norton WMI Update

"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime

"{FC08587A-4F01-4188-819F-F55880022917}"=ccPxyCore

"{FC2C0536-583C-46c0-844A-62CECAE01F22}"=Norton Internet Security

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}"=Status

"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1"=ACE Mega CoDecS Pack

"Adobe AIR"=Adobe AIR

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"All ATI Software"=ATI - Hjälp för avinstallation av program

"ATI Display Driver"=ATI Display Driver

"AviSynth"=AviSynth 2.5

"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter

"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C"=Conexant Data Fax Modem with SmartCP

"Conexant PCI Audio"=Conexant AC-97 Audio

"coverXP"=coverXP (remove only)

"DVD Shrink_is1"=DVD Shrink 3.2

"HijackThis"=HijackThis 2.0.2

"HP Imaging Device Functions"=HP Imaging Device Functions 9.0

"HP Solution Center & Imaging Support Tools"=HP Solution Center 9.0

"HPExtendedCapabilities"=HP Customer Participation Program 9.0

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"Indeo® Software"=Indeo® Software

"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}"=Texas Instruments PCIxx21/x515 drivers.

"LiveReg"=LiveReg (Symantec Corporation)

"LiveUpdate"=LiveUpdate 3.0 (Symantec Corporation)

"Media Player - Codec Pack"=Media Player Codec Pack 3.1.0

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"Mozilla Firefox (3.0.4)"=Mozilla Firefox (3.0.4)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"Personal"=Personal 4.8.1

"Philips Media Manager 3.3.12.0004"=Philips Media Manager 3.3.12.0004

"RealPlayer 6.0"=RealPlayer

"ShbGuide"=Handelsbanken Installationsguide

"SopCast"=SopCast 3.0.3

"SuperMegaSpoof_is1"=SuperMegaSpoof 2.0

"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}"=Norton Internet Security 2005 (Symantec Corporation)

"SynTPDeinstKey"=Synaptics Pointing Device Driver

"Videora iPod Converter"=Videora iPod Converter 3.08

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"winpwn"=winpwn 2.0.0.4

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VLC media player 0.9.2

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1060284298-1383384898-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-11-24 09:20:41 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x043db860.

 

Error - 2008-11-24 09:22:10 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.5512, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-11-30 06:55:34 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program DashBoard.exe, version 1.0.0.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-02 13:08:07 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program applemobiledevicehelper.exe, version 8.0.445.16,

felaktig modul ntdll.dll, version 5.1.2600.5512, felaktig adress 0x00011d8f.

 

Error - 2008-12-09 14:39:56 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

 

Error - 2008-12-09 14:40:04 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

 

Error - 2008-12-09 14:40:21 | Computer Name = STOP-21455814C3 | Source = MsiInstaller | ID = 11706

Description = Product: VirtualFem -- Error 1706. No valid source could be found

for product VirtualFem. The Windows installer cannot continue.

 

Error - 2008-12-11 14:51:20 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program wmplayer.exe, version 11.0.5721.5145, felaktig modul

avisplitter.ax, version 1.0.0.3, felaktig adress 0x0000a91c.

 

Error - 2008-12-12 07:08:01 | Computer Name = STOP-21455814C3 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

mplvw7.dll, version 1.0.0.3, felaktig adress 0x0001c33a.

 

Error - 2008-12-15 19:18:00 | Computer Name = STOP-21455814C3 | Source = Application Hang | ID = 1002

Description = Stoppat program explorer.exe, version 6.0.2900.5512, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-16 19:27:49 | Computer Name = STOP-21455814C3 | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2008-12-19 03:02:55 | Computer Name = STOP-21455814C3 | Source = DCOM | ID = 10010

Description = Servern {F3A614DC-ABE0-11D2-A441-00C04F795683} registrerades inte

med DCOM inom erforderlig timeout.

 

 

< End of report >

[/log]

 

Link to comment
Share on other sites

Är verkligen Norton igång som det ska? Det ser ut att vara en massa stoppade Norton-program.

 

Vet du om din Windows har uppdaterats i december? Det kom ut nya uppdateringar den 9e, men jag kan inte se dem i loggen.

 

Vad finns i mappen C:\Program\Delade filer\i4j_jres ?

 

Det ser ut som att det finns skadliga filer i datorn. Kan du högerklicka på dessa två filer och välja Kopiera, och sedan klistra in dem på Skrivbordet?

