Just nu i M3-nätverket
Jump to content

Problem med nått virus, hjälp!


MacAudio

Recommended Posts

Hej,

Mitt antivirus program började alerta mig om att den hittat nått virus på system recovery mappen. Nån fil som hette (A "massa nummer" .exe)

Vet inte men den beter sig segt osv.

 

Bifogar en hjt log på burken om det hjälper.

 

 

[log]Logfile of HijackThis v1.99.1

Scan saved at 00:30:54, on 2008-12-22

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Nero\Nero8\InCD\NBHGui.exe

C:\Program\Nero\Nero8\InCD\InCD.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

C:\Program\Microsoft ActiveSync\wcescomm.exe

C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program\MI3AA1~1\rapimgr.exe

C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\Program\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Nero\Nero8\InCD\InCDsrv.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program\Nero\Nero8\InCD\NBHRegInCDSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

C:\Program\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program\BitComet\tools\BitCometBHO_1.2.6.26.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [AVP] "C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program\Nero\Nero8\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program\Nero\Nero8\InCD\InCD.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program\uTorrent\uTorrent.exe"

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Skicka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Ski&cka till OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Skapa mobilfavorit... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program\MI3AA1~1\INetRepl.dll

O9 - Extra button: Betway Casino - {3063c161-2f7e-4225-ba73-08bc8f64c67e} - C:\Program\Betway\Casino\casinogame.exe

O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program\Betway\Poker\MPPoker.exe

O9 - Extra button: HP Klippbok - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220554660828

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\WINDOW~4\MESSEN~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program\DELADE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Program\KASPER~1\KASPER~1\mzvkbd.dll,C:\Program\KASPER~1\KASPER~1\mzvkbd3.dll,C:\Program\KASPER~1\KASPER~1\adialhk.dll,C:\Program\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (AVP) - Unknown owner - C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" -r (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program\Nero\Nero8\InCD\InCDsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program\Java\jre6\bin\jqs.exe" -service -config "C:\Program\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program\Nero\Nero8\InCD\NBHRegInCDSrv.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

 

[/log]

 

Hoppas på hjälp :)

 

MVH Mattias

 

Ändrat KOD- till LOG-taggar:thumbsup: i inläggsfönstret.

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2008-12-22 00:44:44 av Cecilia]

Link to comment
Share on other sites

Jag ser inget skadligt i loggen i alla fall.

Har du haft någon tidigare Kaspersky-version i datorn? För det ser ut att finnas filer i loggen som har med äldre versioner att göra.

 

Vad för sorts skadlighet hittar Kaspersky i systemåterställningsmappen?

 

Link to comment
Share on other sites

nej inte vad jag vet iallafall. har bara installerat den en gång.

Men det är nån fil som heter typ A12356.exe kommer inte ihåg nummer följden exakt men det var stort A i början iallfall.

 

 

 

Link to comment
Share on other sites

Hittade en gammal log från händelsen.

Det var en Malware och hette "A0028816.exe"

Sen hade den deleta en trojan som hette Backdoor.win32.sdbot.iqj filen hette: pgd0.32.exe

 

 

Link to comment
Share on other sites

Alla filer i systemåterställningsmappen brukar ha sådana namn.

 

Backdoor betyder att det är något som öppnar en bakdörr till datorn så att datorer ute på internet kan komma åt datorn, så håll internetanslutningen urdragen så mycket som möjligt.

 

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

Okej, här kommer loggarna.

 

[log]OTViewIt Extras logfile created on: 2008-12-22 01:36:29 - Run 2

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\MacAudio\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511,48 Mb Total Physical Memory | 253,08 Mb Available Physical Memory | 49,48% Memory free

1,96 Gb Paging File | 1,65 Gb Available in Paging File | 83,84% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 186,30 Gb Total Space | 39,41 Gb Free Space | 21,15% Space Free | Partition Type: NTFS

Drive D: | 189,92 Gb Total Space | 4,96 Gb Free Space | 2,61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 3,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RUFFEL-7BB9B985

Current User Name: MacAudio

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=1

""=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-09-09 00:01:36 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2006-06-27 00:58:44 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

[2006-06-27 00:59:02 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

[2006-06-27 00:59:06 | 01,981,224 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-05-21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook

[2007-08-28 23:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove

[2008-05-21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote

[2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com) -- C:\Program\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour

[2008-04-15 14:08:16 | 16,087,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Program\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3

File not found -- C:\Program\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™

[2008-11-06 18:13:31 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent

[2008-09-09 00:01:36 | 03,513,344 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2006-06-27 00:58:44 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

[2006-06-27 00:59:02 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

[2006-06-27 00:59:06 | 01,981,224 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

 

========== (O10) Winsock2 Catalogs ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]

NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-08-24 06:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008-09-09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2007-08-28 22:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2006-10-26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2008-09-09 00:03:44 | 00,064,000 | ---- | M] (Microsoft Corporation) C:\Program\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2006-10-26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}"=DocProc

"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting

"{10E1E87C-656C-4D08-86D6-5443D28583BE}"=TrayApp

"{1753255A-0AEB-4220-8C75-607B73F0C133}"=Copy

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin

"{22466889-7642-488d-AA0E-F619704CF7AB}"=DeviceDiscovery

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}"=MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java 6 Update 10

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}"=WebReg

"{2A539CD9-0F75-4875-9A32-E06DD93C4114}"=Adobe Extension Manager CS3

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}"=Scan

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}"=HP Product Assistant

"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}"=Adobe Setup

"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}"=DAEMON Tools

"{3F818569-A3A7-4D5E-AD4A-372C4A03678F}"=Adobe Setup

"{415CDA53-9100-476F-A7B2-476691E117C7}"=HP Smart Web Printing

"{48963B63-7A10-49D6-8B08-61E6132453D0}"=ViewSonic Monitor Drivers

"{50F5CBBA-4411-4007-AAEA-79128C85A561}"=Windows Live Beta (alla program)

"{543E938C-BDC4-4933-A612-01293996845F}"=UnloadSupport

"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml

"{643898A8-5565-49AC-B2FF-093D7A1F506C}"=Adobe Photoshop CS3

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All

"{6D45EF03-E8EE-4355-81C3-F918CBCF1033}"=Nero 8

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}"=Adobe Color EU Recommended Settings

"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3

"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder

"{8984E374-6C93-427C-A3B9-AD92472FDCA0}"=Windows Live inloggningsassistenten

"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}"=Kaspersky Internet Security 2009

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support

"{90120000-0010-041D-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Swedish) 12

"{90120000-0015-041D-0000-0000000FF1CE}"=Microsoft Office Access MUI (Swedish) 2007

"{90120000-0015-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-041D-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Swedish) 2007

"{90120000-0016-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-041D-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Swedish) 2007

"{90120000-0018-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-041D-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Swedish) 2007

"{90120000-0019-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-041D-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Swedish) 2007

"{90120000-001A-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-041D-0000-0000000FF1CE}"=Microsoft Office Word MUI (Swedish) 2007

"{90120000-001B-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-040B-0000-0000000FF1CE}"=Microsoft Office Proof (Finnish) 2007

