Just nu i M3-nätverket
Jump to content

Dator låtar mycket


JoeRoberts

Recommended Posts

Hi

 

Ibland så låtar min dator jätte mycket, for att den jobbar med något.

 

Någon som kan se något konstigt i denne Hijack fil?

 

Tackar for hjälpen

 

P+K

 

H

 

Logfile of Trend Micro HijackThis v2.0.2

[log]Scan saved at 12:06, on 2008-12-31

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Programmer\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Apps\Powercinema\PCMService.exe

C:\WINDOWS\System32\svchost.exe

C:\apps\ABoard\ABoard.exe

C:\apps\ABoard\AOSD.exe

C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe

C:\Programmer\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmer\Fælles filer\Logitech\LCD Manager\Applets\LCDClock.exe

C:\Programmer\Fælles filer\Logitech\LCD Manager\Applets\LCDCountdown.exe

C:\Programmer\Fælles filer\Logitech\LCD Manager\Applets\LCDMedia.exe

C:\Programmer\Fælles filer\Logitech\LCD Manager\Applets\LCDPOP3.exe

C:\PROGRA~1\FÆLLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe

C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe

C:\Programmer\Internet Explorer\IEXPLORE.EXE

C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spl-messages.net/forums/ubbthreads.php?ubb=cfrm'>http://www.spl-messages.net/forums/ubbthreads.php?ubb=cfrm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FÆLLES~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {CB10294E-B8E5-42B4-980C-310FE5226572} - C:\WINDOWS\system32\avifil3.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programmer\Fælles filer\Logitech\LCD Manager\lcdmon.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm

O15 - Trusted Zone: http://www.qruiser.com

O15 - Trusted Zone: http://www.spl-messages.net

O15 - Trusted Zone: http://*.www.qx.se

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229641562415&h=a1d8b45bf8b6c99ebbd82ca8f13a6c3f/&filename=jinstall-6u11-windows-i586-jc.cab

O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FÆLLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 9357 bytes[/log]

 

Link to comment
Share on other sites

Det finns rester av något som Symantec verkar kalla Infostealer, men jag ser inget aktivt.

 

Skanna med HijackThis och bocka för:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {CB10294E-B8E5-42B4-980C-310FE5226572} - C:\WINDOWS\system32\avifil3.dll (file missing)

O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

 

Avsluta alla andra program.

Tryck Fix checked.

 

Starta om datorn och kontrollera själv att ovanstående rader är borta ur en ny HijackThis-logg.

 

Link to comment
Share on other sites

Hi

 

tack

 

denne rad forsvandt inte

 

O2 - BHO: (no name) - {CB10294E-B8E5-42B4-980C-310FE5226572} - C:\WINDOWS\system32\avifil3.dll (file missing)

 

Link to comment
Share on other sites

Det verkar ju lite misstänkt. Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

 

OTViewIt logfile created on: 2008-12-31 16:12:32 - Run 2

[log]OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Hemdrup\Skrivebord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511.48 Mb Total Physical Memory | 341.76 Mb Available Physical Memory | 66.82% Memory free

1.22 Gb Paging File | 0.91 Gb Available in Paging File | 75.14% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer

Drive C: | 226.87 Gb Total Space | 19.17 Gb Free Space | 8.45% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN048077820266

Current User Name: Hemdrup

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE

[2008-06-15 06:04:46 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe

[2008-02-21 15:02:54 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2005-01-28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

[2005-01-28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe

[2005-01-28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

[2005-01-07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe

[2005-01-28 10:11:42 | 00,737,379 | ---- | M] (Cyberlink) -- C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

[2008-11-10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Java\jre6\bin\jqs.exe

[2005-05-17 17:48:32 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

[2004-08-12 20:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

[2005-01-28 10:10:32 | 00,110,740 | ---- | M] (CyberLink Corp.) -- C:\APPS\Powercinema\PCMService.exe

[2003-05-02 10:31:50 | 00,024,576 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\ABOARD.EXE

[2005-08-18 10:55:02 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe

[2008-02-19 13:10:32 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Programmer\iTunes\iTunesHelper.exe

[2003-05-02 10:31:38 | 00,069,632 | ---- | M] (NEC Computers International) -- C:\APPS\ABOARD\AOSD.EXE

