Just nu i M3-nätverket
Jump to content

Zone Alarm freeware avstannande nedladdning


lanrik

Recommended Posts

Hej

Jag har haft Zone Alarms gratis brandvägg förut men har den inte just nu o vill ladda ned den senste versionen från t ex Filehippo el här på IDG, men det går inte? Nedladdningen startar hela tiden o verkar fungera en stund (ett antal "% klart" syns) för att sen bara stanna av/dö ut o sen händer inget mer. Fattar inte varför? När jag gör om det så börjar det om från 0% ibland och ibland från där den lade av???

Jag har visserligen inget kraftfullt telia-bredband men de borde väl inte vara orsaken? Har Windows XP och senaste Norton antivirus. Försöker spara setupen på skrivbordet men det verkar inte heller spela nån roll, kan nån som råkat ut för detta hjälpa mig?

Häls Rikard

 

Link to comment
Share on other sites

Försök med de här länkarna:

http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp

Länken "Basic Firewall Only" eller på

http://www.majorgeeks.com/ZoneAlarm_Free_d388.html Se till att avbocka ZoneAlarm Spy Blocker under installationen.

 

Eller är datorn infekterad så att det inte blir mycket kvar av bredbandet till dig?

 

Link to comment
Share on other sites

Har prövat med att ladda ner från sajterna du skrev om men med samma resultat. Allt startar bra men efter nåra minuter stannar nedladdningen av bara, hur skumt som helst?

Tror o hoppas såklart inte att datorn är specellt infekterad men jag är inte säker. Vad är bästa programmet för att kolla det, så kan jag åtminstone eliminera en felkälla?

 

Link to comment
Share on other sites

Fungerar andra större nedladdningar (kolla t ex med antispionprogrammen nedan)?

 

Du kan kolla datorn med antispionprogrammen Malwarebytes' Anti-Malware och/eller SUPERAntiSpyware Free Edition

http://www.malwarebytes.org/mbam.php

http://www.superantispyware.com/

och någon online-skanning

http://usa.kaspersky.com/products_services/free-virus-scanner.php

 

Här är två andra bra gratis brandväggar:

http://www.pctools.com/firewall/

http://www.tallemu.com/free-firewall-protection-software.html

 

 

Link to comment
Share on other sites

Har kört Kasperskys Free scan och den hittade "Trojan-Downloader.VBS.Psyme.av" i C:\Windows\msn.hta.

Kan det ha nåt med att det jag försöker ladda ner stannar av efter ett par minuter?

OBS! laddar i normalfallet aldrig ner saker (musik, filmer el nåt) utan är väldigt noga med att undvika det, men har väl lyckats ändå nån gång vid nedladdning av nåt bra gratisprogram fr t ex Filehippo.

Är trojanen jag har "farlig" och kan jag låta den vara kvar, eller bör jag ta bort den och i så fall hur? Är det den som stör nedladdningarna?

PS. Prövade först att försöka ladda ner malwarelänken du skrev, men nedladdningen avbröts som vanligt (provade 10 ggr o som mest laddades det ner 51%). DS.

 

Link to comment
Share on other sites

"Downloader" betyder just att den kan ladda ner saker och därmed så använder den ju ditt bredband.

 

Vi kan se om HijackThis visar något till att börja med. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen

 

Link to comment
Share on other sites

Hej

Gjorde som du sade (tror jag?) o här kommer loggen från min dator, kan du se nåt?

Tycker oxå min dator är rätt slö m det är iofs en PC som har några år på nacken, men är det normalt med 39 processer listade som running enligt Aktivitetshanteraren, även om de flesta inte använder några % av resurserna, när man inte har några program startade utan PC:n bara är påslagen? /Rikard

 

[log]Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program\Java\jre6\bin\jusched.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\Winamp\winampa.exe

C:\Program\CyberLink\PCM4Everio\EverioService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program\U.S. Robotics\ControlCenter\Reminder.exe

C:\Program\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program\Java\jre6\bin\jqs.exe

C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.genealogi.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"

O4 - HKLM\..\Run: [EverioService] "C:\Program\CyberLink\PCM4Everio\EverioService.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Påminnelse om Instant Update.lnk = ?