"{90120000-001F-040B-0000-0000000FF1CE}_ENTERPRISE_{F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-041D-0000-0000000FF1CE}"=Microsoft Office Proof (Swedish) 2007

"{90120000-001F-041D-0000-0000000FF1CE}_ENTERPRISE_{A8626CEF-CB0A-4BC2-8F51-210A43B6158D}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-041D-0000-0000000FF1CE}"=Microsoft Office Proofing (Swedish) 2007

"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-041D-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Swedish) 2007

"{90120000-0044-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-041D-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Swedish) 2007

"{90120000-006E-041D-0000-0000000FF1CE}_ENTERPRISE_{C41B2E34-C30E-4989-8A9D-6B0805B33EC1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-041D-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Swedish) 2007

"{90120000-00A1-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-041D-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Swedish) 2007

"{90120000-00BA-041D-0000-0000000FF1CE}_ENTERPRISE_{E6B1E9D4-FBDC-44B2-B825-246D1B466C5B}"=2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}"=Microsoft Application Error Reporting

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}"=Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific

"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}"=F4100_Help

"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}"=F4100

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings

"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}"=Ipswitch WS_FTP Pro

"{AEA07F97-9088-497c-8821-0F36BD5DC251}"=HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}"=AIO_Scan

"{B208806F-A231-4FA0-AB3F-5C1B8979223E}"=Microsoft ActiveSync 4.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0

"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}"=F4100_doccd

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}"=DJ_AIO_Software_min

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}"=SolutionCenter

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2

"{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}"=Contacts

"{CA50045C-5119-48e7-9BA7-6B317379857A}"=DJ_AIO_Software

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}"=Destination Component

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}"=Full Tilt Poker

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings

"{E2662C24-B31E-4349-A084-32EB76E8B760}"=BufferChm

"{E548726E-F4E8-459f-BAB8-45551BC071E9}"=DJ_AIO_ProductContext

"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}"=Toolbox

"{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}"=Choice Guard

"{EF4D5800-E578-492B-B2D5-422465EA0570}"=Windows Live Messenger

"{F01D5ED5-D53A-4468-B428-149DC2CB3110}"=Adobe Dreamweaver CS3

"{F07B9FCF-02F5-4205-B88C-13C8A747806B}"=Adobe Setup

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}"=HP Deskjet All-In-One Software 9.0

"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio

"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}"=Status

"{FE57DE70-95DE-4B64-9266-84DA811053DB}"=HP Update

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}"=Adobe Color NA Extra Settings

"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}"=MarketingReg

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Adobe Flash Player Plugin"=Adobe Flash Player Plugin

"Adobe Shockwave Player"=Adobe Shockwave Player

"Adobe_0569ced46d8a4bd43ea5027ac9bf923"=Adobe Photoshop CS3

"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3

"Adobe_435a6af7459cb02a9c1138113a26e93"=Adobe Dreamweaver CS3

"Adobe_733ba5a8c93b3744f432cf39a12ee09"=Adobe Flash CS3 Professional

"ATI Display Driver"=ATI Display Driver

"Betway.com Casino"=Betway.com Casino

"Betway.com Poker"=Betway.com Poker

"BitComet"=BitComet 1.03

"CCleaner"=CCleaner (remove only)

"Cool's_Codec_pack_4.12"=Codec Pack - All In 1 6.0.3.0

"Cruiser"=Cruiser v10.43

"ENTERPRISE"=Microsoft Office Enterprise 2007

"Foxit Reader"=Foxit Reader

"HijackThis"=HijackThis 1.99.1

"HP Imaging Device Functions"=HP Imaging Device Functions 9.0

"HP Solution Center & Imaging Support Tools"=HP Solution Center 9.0

"HPOCR"=HP OCR Software 9.0

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}"=Kaspersky Internet Security 2009

"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"MSI Live Update 3"=MSI Live Update 3

"Nero8Lite_is1"=Nero 8 Lite 8.3.6.0

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"PokerStars"=PokerStars

"SETool3 Script Maker1.0"=SETool3 Script Maker

"Svenska Spels Poker"=Svenska Spels Poker

"TPTEST5_is1"=TPTEST 5.0.1

"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinLiveSuite_Wave3"=Windows Live Beta (alla program)

"WinRAR archiver"=WinRAR archiver

"VLC media player"=VideoLAN VLC media player 0.8.6i

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent"=µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-11-28 19:33:22 | Computer Name = RUFFEL-7BB9B985 | Source = Application Error | ID = 1000

Description = Felaktigt program firefox.exe, version 1.9.0.3224, felaktig modul

xul.dll, version 1.9.0.3224, felaktig adress 0x000a6b88.

 

Error - 2008-12-13 12:27:10 | Computer Name = RUFFEL-7BB9B985 | Source = Application Error | ID = 1000

Description = Felaktigt program explorer.exe, version 6.0.2900.5512, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x066a0000.

 

Error - 2008-12-15 18:52:55 | Computer Name = RUFFEL-7BB9B985 | Source = Application Error | ID = 1000

Description = Felaktigt program casinogame.exe, version 15.0.0.2345, felaktig modul

kernel32.dll, version 5.1.2600.5512, felaktig adress 0x00009813.

 

Error - 2008-12-17 18:14:17 | Computer Name = RUFFEL-7BB9B985 | Source = Application Hang | ID = 1002

Description = Stoppat program OUTLOOK.EXE, version 12.0.6316.5000, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-17 18:14:19 | Computer Name = RUFFEL-7BB9B985 | Source = Application Hang | ID = 1002

Description = Stoppat program OUTLOOK.EXE, version 12.0.6316.5000, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-18 09:45:54 | Computer Name = RUFFEL-7BB9B985 | Source = Application Error | ID = 1000

Description = Felaktigt program nmindexstoresvr.exe, version 3.3.8.0, felaktig modul

unknown, version 0.0.0.0, felaktig adress 0x01fa4ed4.

 

Error - 2008-12-18 13:19:06 | Computer Name = RUFFEL-7BB9B985 | Source = Application Error | ID = 1000

Description = Felaktigt program NMIndexingService.exe, version 3.3.8.0, felaktig

modul unknown, version 0.0.0.0, felaktig adress 0x008989b8.

 

Error - 2008-12-18 19:33:44 | Computer Name = RUFFEL-7BB9B985 | Source = Microsoft Office 12 | ID = 2000

Description = Accepted Safe Mode action : Microsoft Office Outlook.

 

Error - 2008-12-18 19:34:10 | Computer Name = RUFFEL-7BB9B985 | Source = Application Hang | ID = 1002

Description = Stoppat program OUTLOOK.EXE, version 12.0.6316.5000, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2008-12-18 19:34:10 | Computer Name = RUFFEL-7BB9B985 | Source = Application Hang | ID = 1002

Description = Stoppat program OUTLOOK.EXE, version 12.0.6316.5000, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2008-12-06 22:03:46 | Computer Name = RUFFEL-7BB9B985 | Source = W32Time | ID = 39452701

Description = Tidsprovidern NtpClient har konfigurerats för att läsa tid från en

eller

fler tidskällor, men ingen källa är tillgänglig för närvarande. Inget försök att

kontakta någon källa kommer att göras förrän om 119 minuter. NtpClient har ingen

källa för korrekt tid.