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE

[2008-11-10 05:43:42 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Java\jre6\bin\jusched.exe

[2007-04-27 00:53:24 | 00,203,288 | ---- | M] (Logitech Inc.) -- C:\Programmer\Fælles filer\Logitech\LCD Manager\Applets\LCDClock.exe

[2007-04-27 00:54:18 | 00,374,296 | ---- | M] (Logitech Inc.) -- C:\Programmer\Fælles filer\Logitech\LCD Manager\Applets\LCDMedia.exe

[2008-02-19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Programmer\iPod\bin\iPodService.exe

[2008-12-31 16:11:23 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hemdrup\Skrivebord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-06-15 06:04:46 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])

[2004-07-15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2004-08-12 20:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])

[2008-02-21 15:02:54 | 00,238,968 | ---- | M] (Symantec Corporation) -- C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE -- (ccEvtMgr [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE -- (ccSetMgr [Auto | Running])

[2005-01-28 10:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])

[2005-01-28 10:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE -- (CLTNetCnService [Auto | Running])

[2007-08-22 01:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])

[2005-01-28 10:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])

[2005-01-07 11:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HidService.exe -- (GenericHidService [Auto | Running])

[2004-10-22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])

[2008-02-19 13:10:24 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Programmer\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])

[2008-11-10 05:43:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmer\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])

[2008-09-05 11:52:32 | 03,220,856 | ---- | M] (Symantec Corporation) -- C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate [On_Demand | Stopped])

[2008-10-17 15:52:10 | 00,149,352 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\CCSVCHST.EXE -- (LiveUpdate Notice [Auto | Running])

[2008-11-04 23:46:32 | 01,245,064 | ---- | M] () -- C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])

[2007-10-18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])

[2007-10-25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

[2006-11-15 10:30:12 | 00,914,432 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

 

========== Driver Services ==========

 

[2005-05-27 11:51:26 | 00,799,744 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid [On_Demand | Running])

[2005-05-18 16:50:30 | 02,319,680 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])

[2001-08-17 20:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [boot | Running])

[2008-04-13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [boot | Running])

[2004-08-11 15:30:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [system | Running])

[2001-08-17 20:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [boot | Running])

[2001-08-17 20:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [boot | Running])

[1999-09-10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])

[2004-08-12 21:14:46 | 00,786,944 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])

[2001-10-04 15:34:58 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [boot | Running])

[2008-07-30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])

[2007-08-08 17:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon [Auto | Running])

[2001-08-17 20:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [boot | Running])

[2008-10-15 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running])

[2008-10-15 09:00:00 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])

[2004-08-27 13:00:00 | 00,023,424 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\flyawlbj.sys -- (flyawlbj [boot | Running])

[2008-04-13 19:36:40 | 00,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys -- (gagp30kx [boot | Running])

[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2005-08-15 11:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv [boot | Running])

[2005-08-15 11:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv [boot | Running])

[2008-04-14 16:42:29 | 00,014,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2001-08-17 21:05:06 | 00,025,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio [system | Stopped])

[2008-04-13 19:46:22 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE [On_Demand | Stopped])

[2001-08-17 20:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [boot | Running])

[2008-11-11 10:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\VirusDefs\20081230.040\NAVENG.SYS -- (NAVENG [On_Demand | Running])

[2008-11-11 10:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\VirusDefs\20081230.040\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])

[2004-08-27 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2006-06-01 23:11:06 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2001-08-17 21:05:20 | 00,031,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald [On_Demand | Stopped])

[2001-08-17 20:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [boot | Running])

[2001-08-17 20:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [boot | Running])

[2001-08-17 20:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [boot | Running])

[2004-12-02 15:36:08 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])

[2007-11-13 11:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])

[2001-08-17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])

[2001-08-17 21:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [boot | Running])

[2008-09-05 14:31:42 | 00,447,024 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [system | Running])

[2008-02-01 02:51:16 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP [On_Demand | Running])

[2008-02-01 02:51:16 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])

[2008-02-01 02:51:16 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX [system | Running])

[2001-08-17 21:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [boot | Running])

[2001-08-17 21:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [boot | Running])