O4 - Global Startup: Snabbstart för Microsoft Office OneNote 2003.lnk = C:\Program\Microsoft Office\OFFICE11\ONENOTEM.EXE

O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219582119526

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232364653110&h=8e105a5d6fad8dd26c9bb872a86f827d/&filename=jinstall-6u11-windows-i586-jc.cab

O16 - DPF: {A42889C5-62E1-419A-90C2-C9E958D69990} (Genline Family Finder Component) - http://www.genline.se/GFFControl.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Automatisk LiveUpdate-schemaläggare - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program\CyberLink\Shared Files\RichVideo.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOKALA~1/Temp/msohtml1/01/clip_image001.jpg

[/log]

 

Link to comment
Share on other sites

Inget alarmerande i och för sig med 39 processer, även om det kanske går att dra ner lite. Men det får ju bli när man vet att datorn är ren.

 

Är din skrivbordbakgrund normal?

 

Ladda ner OTViewIt till Skrivbordet:

http://oldtimer.geekstogo.com/OTViewIt.exe

 

Stäng alla program.

Kör OTViewIt (i Vista högerklicka och Kör som administratör).

Bocka för Scan all Users.

Välj 30 dagar för File Age om det inte redan är valt.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTViewIt.txt och Extras.txt, klistra in båda två i ditt svar (kom ihåg LOG-knappen).

 

Link to comment
Share on other sites

Hej

Här kommer de 2 txt filerna:

[log]

OTViewIt logfile created on: 2009-01-22 13:23:06 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Admin\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

255,48 Mb Total Physical Memory | 141,86 Mb Available Physical Memory | 55,53% Memory free

618,12 Mb Paging File | 363,77 Mb Available in Paging File | 58,85% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 37,26 Gb Total Space | 14,53 Gb Free Space | 39,00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RIKARD

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

 

========== Processes ==========

 

[2008-04-13 16:45:27 | 00,607,576 | | M] (Lavasoft) C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe

[2002-12-02 20:56:10 | 00,040,960 | | M] (Hewlett-Packard) C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[2009-01-19 12:32:42 | 00,136,600 | | M] (Sun Microsystems, Inc.) C:\Program\Java\jre6\bin\jusched.exe

[2005-03-28 11:41:18 | 00,180,269 | | M] (RealNetworks, Inc.) C:\Program\Delade filer\Real\Update_OB\realsched.exe

[2004-12-20 19:41:22 | 00,033,792 | | M] () C:\Program\Winamp\winampa.exe

[2007-11-01 16:13:26 | 00,151,552 | | M] (CyberLink Corp.) C:\Program\CyberLink\PCM4Everio\EverioService.exe

[2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation) C:\Program\Messenger\msmsgs.exe

[2001-03-15 05:18:18 | 00,049,254 | | M] (Adobe Systems Inc.) C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

[2001-09-13 16:20:32 | 00,526,848 | | M] () C:\Program\U.S. Robotics\ControlCenter\Reminder.exe

[1999-06-15 18:19:42 | 00,061,440 | | M] (Ulead Systems, Inc.) C:\Program\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

[2004-12-17 09:00:00 | 00,118,784 | | M] (WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE

[2008-02-21 15:02:54 | 00,238,968 | | M] (Symantec Corporation) C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe

[2009-01-19 12:32:40 | 00,152,984 | | M] (Sun Microsystems, Inc.) C:\Program\Java\jre6\bin\jqs.exe

[2003-06-19 23:25:00 | 00,322,120 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE

[2008-12-12 04:08:14 | 00,115,560 | R- | M] (Symantec Corporation) C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

[2002-09-27 08:38:00 | 00,065,536 | R- | M] (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

[2006-12-19 23:23:00 | 00,272,024 | | M] () C:\Program\CyberLink\Shared Files\RichVideo.exe

[2004-08-10 22:05:14 | 00,038,912 | | M] (Microsoft Corporation) C:\WINDOWS\system32\wdfmgr.exe

[2008-12-12 04:08:14 | 00,115,560 | R- | M] (Symantec Corporation) C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe

[2009-01-22 13:20:55 | 00,422,912 | | M] (OldTimer Tools) C:\Documents and Settings\Admin\Skrivbord\OTViewIt.exe

 

========== (O23) Win32 Services ==========

 

[2008-04-13 16:45:27 | 00,607,576 | | M] (Lavasoft) C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe (aawservice [Auto | Running])