 

Error - 2008-12-07 00:03:46 | Computer Name = RUFFEL-7BB9B985 | Source = W32Time | ID = 39452689

Description = Tidsprovidern NtpClient: Ett oväntat fel uppstod vid DNS-matchning

för den manuellt konfigurerade peer-datorn time.windows.com,0x1. Ett nytt matchningsförsök

kommer att göras om 240 minuter. Fel: En socket-åtgärd försökte utföras på en oåtkomlig

värd. (0x80072751)

 

Error - 2008-12-07 00:03:46 | Computer Name = RUFFEL-7BB9B985 | Source = W32Time | ID = 39452701

Description = Tidsprovidern NtpClient har konfigurerats för att läsa tid från en

eller

fler tidskällor, men ingen källa är tillgänglig för närvarande. Inget försök att

kontakta någon källa kommer att göras förrän om 239 minuter. NtpClient har ingen

källa för korrekt tid.

 

Error - 2008-12-17 18:14:47 | Computer Name = RUFFEL-7BB9B985 | Source = DCOM | ID = 10010

Description = Servern {0006F03A-0000-0000-C000-000000000046} registrerades inte

med DCOM inom erforderlig timeout.

 

Error - 2008-12-18 13:27:29 | Computer Name = RUFFEL-7BB9B985 | Source = Service Control Manager | ID = 7034

Description = Tjänsten NMIndexingService avslutades oväntat. Detta har skett 1 gånger.

 

Error - 2008-12-20 09:35:56 | Computer Name = RUFFEL-7BB9B985 | Source = Service Control Manager | ID = 7034

Description = Tjänsten NMIndexingService avslutades oväntat. Detta har skett 1 gånger.

 

Error - 2008-12-20 12:13:54 | Computer Name = RUFFEL-7BB9B985 | Source = Tcpip | ID = 4199

Description = Systemet upptäckte en adresskonflikt för IP-adressen 192.168.1.3 med

systemet som har nätverksmaskinvaruadress 00:22:98:58:E0:B9. Nätverksåtgärder kanske

inte fungerar normalt på grund av det.

 

Error - 2008-12-20 17:54:52 | Computer Name = RUFFEL-7BB9B985 | Source = Tcpip | ID = 4199

Description = Systemet upptäckte en adresskonflikt för IP-adressen 192.168.1.3 med

systemet som har nätverksmaskinvaruadress 00:22:98:58:E0:B9. Nätverksåtgärder kanske

inte fungerar normalt på grund av det.

 

Error - 2008-12-20 18:07:28 | Computer Name = RUFFEL-7BB9B985 | Source = Tcpip | ID = 4199

Description = Systemet upptäckte en adresskonflikt för IP-adressen 192.168.1.3 med

systemet som har nätverksmaskinvaruadress 00:22:98:58:E0:B9. Nätverksåtgärder kanske

inte fungerar normalt på grund av det.

 

Error - 2008-12-20 18:39:28 | Computer Name = RUFFEL-7BB9B985 | Source = Tcpip | ID = 4199

Description = Systemet upptäckte en adresskonflikt för IP-adressen 192.168.1.3 med

systemet som har nätverksmaskinvaruadress 00:22:98:58:E0:B9. Nätverksåtgärder kanske

inte fungerar normalt på grund av det.

 

 

< End of report >

[/log]

 

nr 2.

[log]OTViewIt logfile created on: 2008-12-22 01:36:29 - Run 2

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\MacAudio\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511,48 Mb Total Physical Memory | 253,08 Mb Available Physical Memory | 49,48% Memory free

1,96 Gb Paging File | 1,65 Gb Available in Paging File | 83,84% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 186,30 Gb Total Space | 39,41 Gb Free Space | 21,15% Space Free | Partition Type: NTFS

Drive D: | 189,92 Gb Total Space | 4,96 Gb Free Space | 2,61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 3,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RUFFEL-7BB9B985

Current User Name: MacAudio

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2006-12-17 03:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2006-12-17 03:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2008-07-29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

[2004-06-18 09:31:02 | 00,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2007-08-24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

[2004-08-22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program\D-Tools\daemon.exe

[2008-06-10 12:29:40 | 02,049,320 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\NBHGui.exe

[2008-06-10 12:29:20 | 01,083,176 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\InCD.exe

[2008-11-21 19:49:47 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jusched.exe

[2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\HP Software Update\hpwuSchd2.exe

[2008-06-24 16:06:06 | 01,840,424 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

[2006-06-27 00:59:02 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\wcescomm.exe

[2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

[2006-06-27 00:58:44 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\rapimgr.exe

[2008-07-29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2008-06-10 12:29:40 | 01,442,088 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\InCDsrv.exe

[2008-11-21 19:49:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2008-06-08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

[2008-06-10 12:29:40 | 00,053,032 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\NBHRegInCDSrv.exe

[2006-12-19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe

[2008-06-24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

[2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\Digital Imaging\bin\hpqste08.exe

[2008-12-22 01:34:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MacAudio\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2006-12-17 03:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2006-12-20 20:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

[2008-07-29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2008-10-22 19:35:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008-06-10 12:29:40 | 01,442,088 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2008-11-21 19:49:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2008-06-08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])

[2008-06-10 12:29:40 | 00,053,032 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv [Auto | Running])

[2008-06-24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006-12-19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])

[2006-11-15 10:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2004-02-24 04:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])

[2004-06-21 09:53:20 | 00,626,204 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2006-12-17 03:50:29 | 01,918,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [boot | Running])

[2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [boot | Running])

[2007-09-25 15:37:48 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt [On_Demand | Stopped])

[2007-09-25 15:37:50 | 00,020,520 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc [On_Demand | Stopped])

[2007-03-07 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007-03-07 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007-03-07 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2008-06-10 12:29:20 | 00,128,424 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2008-06-10 12:29:30 | 00,038,952 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [system | Running])

[2008-06-10 12:29:30 | 00,040,488 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [system | Running])

[2008-04-14 16:41:34 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008-07-21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [boot | Running])

[2008-01-29 17:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [boot | Running])

[2008-03-13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])

[2008-09-04 19:11:06 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [system | Running])

[2008-04-30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])

[2008-12-07 17:40:43 | 00,033,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [system | Running])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-07-12 10:49:16 | 00,096,384 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2006-09-18 15:58:48 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus [On_Demand | Stopped])

[2006-11-30 13:58:18 | 00,061,536 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus [On_Demand | Stopped])

[2008-04-13 17:39:17 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005-06-13 09:03:12 | 00,060,768 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus [On_Demand | Stopped])

[2005-06-13 09:05:08 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])

[2005-06-13 09:05:16 | 00,096,224 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])

[2005-06-13 09:06:58 | 00,087,792 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])

[2005-06-13 09:08:36 | 00,085,664 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])

[2008-04-14 17:36:54 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [system | Stopped])

[2006-11-02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (618303 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 a9rhiwa.cn #[Google.Warning]

127.0.0.1 www.a9rhiwa.cn

127.0.0.1 acezip.net #[siteAdvisor.acezip.net]

127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

127.0.0.1 phpadsnew.abac.com

127.0.0.1 a.abnad.net

127.0.0.1 b.abnad.net

127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

127.0.0.1 d.abnad.net

127.0.0.1 e.abnad.net

127.0.0.1 t.abnad.net

127.0.0.1 z.abnad.net

127.0.0.1 banners.absolpublisher.com

127.0.0.1 tracking.absolstats.com

127.0.0.1 adv.abv.bg

127.0.0.1 bimg.abv.bg

127.0.0.1 www2.a-counter.kiev.ua

127.0.0.1 track.acclaimnetwork.com

127.0.0.1 accuserveadsystem.com

127.0.0.1 www.accuserveadsystem.com

127.0.0.1 gtb5.acecounter.com

127.0.0.1 gtb19.acecounter.com

16347 more lines...