[2008-06-13 14:13:38 | 00,013,616 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symdns.sys -- (SYMDNS [On_Demand | Running])

[2008-11-08 01:49:10 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])

[2008-06-13 14:13:38 | 00,096,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symfw.sys -- (SYMFW [On_Demand | Running])

[2008-06-13 14:13:38 | 00,038,576 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symids.sys -- (SYMIDS [On_Demand | Running])

[2008-10-03 16:21:54 | 00,250,224 | ---- | M] (Symantec Corporation) -- C:\Programmer\Fælles filer\Symantec Shared\SymcData\ipsdefs\20081220.001\SymIDSco.sys -- (SYMIDSCO [On_Demand | Running])

[2008-06-13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped])

[2008-06-13 14:14:02 | 00,031,280 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running])

[2008-06-13 14:13:38 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symndis.sys -- (SYMNDIS [On_Demand | Running])

[2008-06-13 14:13:38 | 00,022,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])

[2008-06-13 14:13:40 | 00,184,240 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI [system | Running])

[2001-08-17 21:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [boot | Running])

[2001-08-17 21:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [boot | Running])

[2008-12-18 22:43:49 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])

[2001-08-17 20:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [boot | Running])

[2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Running])

[2003-07-02 04:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [boot | Running])

[2004-07-06 22:45:42 | 00,060,672 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [boot | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=C:\windows\system32\blank.htm

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Local Page"=C:\windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.spl-messages.net/forums/ubbthreads.php?ubb=cfrm

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Local Page"=C:\windows\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"Start Page"=http://www.spl-messages.net/forums/ubbthreads.php?ubb=cfrm

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\Software\Microsoft\Internet Explorer\SearchURL]

""=http://home.microsoft.com/access/autosearch.asp?p=%s

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (HKLM) -- C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) -- C:\Programmer\Fælles filer\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Programmer\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

{CB10294E-B8E5-42B4-980C-310FE5226572} (HKLM) -- C:\WINDOWS\system32\avifil3.dll File not found

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programmer\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" (HKLM) -- C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe (NEC Computers International)

"ATIPTA"=C:\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)

"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" (Apple Inc.)

"Launch LCDMon"="C:\Programmer\Fælles filer\Logitech\LCD Manager\lcdmon.exe" (Logitech Inc.)

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

"NWEReboot"= File not found

"osCheck"="C:\Programmer\Norton 360\osCheck.exe" (Symantec Corporation)

"PCMService"="c:\Apps\Powercinema\PCMService.exe" (CyberLink Corp.)

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)

"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" -atboottime (Apple Inc.)

"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)

"SunJavaUpdateSched"="C:\Programmer\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (Adobe Systems Incorporated)

 

========== (O4) Startup Folders ==========

 

[2005-09-23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[1999-02-17 19:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=255

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=149

"CDRAutoRun"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

"CDRAutoRun"=0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=91 00 00 00 [binary data]

"CDRAutoRun"=0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=149

"CDRAutoRun"=0

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:55 | 01,695,232 | ---- | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:55 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:55 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:55 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:55 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:55 | 01,695,232 | ---- | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

1 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

qruiser.com\www: http in My Computer

spl-messages.net\www: http in My Computer

www.qx.se: http in Trusted sites

2 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-3187533291-4076391457-2762751640-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

qruiser.com\www: http in My Computer

spl-messages.net\www: http in My Computer

www.qx.se: http in Trusted sites

2 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{215B8138-A3CF-44C5-803F-8226143CFC0A}: http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab -- Trend Micro ActiveX Scan Agent 6.6

{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control

{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab -- Symantec Download Manager

{6E5E167B-1566-4316-B27F-0DDAB3484CF7}: http://express.foto.com/NewUploader/ImageUploader4.cab -- Image Uploader Control

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1229641562415&h=a1d8b45bf8b6c99ebbd82ca8f13a6c3f/&filename=jinstall-6u11-windows-i586-jc.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Reg Error: Key does not exist or could not be opened.