C:\WINDOWS\System32\xpsysw

C:\WINDOWS\System32\xpsysw.exe

 

Skanna sedan de två kopiorna på Skrivbordet på virustotal-sidan. Skanna även C:\Documents and Settings\Sibbe.STOP-21455814C3\Mina dokument\game.exe

 

 

Link to comment
Share on other sites

Det står att Norton är aktivt.

Automatiska uppdateringar går inte aktivera.

Datorn hänger sig stup i ett..

 

Vet inte vad som finns i mappen du nämnde, kanske java??

 

 

 

Link to comment
Share on other sites

Följade blev resultatet av game.exe

[log]Fil game.exe mottagen 2008.12.19 12:08:11 (CET)

Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

 

 

Resultat: 2/38 (5.27%)

Laddar server information...

Din fil är köad i position: 1.

Uppskattat starttid är mellan 38 och 55 sekunder.

Stäng inte ner detta fönster förens sökningen är genomförd.

Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

Din fil blir genomsökt av VirusTotal för tillfället,

resultat kommer att visas när de är klara.

Compact Skriv ut resultat

Din fil har upphört eller existerar inte.

Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka "begär" så kommer systemet att skicka dig ett email när sökningen är genomförd.

Email:

 

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.12.19.3 2008.12.19 -

AntiVir 7.9.0.45 2008.12.19 -

Authentium 5.1.0.4 2008.12.18 -

Avast 4.8.1281.0 2008.12.18 -

AVG 8.0.0.199 2008.12.18 -

BitDefender 7.2 2008.12.19 -

CAT-QuickHeal 10.00 2008.12.19 -

ClamAV 0.94.1 2008.12.19 -

Comodo 780 2008.12.19 -

DrWeb 4.44.0.09170 2008.12.19 -

eSafe 7.0.17.0 2008.12.18 -

eTrust-Vet 31.6.6268 2008.12.18 -

Ewido 4.0 2008.12.18 -

F-Prot 4.4.4.56 2008.12.18 -

F-Secure 8.0.14332.0 2008.12.19 -

Fortinet 3.117.0.0 2008.12.19 -

GData 19 2008.12.19 -

Ikarus T3.1.1.45.0 2008.12.19 -

K7AntiVirus 7.10.557 2008.12.18 -

Kaspersky 7.0.0.125 2008.12.19 -

McAfee 5468 2008.12.18 -

McAfee+Artemis 5468 2008.12.18 -

Microsoft 1.4205 2008.12.19 -

NOD32 3705 2008.12.19 -

Norman 5.80.02 2008.12.18 -

Panda 9.0.0.4 2008.12.19 Suspicious file

PCTools 4.4.2.0 2008.12.18 -

Prevx1 V2 2008.12.19 -

Rising 21.08.42.00 2008.12.19 -

SecureWeb-Gateway 6.7.6 2008.12.19 Virus.Win32.FileInfector.gen!82 (suspicious)

Sophos 4.37.0 2008.12.19 -

Sunbelt 3.2.1801.2 2008.12.11 -

Symantec 10 2008.12.19 -

TheHacker 6.3.1.4.191 2008.12.17 -

TrendMicro 8.700.0.1004 2008.12.19 -

VBA32 3.12.8.10 2008.12.18 -

ViRobot 2008.12.19.1527 2008.12.19 -

VirusBuster 4.5.11.0 2008.12.18 -

Övrig information

File size: 5296128 bytes

MD5...: 95f1853fcaef861c73a2f49f30febf25

SHA1..: 770cf761a4e6529faa159fb991651924649ae80a

SHA256: ce211e484f764b989bb6b729058ec6f64e78ebe42429e7fde8b333e86dda21f6

SHA512: 4db06116df70bc3496877441ea3df0bc923f49fe471feeba61142a1f30a57d1c

b101892dbc2c0bc26af0cdf35f9eb625f292ce598efe53f67c27ca0f41cb66c0

 

ssdeep: 98304:pgjfFaI0caYT+FbXLiocIUZCqipuqgsDSxQnSeCI6XoU0pfcibmB:pmQdc

f+lU8hpu7kSVe/GoUgfxm

 

PEiD..: -

TrID..: File type identification

Win32 Executable Generic (38.3%)

Win32 Dynamic Link Library (generic) (34.1%)

Win16/32 Executable Delphi generic (9.3%)