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

{053F9267-DC04-4294-A72C-58F732D338C0} (HKLM) -- C:\Program\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

"InCD"=C:\Program\Nero\Nero8\InCD\InCD.exe (Nero AG)

"NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)

"NeroFilterCheck"=C:\Program\Delade filer\Nero\Lib\NeroCheck.exe (Nero AG)

"SecurDisc"=C:\Program\Nero\Nero8\InCD\NBHGui.exe (Nero AG)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Program\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"uTorrent"="C:\Program\uTorrent\uTorrent.exe" (BitTorrent, Inc.)

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"uTorrent"="C:\Program\uTorrent\uTorrent.exe" (BitTorrent, Inc.)

 

========== (O4) Startup Folders ==========

 

[2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&D&ownload &with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all video with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

Add to Banner Ad Blocker: C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008-07-29 19:08:28 | 00,001,411 | ---- | M] ()

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\]

&D&ownload &with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all video with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

Add to Banner Ad Blocker: C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008-07-29 19:08:28 | 00,001,411 | ---- | M] ()

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Skicka till OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: Ski&cka till OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006-06-27 00:58:42 | 00,142,120 | ---- | M] (Microsoft Corporation)

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Skapa mobilfavorit... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006-06-27 00:58:42 | 00,142,120 | ---- | M] (Microsoft Corporation)

{3063c161-2f7e-4225-ba73-08bc8f64c67e}: Button: Betway Casino -- %ProgramFiles%\Betway\Casino\casinogame.exe [2008-12-07 13:58:07 | 00,065,536 | ---- | M] (Microgaming Systems)

{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9}: Button: Betway.com Poker -- %ProgramFiles%\Betway\Poker\MPPoker.exe [2008-08-29 09:09:36 | 00,011,264 | ---- | M] (Microgaming)

{58ECB495-38F0-49cb-A538-10282ABF65E7}: Button: HP Klippbok -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)

{700259D7-1666-479a-93B1-3250410481E8}: Button: HP Smart markering -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 06:21:58 | 00,656,696 | ---- | M] (BitComet)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220554660828 -- MUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}: https://plugins.valueactive.eu/flashax/iefax.cab -- Flash Casino Helper Control

 

========== (O17) DNS Name Servers ==========

 

{73EA66EE-1124-4CF3-97D7-529C5DF939BD} (Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=C:\Program\KASPER~1\KASPER~1\mzvkbd.dll,C:\Program\KASPER~1\KASPER~1\mzvkbd3.dll,C:\Program\KASPER~1\KASPER~1\adialhk.dll,C:\Program\KASPER~1\KASPER~1\kloehk.dll

>[2008-07-29 19:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll

>[2008-07-29 19:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll

>[2008-07-29 19:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll

>[2008-07-29 19:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2008-09-04 18:43:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2008-12-22 01:33:59 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MacAudio\Skrivbord\OTViewIt.exe

[2008-12-22 00:29:48 | 00,251,392 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\hijackthis_sfx.exe

[2008-12-22 00:22:35 | 00,000,236 | ---- | C] () -- C:\sqmdata02.sqm

[2008-12-22 00:22:35 | 00,000,200 | ---- | C] () -- C:\sqmnoopt02.sqm

[2008-12-15 10:48:18 | 00,000,000 | ---D | C] -- C:\Program\Microsoft ActiveSync

[2008-12-15 10:47:05 | 00,009,289 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\eula.rtf

[2008-12-15 10:47:01 | 00,016,174 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\readme.doc

[2008-12-15 10:46:55 | 07,109,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\setup.exe

[2008-12-13 17:32:18 | 00,000,236 | ---- | C] () -- C:\sqmdata01.sqm

[2008-12-13 17:32:18 | 00,000,200 | ---- | C] () -- C:\sqmnoopt01.sqm

[2008-12-13 15:59:51 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wceusbsh.sys

[2008-12-13 15:59:51 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2008-12-13 15:55:50 | 00,000,236 | ---- | C] () -- C:\sqmdata00.sqm

[2008-12-13 15:55:50 | 00,000,200 | ---- | C] () -- C:\sqmnoopt00.sqm

[2008-12-08 16:28:22 | 00,146,525 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\hosts.zip

[2008-12-07 18:22:09 | 00,000,000 | ---D | C] -- C:\Program\Microsoft

[2008-12-07 18:21:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokument\microsoft

[2008-12-07 18:17:55 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Windows Live

[2008-12-07 17:54:48 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2008-12-07 17:53:56 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll

[2008-12-07 17:53:44 | 00,000,000 | ---D | C] -- C:\Program\Windows Media Connect 2

[2008-12-07 17:50:45 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008-12-07 17:50:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2008-12-07 17:47:25 | 16,738,848 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\IE8-WindowsXP-x86-SVE.exe

[2008-12-07 17:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Skrivbord\data

[2008-12-07 17:40:43 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008-12-06 17:39:37 | 00,000,000 | ---D | C] -- C:\Program\TPTEST5

[2008-12-05 09:02:26 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\MacAudio\Application Data\default.pls

[2008-12-03 09:41:49 | 00,001,241 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml%

[2008-11-29 18:08:17 | 00,622,318 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\Sequinity Flash Theme 2.1_C702-C902-C905-G502-G705-T700-W595-W760-W902-W980-Z780.rar

[2008-11-29 10:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Lokala inställningar\Application Data\Boss Media

[2008-11-29 10:19:05 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\Svenska Spels Poker.lnk

[2008-11-29 10:18:55 | 00,000,000 | ---D | C] -- C:\Casino

[2008-11-29 10:18:36 | 05,239,752 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\svenskaspelpoker.exe

[2008-11-29 08:54:04 | 01,065,268 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\Namnlöst-1.jpg

[2008-11-29 00:30:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2008-11-26 20:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Mina dokument\Mina skanningar

[2008-11-25 20:41:01 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2008-11-25 20:40:28 | 00,000,000 | ---D | C] -- C:\Program Files

[2008-11-25 20:33:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys

[2008-11-25 20:33:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2008-11-25 20:31:10 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll

 

========== Files - Modified Within 30 Days ==========

 

[3 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008-12-22 01:34:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MacAudio\Skrivbord\OTViewIt.exe

[2008-12-22 00:29:54 | 00,251,392 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\hijackthis_sfx.exe

[2008-12-22 00:22:35 | 00,000,236 | ---- | M] () -- C:\sqmdata02.sqm

[2008-12-22 00:22:35 | 00,000,200 | ---- | M] () -- C:\sqmnoopt02.sqm

[2008-12-22 00:20:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-22 00:20:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-22 00:20:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-21 12:33:05 | 00,671,776 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2008-12-21 12:33:05 | 00,004,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2008-12-21 12:33:04 | 06,128,672 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008-12-21 12:33:04 | 00,050,008 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2008-12-20 17:51:57 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-12-19 12:50:25 | 00,001,241 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml%

[2008-12-18 12:36:28 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\MacAudio\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-15 10:47:05 | 00,009,289 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\eula.rtf

[2008-12-15 10:47:02 | 00,016,174 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\readme.doc

[2008-12-15 10:46:58 | 07,109,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\setup.exe

[2008-12-13 17:32:18 | 00,000,236 | ---- | M] () -- C:\sqmdata01.sqm

[2008-12-13 17:32:18 | 00,000,200 | ---- | M] () -- C:\sqmnoopt01.sqm

[2008-12-13 15:55:50 | 00,000,236 | ---- | M] () -- C:\sqmdata00.sqm

[2008-12-13 15:55:50 | 00,000,200 | ---- | M] () -- C:\sqmnoopt00.sqm

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-08 16:28:23 | 00,146,525 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\hosts.zip

[2008-12-08 14:43:21 | 04,230,446 | -H-- | M] () -- C:\Documents and Settings\MacAudio\Lokala inställningar\Application Data\IconCache.db

[2008-12-07 18:23:44 | 00,000,942 | ---- | M] () -- C:\Documents and Settings\MacAudio\Mina dokument\Mina delade mappar.lnk

[2008-12-07 17:54:07 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2008-12-07 17:54:07 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2008-12-07 17:53:57 | 00,000,617 | ---- | M] () -- C:\WINDOWS\win.ini

[2008-12-07 17:52:43 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2008-12-07 17:50:45 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008-12-07 17:47:58 | 16,738,848 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\IE8-WindowsXP-x86-SVE.exe

[2008-12-07 17:40:43 | 00,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008-12-05 09:02:26 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\MacAudio\Application Data\default.pls

[2008-11-29 18:08:18 | 00,622,318 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Sequinity Flash Theme 2.1_C702-C902-C905-G502-G705-T700-W595-W760-W902-W980-Z780.rar

[2008-11-29 10:19:05 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Svenska Spels Poker.lnk

[2008-11-29 10:18:36 | 05,239,752 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\svenskaspelpoker.exe

[2008-11-29 08:54:06 | 01,065,268 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Namnlöst-1.jpg

[2008-11-26 21:11:06 | 00,728,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-11-26 21:11:06 | 00,318,158 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-11-26 21:11:06 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-11-26 21:11:06 | 00,049,112 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-11-26 21:11:06 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-11-26 02:51:10 | 00,618,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2008-11-25 21:06:51 | 03,489,792 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Klar.pub

< End of report >

[/log]

 

Link to comment
Share on other sites

Ladda ner Malwarebytes Anti-Malware (MBAM) från en av dessa länkar:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

http://projects.securitywonks.net/projects/details.php?file=158

Dubbelklicka på mbam-setup för att installera programmet.

 

[log]Se till i slutet av installationen att det är bockar för:

Uppdatera Malwarebytes' Anti-Malware

Starta Malwarebytes' Anti-Malware

Tryck på Slutför

Om det finns någon uppdatering så kommer den att laddas ner och installeras.

 

När programmet startar så välj "Utför snabb skanning" och tryck på Skanna.

Skanningen tar ett tag.

När den är klar så tryck på OK och sedan "Visa resultat".

Bocka för allt och tryck sedan Ta bort markerade.

När borttagningen är klar så öppnar Anteckningar med en logg.

 

Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det.

Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång.

Om programmet inte kommer igång efter omstarten så starta det.

 

Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM.

Kopiera loggen och klistra in den i ditt svar tillsammans med en ny OTViewIt-logg (inte extra loggen).[/log]

 

Link to comment
Share on other sites

Hej

Har utfört skanning men den hittade ingenting att ta bort.

 

Här kommer loggarna.

[log]Malwarebytes' Anti-Malware 1.31

Databasversion: 1531

Windows 5.1.2600 Service Pack 3

 

2008-12-22 12:09:12

mbam-log-2008-12-22 (12-09-12).txt

 

Skanningstyp: Snabb skanning

Antal skannade objekt: 53977

Förfluten tid: 7 minute(s), 55 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

 

[log]OTViewIt logfile created on: 2008-12-22 12:10:43 - Run 3

OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\MacAudio\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511,48 Mb Total Physical Memory | 267,37 Mb Available Physical Memory | 52,27% Memory free

1,96 Gb Paging File | 1,66 Gb Available in Paging File | 84,50% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 186,30 Gb Total Space | 39,39 Gb Free Space | 21,15% Space Free | Partition Type: NTFS

Drive D: | 189,92 Gb Total Space | 4,96 Gb Free Space | 2,61% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 3,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RUFFEL-7BB9B985

Current User Name: MacAudio

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2006-12-17 03:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2006-12-17 03:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe

[2008-07-29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

[2004-06-18 09:31:02 | 00,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2007-08-24 06:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveMonitor.exe

[2004-08-22 17:05:02 | 00,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program\D-Tools\daemon.exe

[2008-06-10 12:29:40 | 02,049,320 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\NBHGui.exe

[2008-06-10 12:29:20 | 01,083,176 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\InCD.exe

[2008-11-21 19:49:47 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jusched.exe

[2007-03-11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\HP Software Update\hpwuSchd2.exe

[2008-06-24 16:06:06 | 01,840,424 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe

[2006-06-27 00:59:02 | 01,211,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\wcescomm.exe

[2006-06-27 00:58:44 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft ActiveSync\rapimgr.exe

[2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

[2008-07-29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe

[2008-06-10 12:29:40 | 01,442,088 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\InCDsrv.exe

[2008-11-21 19:49:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe

[2008-06-08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe

[2008-06-10 12:29:40 | 00,053,032 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\NBHRegInCDSrv.exe

[2006-12-19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe

[2008-06-24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe

[2007-03-11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program\HP\Digital Imaging\bin\hpqste08.exe

[2008-12-22 01:34:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MacAudio\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2006-12-17 03:42:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])

[2006-12-20 20:05:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

[2008-07-29 19:20:28 | 00,206,088 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -- (AVP [Auto | Running])

[2006-02-28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])

[2008-10-22 19:35:24 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program\Delade filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])

[2008-06-10 12:29:40 | 01,442,088 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])

[2008-11-21 19:49:47 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2007-08-24 05:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])

[2008-06-08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])