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

{D8575CE3-3432-4540-88A9-85A1325D3375}: https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab -- e-Safekey

 

========== (O17) DNS Name Servers ==========

 

{073B9EF5-CFD1-4518-A61A-84A2DA2E5B4B} (Servers: | Description: Realtek RTL8139/810x Family Fast Ethernet NIC)

{DCC4347D-362C-445F-B0EE-4EF761E010BB} (Servers: | Description: )

 

========== Shell Execute Hooks ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{88485281-8b4b-4f8d-9ede-82e29a064277}" (HKLM) -- C:\Programmer\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== MountPoints2 ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c5b05bf-2aaa-11db-ba11-001485021769}\Shell]

""=AutoRun

 

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c5b05bf-2aaa-11db-ba11-001485021769}\Shell\AutoRun\command]

""=J:\LaunchU3.exe -- File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2008-12-31 16:11:16 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hemdrup\Skrivebord\OTViewIt.exe

[2008-12-31 12:04:55 | 00,001,710 | ---- | C] () -- C:\Documents and Settings\Hemdrup\Skrivebord\HijackThis.lnk

[2008-12-28 18:10:15 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys

[2008-12-28 18:10:15 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

[2008-12-28 18:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hemdrup\Lokale indstillinger\Application Data\Logitech

[2008-12-28 17:59:59 | 00,000,000 | ---D | C] -- C:\Programmer\Fælles filer\Logitech

[2008-12-28 17:59:48 | 00,000,000 | ---D | C] -- C:\Programmer\Logitech

[2008-12-26 23:48:14 | 03,145,782 | ---- | C] () -- C:\WINDOWS\CPICWPPR.DAT

[2008-12-19 09:43:25 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2008-12-02 00:11:41 | 00,274,432 | ---- | C] (Koyote Soft) -- C:\WINDOWS\System32\TubeFinder.exe

[2008-12-02 00:11:35 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx

[2008-12-02 00:11:35 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb

[2008-12-02 00:11:35 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL

[2008-12-02 00:11:35 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL

[2008-12-02 00:11:35 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL

[2008-12-02 00:11:35 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX

[2008-12-02 00:11:35 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL

[2008-12-02 00:11:34 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL

[2008-12-02 00:11:34 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx

[2008-12-02 00:11:34 | 00,000,000 | ---D | C] -- C:\Programmer\Free FLV Converter

[2008-12-01 23:56:20 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll

[2008-12-01 23:56:20 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx

[2008-12-01 23:56:19 | 00,662,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx

[2008-12-01 23:56:19 | 00,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx

[2008-12-01 23:39:48 | 00,000,404 | ---- | C] () -- C:\WINDOWS\tasks\PCConfidential.job

[2008-12-01 23:23:49 | 00,000,000 | ---D | C] -- C:\Programmer\MediaCoder

[2008-12-01 23:02:09 | 00,000,000 | ---D | C] -- C:\Programmer\Common Files

[2008-12-01 23:02:08 | 00,495,616 | ---- | C] (Capital Intellect Inc) -- C:\WINDOWS\System32\WINUTIL5.DLL

[2008-12-01 23:02:07 | 00,393,216 | ---- | C] (Capital Intellect Inc) -- C:\WINDOWS\System32\WINLCTL5.DLL

[2008-12-01 23:02:06 | 00,835,584 | ---- | C] (Capital Intellect Inc) -- C:\WINDOWS\System32\WINCTL4.OCX

[2008-12-01 23:01:41 | 00,000,000 | ---D | C] -- C:\Programmer\Winferno

[2008-12-01 22:29:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hemdrup\Application Data\Personal

 

========== Files - Modified Within 30 Days ==========

 

[4 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[2008-12-31 16:11:23 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hemdrup\Skrivebord\OTViewIt.exe

[2008-12-31 13:38:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2008-12-31 13:37:49 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008-12-31 13:36:13 | 00,000,404 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job

[2008-12-31 13:36:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008-12-31 13:35:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008-12-31 12:12:16 | 00,000,597 | ---- | M] () -- C:\Documents and Settings\Hemdrup\Dokumenter\Mina delade mappar.lnk

[2008-12-31 12:04:56 | 00,001,710 | ---- | M] () -- C:\Documents and Settings\Hemdrup\Skrivebord\HijackThis.lnk

[2008-12-31 12:04:22 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2008-12-31 12:04:22 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm

[2008-12-29 23:45:43 | 00,215,040 | ---- | M] () -- C:\Documents and Settings\Hemdrup\Lokale indstillinger\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008-12-26 23:52:33 | 03,145,782 | ---- | M] () -- C:\WINDOWS\CPICWPPR.DAT

[2008-12-24 08:02:42 | 00,274,432 | ---- | M] (Koyote Soft) -- C:\WINDOWS\System32\TubeFinder.exe

[2008-12-18 22:43:49 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2008-12-15 07:00:05 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008-12-13 07:38:24 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

[2008-12-13 07:38:24 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

[2008-12-11 04:57:33 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008-12-10 00:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

< End of report >[/log]

 

OTViewIt Extras logfile created on: 2008-12-31 16:12:33 - Run 2

[log]OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\Hemdrup\Skrivebord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

511.48 Mb Total Physical Memory | 341.76 Mb Available Physical Memory | 66.82% Memory free

1.22 Gb Paging File | 0.91 Gb Available in Paging File | 75.14% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmer

Drive C: | 226.87 Gb Total Space | 19.17 Gb Free Space | 8.45% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SN048077820266

Current User Name: Hemdrup

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=1

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=0

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-04-14 17:06:01 | 00,141,824 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-02-19 13:10:26 | 19,897,640 | ---- | M] (Apple Inc.) -- C:\Programmer\iTunes\iTunes.exe:*:Enabled:iTunes

[2008-05-26 19:13:58 | 00,167,936 | ---- | M] (Musiccity Co.Ltd.) -- C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player

[2008-04-13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2008-04-14 17:06:01 | 00,141,824 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2007-10-18 10:35:08 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

[2007-10-02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Programmer\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 17:05:25 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Programmer\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 17:05:25 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2008-04-14 17:05:25 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Programmer\Fælles filer\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2001-06-20 09:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Programmer\Fælles filer\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-10-18 10:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Programmer\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0000041D-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium

"{0004041D-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 CD-ROM 2

"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}"=Norton 360 HTMLHelp

"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate

"{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}"=Windows Live Messenger

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}"=GearDrvs

"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD

"{21829177-4DED-4209-AD08-490B3AC9C01A}"=Norton 360

"{24DF7221-644B-4C3A-A478-459502D40522}"=Backup

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java 6 Update 11

"{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C9406-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{45690715-80A6-4445-B61D-ADEC5888E8CD}"=Symantec Technical Support Controls

"{4781569D-5404-1F26-4B2B-6DF444441031}"=Nero 7 Premium

"{55A6283C-638A-4EE0-B491-51118554BDA2}"=Norton Confidential Core

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}"=SPBBC 32bit

"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec

"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}"=Macromedia Shockwave Player

"{80FD852F-5AAC-4129-B931-06AAFFA43138}"=iTunes

"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player

"{8EA70568-CEA1-4262-A8D2-8AF295EF6CEC}"=Microsoft Works

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!

"{973F8409-F8DA-4A40-ACB4-12B02F3399D7}"=Microsoft .NET Framework 1.1 Danish Language Pack

"{A157AC1C-DF44-481A-81E7-17AE00239818}"=Logitech Z-series Software 1.04

"{AC76BA86-7AD7-1030-7B44-A70900000002}"=Adobe Reader 7.0.9 - Dansk

"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live inloggningsassistenten

"{B04AC0A3-7A0F-4E38-9DE7-FD1E4CE47D8C}"=Packard Bell InfoCentre

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}"=ccCommon

"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}"=QuickTime

"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}"=ContentSAFER for Wizmax

"{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=EmoDio

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}"=GearDrvs

"{D295683B-74D3-4D27-B25A-E5C9100A6DC4}"=SymNet

"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}"=Symantec Real Time Storage Protection Component

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}"=LiveUpdate Notice (Symantec Corporation)

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007

"{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}"=Windows Live installer

"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}"=AppCore

"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio

"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX

"Azureus"=Azureus

"CompuPic Pro"=CompuPic Pro

"CutePDF Writer Installation"=CutePDF Writer 2.7

"dBpoweramp Music Converter"=dBpoweramp Music Converter

"dBpoweramp Windows Media Audio 10 Codec"=dBpoweramp Windows Media Audio 10 Codec