[2008-02-21 15:02:54 | 00,238,968 | | M] (Symantec Corporation) C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe (Automatic LiveUpdate Scheduler [Auto | Running])

[2008-02-21 15:02:54 | 00,238,968 | | M] (Symantec Corporation) C:\Program\Symantec\LiveUpdate\AluSchedulerSvc.exe (Automatisk LiveUpdate-schemaläggare [Auto | Stopped])

[2009-01-19 12:32:40 | 00,152,984 | | M] (Sun Microsystems, Inc.) C:\Program\Java\jre6\bin\jqs.exe (JavaQuickStarterService [Auto | Running])

[2008-02-21 15:02:46 | 03,220,856 | | M] (Symantec Corporation) C:\Program\Symantec\LiveUpdate\LuComServer_3_4.EXE (LiveUpdate [On_Demand | Stopped])

[2003-06-19 23:25:00 | 00,322,120 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE (MDM [Auto | Running])

[2008-12-12 04:08:14 | 00,115,560 | R- | M] (Symantec Corporation) C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe (Norton AntiVirus [Auto | Running])

[2002-09-27 08:38:00 | 00,065,536 | R- | M] (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVSvc [Auto | Running])

[2003-07-28 20:28:22 | 00,089,136 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE (ose [On_Demand | Stopped])

[2006-12-19 23:23:00 | 00,272,024 | | M] () C:\Program\CyberLink\Shared Files\RichVideo.exe (RichVideo [Auto | Running])

[2004-08-10 22:05:14 | 00,038,912 | | M] (Microsoft Corporation) C:\WINDOWS\system32\wdfmgr.exe (UMWdf [Auto | Running])

 

========== Driver Services ==========

 

[2008-12-12 04:08:45 | 00,255,536 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\BHDrvx86.sys (BHDrvx86 [system | Running])

[2008-11-24 21:03:30 | 00,362,544 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\cchpx86.sys (ccHP [system | Running])

[2008-11-24 21:03:30 | 00,371,248 | | M] (Symantec Corporation) C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys (eeCtrl [system | Running])

[2008-11-24 21:03:30 | 00,099,376 | | M] (Symantec Corporation) C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv [On_Demand | Running])

[2008-04-13 19:45:29 | 00,010,624 | | M] (Microsoft Corporation) C:\WINDOWS\system32\drivers\gameenum.sys (gameenum [On_Demand | Running])

[2001-11-08 09:53:54 | 00,018,120 | R- | M] ( ) C:\WINDOWS\system32\drivers\gt680x.sys (GT680x [On_Demand | Stopped])

[2009-01-15 19:05:36 | 00,274,808 | | M] (Symantec Corporation) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090115.001\IDSxpx86.sys (IDSxpx86 [system | Running])

[2001-08-17 23:00:04 | 00,002,944 | | M] (Microsoft Corporation) C:\WINDOWS\system32\drivers\msmpu401.sys (ms_mpu401 [On_Demand | Running])

[2009-01-15 17:56:54 | 00,089,104 | | M] (Symantec Corporation) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090121.048\naveng.sys (NAVENG [On_Demand | Running])

[2009-01-15 17:56:54 | 00,876,112 | | M] (Symantec Corporation) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090121.048\navex15.sys (NAVEX15 [On_Demand | Running])

[2002-09-27 08:38:00 | 01,104,282 | R- | M] (NVIDIA Corporation) C:\WINDOWS\system32\drivers\nv4_mini.sys (nv [On_Demand | Running])

[2004-08-04 13:00:00 | 00,017,792 | | M] (Parallel Technologies, Inc.) C:\WINDOWS\system32\drivers\ptilink.sys (Ptilink [On_Demand | Running])

[2004-08-03 23:31:34 | 00,020,992 | | M] (Realtek Semiconductor Corporation) C:\WINDOWS\system32\drivers\RTL8139.sys (rtl8139 [On_Demand | Running])

[2007-11-13 11:25:56 | 00,020,480 | | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv [On_Demand | Stopped])

[2008-12-12 04:08:48 | 00,306,736 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\srtsp.sys (SRTSP [On_Demand | Running])

[2008-12-12 04:08:48 | 00,043,696 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\srtspx.sys (SRTSPX [system | Running])

[2008-12-12 04:08:48 | 00,012,976 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\symdns.sys (SYMDNS [On_Demand | Running])