[2008-06-10 12:29:40 | 00,053,032 | ---- | M] (Nero AG) -- C:\Program\Nero\Nero8\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv [Auto | Running])

[2008-06-24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program\Delade filer\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Running])

[2007-08-24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])

[2006-10-26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])

[2006-12-19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])

[2006-11-15 10:49:34 | 00,912,384 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2004-02-24 04:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])

[2004-06-21 09:53:20 | 00,626,204 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2006-12-17 03:50:29 | 01,918,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2004-08-22 16:31:10 | 00,155,136 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus [boot | Running])

[2004-08-22 16:31:48 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt [boot | Running])

[2007-09-25 15:37:48 | 00,013,352 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt [On_Demand | Stopped])

[2007-09-25 15:37:50 | 00,020,520 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc [On_Demand | Stopped])

[2007-03-07 06:20:48 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])

[2007-03-07 06:20:49 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2007-03-07 06:20:50 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2008-06-10 12:29:20 | 00,128,424 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])

[2008-06-10 12:29:30 | 00,038,952 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass [system | Running])

[2008-06-10 12:29:30 | 00,040,488 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm [system | Running])

[2008-04-14 16:41:34 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2008-07-21 17:34:36 | 00,121,872 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1 [boot | Running])

[2008-01-29 17:29:38 | 00,032,784 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg [boot | Running])

[2008-03-13 18:02:46 | 00,026,640 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV [On_Demand | Running])

[2008-09-04 19:11:06 | 00,213,008 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [system | Running])

[2008-04-30 17:06:48 | 00,024,592 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5 [On_Demand | Running])

[2008-12-07 17:40:43 | 00,033,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [system | Running])

[2004-08-04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2007-07-12 10:49:16 | 00,096,384 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2006-09-18 15:58:48 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus [On_Demand | Stopped])

[2006-11-30 13:58:18 | 00,061,536 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus [On_Demand | Stopped])

[2008-04-13 17:39:17 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2005-06-13 09:03:12 | 00,060,768 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus [On_Demand | Stopped])

[2005-06-13 09:05:08 | 00,009,264 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])

[2005-06-13 09:05:16 | 00,096,224 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm [On_Demand | Stopped])

[2005-06-13 09:06:58 | 00,087,792 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])

[2005-06-13 09:08:36 | 00,085,664 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex [On_Demand | Stopped])

[2008-04-14 17:36:54 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [system | Stopped])

[2006-11-02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

"ProxyOverride" = *.local

 

========== (O1) Hosts File ==========

 

HOSTS File = (618303 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 a9rhiwa.cn #[Google.Warning]

127.0.0.1 www.a9rhiwa.cn

127.0.0.1 acezip.net #[siteAdvisor.acezip.net]

127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

127.0.0.1 phpadsnew.abac.com

127.0.0.1 a.abnad.net

127.0.0.1 b.abnad.net

127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

127.0.0.1 d.abnad.net

127.0.0.1 e.abnad.net

127.0.0.1 t.abnad.net

127.0.0.1 z.abnad.net

127.0.0.1 banners.absolpublisher.com

127.0.0.1 tracking.absolstats.com

127.0.0.1 adv.abv.bg

127.0.0.1 bimg.abv.bg

127.0.0.1 www2.a-counter.kiev.ua

127.0.0.1 track.acclaimnetwork.com

127.0.0.1 accuserveadsystem.com

127.0.0.1 www.accuserveadsystem.com

127.0.0.1 gtb5.acecounter.com

127.0.0.1 gtb19.acecounter.com

16347 more lines...

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{0347C33E-8762-4905-BF09-768834316C61} (HKLM) -- C:\Program\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

{053F9267-DC04-4294-A72C-58F732D338C0} (HKLM) -- C:\Program\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program\BitComet\tools\BitCometBHO_1.2.6.26.dll (BitComet)

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (HKLM) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" (Kaspersky Lab)

"DAEMON Tools-1033"="C:\Program\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)

"GrooveMonitor"="C:\Program\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)

"HP Software Update"=C:\Program\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)

"InCD"=C:\Program\Nero\Nero8\InCD\InCD.exe (Nero AG)

"NBKeyScan"="C:\Program\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)

"NeroFilterCheck"=C:\Program\Delade filer\Nero\Lib\NeroCheck.exe (Nero AG)

"SecurDisc"=C:\Program\Nero\Nero8\InCD\NBHGui.exe (Nero AG)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Program\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"uTorrent"="C:\Program\uTorrent\uTorrent.exe" (BitTorrent, Inc.)

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="C:\Program\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (Nero AG)

"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

"uTorrent"="C:\Program\uTorrent\uTorrent.exe" (BitTorrent, Inc.)

 

========== (O4) RunOnce Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)

 

========== (O4) Startup Folders ==========

 

[2007-03-11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP Digital Imaging Monitor.lnk = C:\Program\HP\Digital Imaging\bin\hpqtra08.exe

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&D&ownload &with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all video with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

Add to Banner Ad Blocker: C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008-07-29 19:08:28 | 00,001,411 | ---- | M] ()

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\]

&D&ownload &with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all video with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

&D&ownload all with BitComet: C:\Program\BitComet\BitComet.exe [2008-07-17 14:50:18 | 02,599,224 | ---- | M] (www.BitComet.com)

Add to Banner Ad Blocker: C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm [2008-07-29 19:08:28 | 00,001,411 | ---- | M] ()

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\Office12\EXCEL.EXE [2008-10-18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}: Button: Web traffic protection statistics -- %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Skicka till OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: Ski&cka till OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007-12-13 01:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: Create Mobile Favorite -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006-06-27 00:58:42 | 00,142,120 | ---- | M] (Microsoft Corporation)

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: Skapa mobilfavorit... -- %ProgramFiles%\Microsoft ActiveSync\INetRepl.dll [2006-06-27 00:58:42 | 00,142,120 | ---- | M] (Microsoft Corporation)

{3063c161-2f7e-4225-ba73-08bc8f64c67e}: Button: Betway Casino -- %ProgramFiles%\Betway\Casino\casinogame.exe [2008-12-07 13:58:07 | 00,065,536 | ---- | M] (Microgaming Systems)

{4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9}: Button: Betway.com Poker -- %ProgramFiles%\Betway\Poker\MPPoker.exe [2008-08-29 09:09:36 | 00,011,264 | ---- | M] (Microgaming)

{58ECB495-38F0-49cb-A538-10282ABF65E7}: Button: HP Klippbok -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)

{700259D7-1666-479a-93B1-3250410481E8}: Button: HP Smart markering -- %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [2007-03-02 16:53:20 | 00,153,192 | R--- | M] (Hewlett-Packard Co.)