"Direct WAV MP3 Splitter_is1"=Direct WAV MP3 Splitter 2.4

"DivX Content Uploader"=DivX Content Uploader

"DVD Decrypter"=DVD Decrypter (Remove Only)

"Exact Audio Copy"=Exact Audio Copy 0.95b4

"FLAC"=FLAC Installer 1.1.0m (remove only)

"FlashPeak BlazeFtp_is1"=FlashPeak BlazeFtp 2.0

"FLV Player1.33 FC"=FLV Player

"Free FLV Converter_is1"=Free FLV Converter V 5.9.2

"GrabIt_is1"=GrabIt 1.7.1 Beta (build 960)

"HijackThis"=HijackThis 2.0.2

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"ImgBurn"=ImgBurn (Remove Only)

"InstallShield_{C20CE592-B0F8-4D20-BF31-0151CA6331A6}"=EmoDio

"Lame MP3 Codec (for the ACM)"=Lame ACM MP3 Codec

"LiveUpdate"=LiveUpdate 3.2 (Symantec Corporation)

"Micrografx PhotoMagic 6"=Micrografx PhotoMagic 6

"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1

"mkwACT"=mkw Audio Compression Toolkit

"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)

"QuickPar"=QuickPar 0.9

"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}"=Norton 360 (Symantec Corporation)

"TradersLittleHelper_is1"=Trader's Little Helper 2.2.1

"WinAce Archiver"=WinAce Archiver

"Windows Media Format Runtime"=Windows Media Format 11 runtime

"Windows Media Player"=Windows Media Player 11

"Windows XP Service Pack"=Windows XP Service Pack 3

"WindowsDraw6"=Micrografx Windows Draw 6

"WinRAR archiver"=WinRAR

"WMFDist11"=Windows Media Format 11 runtime

"wmp11"=Windows Media Player 11

"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2008-12-28 12:58:34 | Computer Name = SN048077820266 | Source = Application Hang | ID = 1002

Description = Stoppet program iexplore.exe, version 7.0.6000.16762, stoppet modul

hungapp, version 0.0.0.0, stoppet adresse 0x00000000.

 

Error - 2008-12-31 11:12:23 | Computer Name = SN048077820266 | Source = Application Hang | ID = 1002

Description = Stoppet program OTViewIt.exe, version 1.0.20.1, stoppet modul hungapp,

version 0.0.0.0, stoppet adresse 0x00000000.

 

[ System Events ]

Error - 2008-12-17 00:09:47 | Computer Name = SN048077820266 | Source = Dhcp | ID = 1002

Description = Rettigheden til IP-adressen 192.168.1.2 for netværkskortet med netværksadressen

001485021769 blev nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

 

Error - 2008-12-18 17:44:56 | Computer Name = SN048077820266 | Source = Service Control Manager | ID = 7034

Description = Tjenesten iPod Service afsluttede uventet. Dette er sket 1 gang(e).

 

Error - 2008-12-18 19:01:17 | Computer Name = SN048077820266 | Source = Service Control Manager | ID = 7034

Description = Tjenesten iPod Service afsluttede uventet. Dette er sket 1 gang(e).

 

Error - 2008-12-24 02:06:20 | Computer Name = SN048077820266 | Source = Dhcp | ID = 1000

Description = Computeren har mistet rettigheden til IP-adressen 192.168.1.3 for

netværkskortet med netværksadressen 001485021769.

 

Error - 2008-12-26 12:20:39 | Computer Name = SN048077820266 | Source = Service Control Manager | ID = 7034

Description = Tjenesten iPod Service afsluttede uventet. Dette er sket 1 gang(e).

 

Error - 2008-12-27 05:25:39 | Computer Name = SN048077820266 | Source = Dhcp | ID = 1002

Description = Rettigheden til IP-adressen 192.168.1.2 for netværkskortet med netværksadressen

001485021769 blev nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

 

Error - 2008-12-28 13:27:32 | Computer Name = SN048077820266 | Source = Service Control Manager | ID = 7034

Description = Tjenesten iPod Service afsluttede uventet. Dette er sket 1 gang(e).