[2008-12-12 04:08:48 | 00,309,296 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\SymEFA.sys (SymEFA [boot | Running])

[2008-11-24 21:04:06 | 00,124,464 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\SYMEVENT.SYS (SymEvent [On_Demand | Running])

[2008-12-12 04:08:48 | 00,089,904 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\symfw.sys (SYMFW [On_Demand | Running])

[2008-12-12 04:08:48 | 00,034,608 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\symids.sys (SYMIDS [On_Demand | Running])

[2008-12-12 04:08:17 | 00,036,272 | R- | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\SymIM.sys (SymIM [On_Demand | Stopped])

[2008-12-12 04:08:17 | 00,036,272 | R- | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\SymIM.sys (SymIMMP [On_Demand | Running])

[2008-12-12 04:08:48 | 00,037,424 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\symndis.sys (SYMNDIS [On_Demand | Running])

[2008-12-12 04:08:48 | 00,024,624 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\symredrv.sys (SYMREDRV [On_Demand | Running])

[2008-12-12 04:08:49 | 00,198,192 | | M] (Symantec Corporation) C:\WINDOWS\system32\drivers\NAV\1002000.007\symtdi.sys (SYMTDI [system | Running])

[2002-09-15 20:20:00 | 00,064,128 | R- | M] (VIA Technologies, Inc.) C:\WINDOWS\system32\drivers\viaudio.sys (VIAudio [On_Demand | Running])

 

========== (R ) Internet Explorer ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]

"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157

"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896

"Default_Secondary_Page_URL"=

"Extensions Off Page"=about:NoAdd-ons

"Local Page"=%SystemRoot%\system32\blank.htm

"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896

"Security Risk Page"=about:SecurityRisk

"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]

"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

"SearchAssistant"=http://www.google.com/ie

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Secondary Start Pages"=

"Start Page"=http://www.genealogi.se/

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]

""=http://www.google.com/keyword/%s

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main]

"Local Page"=C:\WINDOWS\system32\blank.htm

"Page_Transitions"=

"Search Page"=http://www.google.com

"SearchMigratedDefaultName"=Google

"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

"Secondary Start Pages"=

"Start Page"=http://www.genealogi.se/

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\SearchURL]

""=http://www.google.com/keyword/%s

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

"ProxyEnable" = 0

 

========== (O1) Hosts File ==========

 

HOSTS File = (288007 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

First 25 entries...

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 100sexlinks.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123haustiereundmehr.com

9926 more lines...

 

========== (O2) BHO's ==========

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (HKLM) C:\Program\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.dll (Symantec Corporation)

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (HKLM) C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

 

========== (O3) Toolbars ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) c:\Program\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) c:\Program\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) c:\Program\Google\GoogleToolbar1.dll (Google Inc.)

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) C:\Program\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) Reg Error: Key does not exist or could not be opened. File not found

 

========== (O4) Run Keys ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)

"DeviceDiscovery"=C:\Program\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)

"EPSON Stylus Photo R240 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240" (SEIKO EPSON CORPORATION)

"EverioService"="C:\Program\CyberLink\PCM4Everio\EverioService.exe" (CyberLink Corp.)

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)

"NeroCheck"=C:\WINDOWS\system32\\NeroCheck.exe (Ahead Software Gmbh)

"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)

"nwiz"=nwiz.exe /install (NVIDIA Corporation)

"SunJavaUpdateSched"="C:\Program\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

"TkBellExe"="C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)

"WinampAgent"=C:\Program\Winamp\winampa.exe ()

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" /background (Microsoft Corporation)

 

========== (O4) Startup Folders ==========

 

[2001-03-15 05:18:18 | 00,049,254 | | M] (Adobe Systems Inc.) C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Acrobat Assistant.lnk = C:\Program\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

[2003-12-07 18:12:52 | 00,110,592 | | M] (Adobe Systems, Inc.) C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

[2001-09-13 16:20:32 | 00,526,848 | | M] () C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Påminnelse om Instant Update.lnk = C:\Program\U.S. Robotics\ControlCenter\Reminder.exe

[2007-04-19 12:49:52 | 00,064,864 | | M] (Microsoft Corporation) C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Snabbstart för Microsoft Office OneNote 2003.lnk = C:\Program\Microsoft Office\OFFICE11\ONENOTEM.EXE