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)

{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.6.26.dll [2008-06-26 06:21:58 | 00,656,696 | ---- | M] (BitComet)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-329068152-861567501-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> [2008-07-29 19:22:28 | 00,222,472 | ---- | M] (Kaspersky Lab)

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | -HS- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220554660828 -- MUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10

{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}: https://plugins.valueactive.eu/flashax/iefax.cab -- Flash Casino Helper Control

 

========== (O17) DNS Name Servers ==========

 

{73EA66EE-1124-4CF3-97D7-529C5DF939BD} (Servers: | Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC)

 

========== (O20) AppInit_DLLs ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_Dlls"=C:\Program\KASPER~1\KASPER~1\mzvkbd.dll,C:\Program\KASPER~1\KASPER~1\mzvkbd3.dll,C:\Program\KASPER~1\KASPER~1\adialhk.dll,C:\Program\KASPER~1\KASPER~1\kloehk.dll

>[2008-07-29 19:22:08 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll

>[2008-07-29 19:22:12 | 00,079,112 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll

>[2008-07-29 19:20:58 | 00,083,208 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll

>[2008-07-29 19:21:40 | 00,011,016 | ---- | M] (Kaspersky Lab) -- C:\Program\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

 

========== (O20) Winlogon Notify Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

klogon: "DllName" = C:\WINDOWS\system32\klogon.dll -- C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2008-09-04 18:43:36 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[4 C:\WINDOWS\*.tmp files]

[2008-12-22 12:00:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Application Data\Malwarebytes

[2008-12-22 12:00:23 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-12-22 12:00:23 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-12-22 12:00:20 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-22 12:00:19 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2008-12-22 12:00:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008-12-22 11:59:32 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MacAudio\Skrivbord\mbam-setup.exe

[2008-12-22 01:33:59 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MacAudio\Skrivbord\OTViewIt.exe

[2008-12-22 00:29:48 | 00,251,392 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\hijackthis_sfx.exe

[2008-12-22 00:22:35 | 00,000,236 | ---- | C] () -- C:\sqmdata02.sqm

[2008-12-22 00:22:35 | 00,000,200 | ---- | C] () -- C:\sqmnoopt02.sqm

[2008-12-15 10:48:18 | 00,000,000 | ---D | C] -- C:\Program\Microsoft ActiveSync

[2008-12-15 10:47:05 | 00,009,289 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\eula.rtf

[2008-12-15 10:47:01 | 00,016,174 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\readme.doc

[2008-12-15 10:46:55 | 07,109,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\setup.exe

[2008-12-13 17:32:18 | 00,000,236 | ---- | C] () -- C:\sqmdata01.sqm

[2008-12-13 17:32:18 | 00,000,200 | ---- | C] () -- C:\sqmnoopt01.sqm

[2008-12-13 15:59:51 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wceusbsh.sys

[2008-12-13 15:59:51 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys

[2008-12-13 15:55:50 | 00,000,236 | ---- | C] () -- C:\sqmdata00.sqm

[2008-12-13 15:55:50 | 00,000,200 | ---- | C] () -- C:\sqmnoopt00.sqm

[2008-12-08 16:28:22 | 00,146,525 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\hosts.zip

[2008-12-07 18:22:09 | 00,000,000 | ---D | C] -- C:\Program\Microsoft

[2008-12-07 18:21:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokument\microsoft

[2008-12-07 18:17:55 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Windows Live

[2008-12-07 17:54:48 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2008-12-07 17:53:56 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll

[2008-12-07 17:53:44 | 00,000,000 | ---D | C] -- C:\Program\Windows Media Connect 2

[2008-12-07 17:50:45 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008-12-07 17:50:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2008-12-07 17:47:25 | 16,738,848 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\IE8-WindowsXP-x86-SVE.exe

[2008-12-07 17:40:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Skrivbord\data

[2008-12-07 17:40:43 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008-12-06 17:39:37 | 00,000,000 | ---D | C] -- C:\Program\TPTEST5

[2008-12-05 09:02:26 | 00,000,099 | ---- | C] () -- C:\Documents and Settings\MacAudio\Application Data\default.pls

[2008-12-03 09:41:49 | 00,001,241 | ---- | C] () -- C:\WINDOWS\System32\%LocalXml%

[2008-11-29 18:08:17 | 00,622,318 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\Sequinity Flash Theme 2.1_C702-C902-C905-G502-G705-T700-W595-W760-W902-W980-Z780.rar

[2008-11-29 10:19:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Lokala inställningar\Application Data\Boss Media

[2008-11-29 10:19:05 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\Svenska Spels Poker.lnk

[2008-11-29 10:18:55 | 00,000,000 | ---D | C] -- C:\Casino

[2008-11-29 10:18:36 | 05,239,752 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\svenskaspelpoker.exe

[2008-11-29 08:54:04 | 01,065,268 | ---- | C] () -- C:\Documents and Settings\MacAudio\Skrivbord\Namnlöst-1.jpg

[2008-11-29 00:30:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2008-11-26 20:55:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\MacAudio\Mina dokument\Mina skanningar

[2008-11-25 20:41:01 | 00,000,000 | -H-D | C] -- C:\Config.Msi

[2008-11-25 20:40:28 | 00,000,000 | ---D | C] -- C:\Program Files

[2008-11-25 20:33:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys

[2008-11-25 20:33:40 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2008-11-25 20:31:10 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll

 

========== Files - Modified Within 30 Days ==========

 

[3 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2008-12-22 12:00:23 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2008-12-22 11:59:43 | 02,539,400 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\MacAudio\Skrivbord\mbam-setup.exe

[2008-12-22 11:52:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-22 11:52:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-22 01:49:25 | 06,128,672 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2008-12-22 01:49:25 | 00,671,776 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat

[2008-12-22 01:49:25 | 00,050,008 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2008-12-22 01:49:25 | 00,004,424 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx

[2008-12-22 01:34:00 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MacAudio\Skrivbord\OTViewIt.exe

[2008-12-22 00:29:54 | 00,251,392 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\hijackthis_sfx.exe

[2008-12-22 00:22:35 | 00,000,236 | ---- | M] () -- C:\sqmdata02.sqm

[2008-12-22 00:22:35 | 00,000,200 | ---- | M] () -- C:\sqmnoopt02.sqm

[2008-12-22 00:20:51 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-20 17:51:57 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-12-19 12:50:25 | 00,001,241 | ---- | M] () -- C:\WINDOWS\System32\%LocalXml%

[2008-12-18 12:36:28 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\MacAudio\Lokala inställningar\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-15 10:47:05 | 00,009,289 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\eula.rtf

[2008-12-15 10:47:02 | 00,016,174 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\readme.doc

[2008-12-15 10:46:58 | 07,109,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\setup.exe

[2008-12-13 17:32:18 | 00,000,236 | ---- | M] () -- C:\sqmdata01.sqm

[2008-12-13 17:32:18 | 00,000,200 | ---- | M] () -- C:\sqmnoopt01.sqm

[2008-12-13 15:55:50 | 00,000,236 | ---- | M] () -- C:\sqmdata00.sqm

[2008-12-13 15:55:50 | 00,000,200 | ---- | M] () -- C:\sqmnoopt00.sqm

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 07:39:18 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2008-12-08 16:28:23 | 00,146,525 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\hosts.zip

[2008-12-08 14:43:21 | 04,230,446 | -H-- | M] () -- C:\Documents and Settings\MacAudio\Lokala inställningar\Application Data\IconCache.db