 

Error - 2008-12-30 14:14:30 | Computer Name = SN048077820266 | Source = Dhcp | ID = 1002

Description = Rettigheden til IP-adressen 192.168.1.2 for netværkskortet med netværksadressen

001485021769 blev nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

 

Error - 2008-12-31 08:24:15 | Computer Name = SN048077820266 | Source = DCOM | ID = 10010

Description = Serveren {0002DF01-0000-0000-C000-000000000046} blev ikke registreret

af DCOM inden for det specificerede tidsrum.

 

Error - 2008-12-31 08:35:49 | Computer Name = SN048077820266 | Source = Dhcp | ID = 1002

Description = Rettigheden til IP-adressen 192.168.1.2 for netværkskortet med netværksadressen

001485021769 blev nægtet af DHCP-serveren 0.0.0.0 (DHCP-serveren sendte en DHCPNACK-meddelelse).

 

 

< End of report >[/log]

 

 

Link to comment
Share on other sites

Vad är C:\Programmer\Winferno för program?

[2008-12-01 23:01:41 | 00,000,000 | ---D | C] -- C:\Programmer\Winferno

Har skapat lite andra filer och en schemalagd aktivitet också.

 

Hur länge har datorn låtit så här?

 

Avinstallera dessa två gamla versioner med säkerhetshål:

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7

 

 

Link to comment
Share on other sites

Vad är C:\Programmer\Winferno för program?

[2008-12-01 23:01:41 | 00,000,000 | ---D | C] -- C:\Programmer\Winferno

Har skapat lite andra filer och en schemalagd aktivitet också.

 

Vet inte helt har forsögt innan att få bort det

 

Hur länge har datorn låtit så här?

 

2 veckor kanske, men bara då o då

 

Avinstallera dessa två gamla versioner med säkerhetshål:

"{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

 

bort nu

 

Link to comment
Share on other sites

Winferno blev installerad för en månad sedan så det borde inte vara det som är orsaken. Verkar vara ett program som heter PC Confidential från företaget Winferno http://www.winferno.com/guides/software/PC-Confidential/1/home/

 

Hmm, mitten på december verkar det just inte förekomma något nytt i datorn, den 18e ser det ut som att du kört online-skanning med Trend Micros Housecall.

 

Du får kolla i Aktivitetshanteraren vilken process som gör mycket när datorn låter.

 

Link to comment
Share on other sites

Något med Norton som tar lite CPU, det är ju allt. För jag gissar att det som står längst ner med 95% CPU är det som på svenska heter Systemets vänteprocess. Ligger den där Norton-processen på ungefär 5% även när datorn inte låter?

 

Link to comment
Share on other sites

LuCallBackProxy är Symantecs uppdateringsfunktion enligt lite googlande. Jag kan inte svara på varför den skulle få din dator att bli varm och öka på fläktarna (jag antar att det är det som sker). Vilken årsmodell av Norton har du?

 

Link to comment
Share on other sites

Kan det här problemet ha börjat med en större uppdatering av Norton?

 

tro du det hjölpar att damsuga datoren?
Bara om det beror på överhettning av datorn. Dessutom ska man aldrig dammsuga inuti datorn för den snabba rörelsen av dammpartiklarna kan alstra statisk elektricitet som kan orsaka att något slutar fungera om några månader. Kolla temperaturen med två program:

http://www.almico.com/speedfan.php

http://www.cpuid.com/pcwizard.php

 

 

Link to comment
Share on other sites

  • 4 weeks later...

Hi

 

har fortfarende problem.

 

när jag start up dator och kollar i joblisten har jag:

 

2 stk CCSVCHST.EXE

6 stk SVCHOST.EXE

 

om när dator böjar låtar så blivar där flere av SVCHOST.EXE.

 

har gogglet SVCHOST.EXE o löst om problem med det, men när jag forsökar att laddar ner dom updatering dom skrivar om får jag ett meddelan om att jag redan har dom.

 

har testat med att köra en Windows live onecare safety scan (någon skrev det hjälpta honom) men samma sak.

 

Någon som har en iden till vad som är fel?

 

P+K

 

H

 

Link to comment
Share on other sites

Om de siffrorna är korrekta så är det ju alldeles för varmt i datorn för att den ska kunna fungera bra. Men man ska inte dammsuga i datorn utan man tar bort damm från ventilationshål och fläktar med ett finger eller en tops.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...