Generic Win/DOS Executable (9.0%)

DOS Executable Generic (9.0%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x77cc40

timedatestamp.....: 0x454bd8dd (Sat Nov 04 00:03:41 2006)

machinetype.......: 0x14c (I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x214000 0x214000 8.00 06dd93c379ed7a4e7fd03b570366d6e9

.data 0x215000 0x27e000 0x27e000 7.99 a288b2968c42787636edeb0e144bf74d

.rdata 0x493000 0x63e 0x1000 2.13 3b4e8d03df946f2c75c3ee4f2b12be0e

.rsrc 0x494000 0x78f48 0x79000 5.87 61313691359f018c443175e0b6d1c00f

 

( 1 imports )

> KERNEL32.dll: VirtualAlloc, GetUserDefaultLangID, CloseHandle, DeviceIoControl, GetDriveTypeA, SetErrorMode, GetModuleHandleA, FreeLibrary, CreateSemaphoreA, OpenSemaphoreA, HeapAlloc, GetProcessHeap, ExitProcess

 

( 0 exports )

 

[/log]

 

Link to comment
Share on other sites

Vet du vad det är för game.exe som du har liggande i din dokument-mapp och som är skapad 2008-12-08 21:14:59 ?

 

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn) och se om du nu kan kopiera C:\WINDOWS\System32\xpsysw.exe till Skrivbordet. Starta om datorn i normalt läge och se om det går att skanna filen på virustotal.

 

xpsysw-filerna skapades 2008-12-14 15:54. Vet du om det var då du höll på winrar-filen?

 

[log]Ladda ner MSNFix till Skrivbordet.

http://sosvirus.changelog.fr/MSNFix.zip

Starta om datorn i felsäkert läge (tryck F8 upprepade gånger under uppstarten och välj felsäkert läge i menyn).

Packa upp filen så att en ny mapp skapas.

Öppna den nya mappen och starta MSNFix.bat genom att dubbelklicka på den.

Välj språk genom att trycka på motsvarande bokstav och sedan Enter.

Tryck R och Enter för att starta skanningen.

Om något hittas så tryck på valfri tangent för att starta borttagningen.

Ibland så kommer det upp ett meddelande om att starta om datorn, gör det i så fall.

Klistra in loggen som kommer upp i ditt svar här.

Om den inte kommer upp så hittar du den i den i C:\Windows och den heter msnfix.txt.[/log]

 

Link to comment
Share on other sites

>Resultatet av virustotal

[log]Närvarande status: Laddar ... köad väntar söker genomförd EJ FUNNEN STOPPAD

 

 

Resultat: 5/38 (13.16%)

Laddar server information...

Din fil är köad i position: 1.

Uppskattat starttid är mellan 38 och 55 sekunder.

Stäng inte ner detta fönster förens sökningen är genomförd.

Scannern som arbetade med din fil har stoppat, vi kommer att vänta ett par sekunder för att försöka återställa ditt resultat.

Om du väntar i mer än 5 minuter måste du skicka in din fil igen.

Din fil blir genomsökt av VirusTotal för tillfället,

resultat kommer att visas när de är klara.

Compact Skriv ut resultat

Din fil har upphört eller existerar inte.

Tjänsten är stoppad för tillfället, din fil väntar på att bli genomsökt (position: ) för en obestämd tid.

 

Du kan vänta på ett svar (automatisk uppdatering) eller ange din email i formuläret nedan och klicka "begär" så kommer systemet att skicka dig ett email när sökningen är genomförd.

Email:

 

 

Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.12.19.3 2008.12.19 -

AntiVir 7.9.0.45 2008.12.19 -

Authentium 5.1.0.4 2008.12.18 -

Avast 4.8.1281.0 2008.12.18 -

AVG 8.0.0.199 2008.12.18 -

BitDefender 7.2 2008.12.19 Trojan.Inject.GE

CAT-QuickHeal 10.00 2008.12.19 (Suspicious) - DNAScan

ClamAV 0.94.1 2008.12.19 -

Comodo 781 2008.12.19 -

DrWeb 4.44.0.09170 2008.12.19 -

eSafe 7.0.17.0 2008.12.18 -

eTrust-Vet 31.6.6268 2008.12.18 -

Ewido 4.0 2008.12.19 -

F-Prot 4.4.4.56 2008.12.18 -

F-Secure 8.0.14332.0 2008.12.19 -

Fortinet 3.117.0.0 2008.12.19 -

GData 19 2008.12.19 Trojan.Inject.GE

Ikarus T3.1.1.45.0 2008.12.19 -

K7AntiVirus 7.10.557 2008.12.18 -

Kaspersky 7.0.0.125 2008.12.19 -

McAfee 5468 2008.12.18 -

McAfee+Artemis 5468 2008.12.18 -

Microsoft 1.4205 2008.12.19 -

NOD32 3705 2008.12.19 -

Norman 5.80.02 2008.12.18 -

Panda 9.0.0.4 2008.12.19 -

PCTools 4.4.2.0 2008.12.19 -

Prevx1 V2 2008.12.19 -

Rising 21.08.42.00 2008.12.19 -

SecureWeb-Gateway 6.7.6 2008.12.19 -

Sophos 4.37.0 2008.12.19 -

Sunbelt 3.2.1801.2 2008.12.11 Backdoor.Win32.Hupigon.vnd

Symantec 10 2008.12.19 -

TheHacker 6.3.1.4.191 2008.12.17 -

TrendMicro 8.700.0.1004 2008.12.19 PAK_Generic.001

VBA32 3.12.8.10 2008.12.18 -

ViRobot 2008.12.19.1527 2008.12.19 -

VirusBuster 4.5.11.0 2008.12.18 -

Övrig information

File size: 23040 bytes

MD5...: 8dff94764bbc477499de8342561b2306

SHA1..: e4124c2b21ad3d645d96dc3d5224231cd95aad55

SHA256: e23cce0a48aaf6b1b17198bbffe0e3a24aac4275bb42dd7cb50ed606c3702585

SHA512: fdde92d1b6e6a81a9ba5b80a6cb223e4cdfa2272e83b79033a5d49a812fa3536

6fd5611d25390fb94304336efe0bd437f70255eaa18e44ce0c2accc7a421e8b2

 

ssdeep: 384:9vIzaeaO1U2iq5TlsXAAoA5nV7EsBj8N49ebBNZgkcm:yzF1dTIAAoA5FE8G

tNZ7

 

PEiD..: -

TrID..: File type identification

Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x401000

timedatestamp.....: 0x48c5893b (Mon Sep 08 20:21:15 2008)

machinetype.......: 0x14c (I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x2644 0x2800 7.09 49f2d06ceaa626a471692aad7b98a2a0

.rdata 0x4000 0x24a 0x400 2.99 edb1a01163a999d5b20fc19f539805c9

.data 0x5000 0x9c 0x200 0.89 117b8c64f0c8b8123905ef7ad7497968

.rsrc 0x6000 0x2720 0x2800 5.09 2c27380105a8411a591f7d22ce29963a

 

( 3 imports )

> user32.dll: LoadCursorA, LoadIconA, PostQuitMessage, RegisterClassExA, GetMessageA, ShowWindow, TrackPopupMenu, TranslateMessage, DispatchMessageA, DefWindowProcA, CreateWindowExA, CreatePopupMenu, SendMessageA, AppendMenuA

> kernel32.dll: lstrcpyA, GetModuleHandleA, ExitProcess

> shell32.dll: Shell_NotifyIconA

 

 

[/log]

 

Link to comment
Share on other sites

[log]MSNFix 1.749

 

C:\Documents and Settings\Sibbe.STOP-21455814C3\Skrivbord\MSNFix\MSNFix

Scan done at 2008-12-19 - 13:34:04,65 By Sibbe

Safe mode

 

************************ Checking Files

 

No files found

 

************************ Checking Folders

 

No Folders Found

[/log]

 

Link to comment
Share on other sites

Där var boven. Eftersom det var så få antivirusprogram som kände igen den så skulle jag vilja att du skickar filen till mig så att jag kan skicka den till antivirusföretagen. Det gör du på detta sätt:

På sidan http://www.skickafilen.se/ så bläddrar du fram xpsysw.exe som finns på Skrivbordet och som e-postadress så anger du min epostadress som du ser när du trycker Anv.info under det här inlägget. Då får jag ett mejl och kan ladda ner filen. Gör samma sak med xpsysw-filen, för även om inte virustotal hittade något i den så har den säkert något samband med xpsysw.exe

 

Vet du vad det är för game.exe som du har liggande i din dokument-mapp och som är skapad 2008-12-08 21:14:59 ?

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...