[2008-12-07 18:23:44 | 00,000,942 | ---- | M] () -- C:\Documents and Settings\MacAudio\Mina dokument\Mina delade mappar.lnk

[2008-12-07 17:54:07 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2008-12-07 17:54:07 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2008-12-07 17:53:57 | 00,000,617 | ---- | M] () -- C:\WINDOWS\win.ini

[2008-12-07 17:52:43 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2008-12-07 17:50:45 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008-12-07 17:47:58 | 16,738,848 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\MacAudio\Skrivbord\IE8-WindowsXP-x86-SVE.exe

[2008-12-07 17:40:43 | 00,033,824 | ---- | M] () -- C:\WINDOWS\System32\drivers\oreans32.sys

[2008-12-05 09:02:26 | 00,000,099 | ---- | M] () -- C:\Documents and Settings\MacAudio\Application Data\default.pls

[2008-12-03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008-12-03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008-11-29 18:08:18 | 00,622,318 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Sequinity Flash Theme 2.1_C702-C902-C905-G502-G705-T700-W595-W760-W902-W980-Z780.rar

[2008-11-29 10:19:05 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Svenska Spels Poker.lnk

[2008-11-29 10:18:36 | 05,239,752 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\svenskaspelpoker.exe

[2008-11-29 08:54:06 | 01,065,268 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Namnlöst-1.jpg

[2008-11-26 21:11:06 | 00,728,362 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008-11-26 21:11:06 | 00,318,158 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat

[2008-11-26 21:11:06 | 00,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008-11-26 21:11:06 | 00,049,112 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat

[2008-11-26 21:11:06 | 00,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008-11-26 02:51:10 | 00,618,303 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS

[2008-11-25 21:06:51 | 03,489,792 | ---- | M] () -- C:\Documents and Settings\MacAudio\Skrivbord\Klar.pub

< End of report >

[/log]

 

Link to comment
Share on other sites

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här.

C:\WINDOWS\system32\drivers\oreans32.sys

 

När började datorn uppföra sig segt?

 

Link to comment
Share on other sites

satte igång en skanning med kaspersky så det kommer nog ta hela dagen men jag kollar den filen ikväll. datorn står utan internet just nu så den får skanna igenom ordentligt i lugn och ro.

 

Den började bete sig segt för drygt 2 månader sen ungefär.

Men det är mycke program och filer på datorn som kan göra att den går segt men blev orolig när kaspersky reagerade på backdoor och sånt.

 

 

 

Link to comment
Share on other sites

Hej,

 

Skannat filen och sparat en log.

 

[log]Antivirus Version Senaste Uppdatering Resultat

AhnLab-V3 2008.12.22.0 2008.12.23 -

AntiVir 7.9.0.45 2008.12.23 -

Authentium 5.1.0.4 2008.12.23 -

Avast 4.8.1281.0 2008.12.23 -

AVG 8.0.0.199 2008.12.22 -

BitDefender 7.2 2008.12.23 -

CAT-QuickHeal 10.00 2008.12.23 -

ClamAV 0.94.1 2008.12.23 -

Comodo 800 2008.12.22 -

DrWeb 4.44.0.09170 2008.12.23 -

eSafe 7.0.17.0 2008.12.21 -

eTrust-Vet 31.6.6274 2008.12.22 -

Ewido 4.0 2008.12.22 -

F-Prot 4.4.4.56 2008.12.22 -

F-Secure 8.0.14332.0 2008.12.23 -

Fortinet 3.117.0.0 2008.12.23 suspicious

GData 19 2008.12.23 -

Ikarus T3.1.1.45.0 2008.12.23 -

K7AntiVirus 7.10.562 2008.12.22 -

Kaspersky 7.0.0.125 2008.12.23 -

McAfee 5472 2008.12.22 -

McAfee+Artemis 5472 2008.12.22 -

Microsoft 1.4205 2008.12.23 -

NOD32 3713 2008.12.23 -

Norman 5.80.02 2008.12.23 -

Panda 9.0.0.4 2008.12.23 -

PCTools 4.4.2.0 2008.12.23 -

Prevx1 V2 2008.12.23 -

Rising 21.09.13.00 2008.12.23 -

SecureWeb-Gateway 6.7.6 2008.12.23 -

Sophos 4.37.0 2008.12.23 -

Sunbelt 3.2.1809.2 2008.12.22 -

Symantec 10 2008.12.23 -

TheHacker 6.3.1.4.195 2008.12.20 -

TrendMicro 8.700.0.1004 2008.12.23 -

VBA32 3.12.8.10 2008.12.22 -

ViRobot 2008.12.23.1532 2008.12.23 -

VirusBuster 4.5.11.0 2008.12.22 -

[/log]

 

Hoppas man får ordning på burken.

Gjorde en skanning från igår till idag.

vet inte om den han klart riktigt då datan hade hängt sig med svart skärm när jag vaknade i morse men den hade hittat lite gran iallfall.

 

Hittade lite andra grejer den hade sparat i minnet.

 

2008-11-01 01:14:33 Detected network attack Intrusion.Generic.TCP.Flags.Bad.Combine.attack 59.92.119.91

 

2008-12-07 09:52:01 Detected network attack Intrusion.Win.MSSQL.worm.Helkern 119.96.184.55

 

2008-12-23 12:26:15 Deleted Trojan program Trojan-Downloader.WMA.GetCodec.j C:\Downloads\mp3\T.I. - Paper Trail (Explicit) (2008)\11-t.i.-what_up_whats_haapnin.mp3.bc!

 

 

Link to comment
Share on other sites

Detected network attack
Det är ju att en dator ute på internet försöker komma in i din dator, inget problem med din dator.

 

C:\Downloads\mp3\T.I. - Paper Trail (Explicit) (2008)\11t.i.-what_up_whats_haapnin.mp3.bc!

Var mer försiktig med vad du laddar ner.

 

Tydligen inget problem med oreans-filen heller. Då kan jag inte se något skadligt i OTViewIt-loggen heller.

 

Det är väl en del onödigt som startar jämnt med datorn. Du kan slå upp filnamnen på O4-raderna i HijackThis-loggen på http://www.bleepingcomputer.com/startups/ och om det står U eller N i Status-kolumnen så läs beskrivningen och avgör själv om det är något du vill ska starta automatiskt eller inte. Om inte så hitta helst en inställning i programmet för att stänga av den automatiska uppstarten, i andra hand så kan man avbocka motsvarande rad i Start - Kör - msconfig - Autostart.

 

Här finns lite tips till en seg dator:

http://www.castlecops.com/t175258-Slow_Computer_Check_here_first_it_may_not_be_malware.html

 

 

Link to comment
Share on other sites

Ja jag ska försöka vara lite mer försiktig.

Fick bort alla virus som kaspersky hittade iallfall.

Har säkert nått kvar men datorn fungerar mycket bättre nu iallfall.

Tog bort massa onödiga autostarter och tömde lite på skrivbordet och det hjälpte ohygligt mycke :)

Tack för all hjälp iallfall.

 

God Jul och Gott nytt år! :) :)

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...