[1999-06-15 18:19:42 | 00,061,440 | | M] (Ulead Systems, Inc.) C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe

[2004-12-17 09:00:00 | 00,118,784 | | M] (WinZip Computing, Inc.) C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

 

========== (O6 & O7) Current Version Policies ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=95 00 00 00 [binary data]

"NoActiveDesktop"=0

"NoSaveSettings"=0

"ClassicShell"=0

"NoThemesTab"=0

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=0

"NoColorChoice"=0

"NoSizeChoice"=0

"NoDispScrSavPage"=0

"NoDispCPL"=0

"NoVisualStyleChoice"=0

"NoDispSettingsPage"=0

"NoDispAppearancePage"=0

"NoDispBackgroundPage"=0

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

"NoDriveTypeAutoRun"=95 00 00 00 [binary data]

"NoActiveDesktop"=0

"NoSaveSettings"=0

"ClassicShell"=0

"NoThemesTab"=0

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

"DisableTaskMgr"=0

"NoColorChoice"=0

"NoSizeChoice"=0

"NoDispScrSavPage"=0

"NoDispCPL"=0

"NoVisualStyleChoice"=0

"NoDispSettingsPage"=0

"NoDispAppearancePage"=0

"NoDispBackgroundPage"=0

 

========== (O8) IE Context Menu Extensions ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]

&Google Search: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

Backward Links: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

Cached Snapshot of Page: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-10-13 11:29:28 | 10,351,944 | | M] (Microsoft Corporation)

Similar Pages: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

Translate into English: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-10-13 11:29:28 | 10,351,944 | | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-10-13 11:29:28 | 10,351,944 | | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]

E&xportera till Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\Software\Microsoft\Internet Explorer\MenuExt\]

&Google Search: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

Backward Links: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

Cached Snapshot of Page: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

E&xportera till Microsoft Excel: C:\Program\Microsoft Office\OFFICE11\EXCEL.EXE [2008-10-13 11:29:28 | 10,351,944 | | M] (Microsoft Corporation)

Similar Pages: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

Translate into English: c:\Program\Google\GoogleToolbar1.dll [2004-12-02 12:59:36 | 00,696,320 | R- | M] (Google Inc.)

 

========== (O9) IE Extensions ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Referensinformation %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 13:10:18 | 00,063,840 | | M] (Microsoft Corporation)

{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 %SystemRoot%\network diagnostic\xpnetdiag.exe [2008-04-13 19:53:32 | 00,558,080 | | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Extensions\]

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found

CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Referensinformation] -> [2007-04-19 13:10:18 | 00,063,840 | | M] (Microsoft Corporation)

CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 17:05:13 | 01,695,232 | | M] (Microsoft Corporation)

 

========== (O12) Internet Explorer Plugins ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]

PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s

PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

Extension\.spop: C:\Program\Internet Explorer\PLUGINS\NPDocBox.dll [2001-01-30 13:56:24 | 00,225,280 | | M] (InterTrust Technologies Corporation, Inc.)

 

========== (O13) Default Prefixes ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]

""=http://

 

========== (O15) Trusted Sites ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

50 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

49 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

49 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

49 domain(s) and sub-domain(s) not assigned to a zone.

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]

49 domain(s) and sub-domain(s) not assigned to a zone.

 

========== (O16) DPF ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]

{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}: http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab DjVuCtl Class

{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 Windows Genuine Advantage Validation Tool

{34F12AFD-E9B5-492A-85D2-40FA4535BE83}: http://www.symantec.com/techsupp/activedata/nprdtinf.cab AxProdInfoCtl Class

{6A344D34-5231-452A-8A57-D064AC9B7862}: https://webdl.symantec.com/activex/symdlmgr.cab Symantec Download Manager

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219582119526 MUWebControl Class

{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232364653110&h=8e105a5d6fad8dd26c9bb872a86f827d/&filename=jinstall-6u11-windows-i586-jc.cab Java Plug-in 1.6.0_11

{A42889C5-62E1-419A-90C2-C9E958D69990}: http://www.genline.se/GFFControl.cab Genline Family Finder Component

{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab F-Secure Online Scanner 3.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Java Plug-in 1.6.0_07

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Java Plug-in 1.6.0_11

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Java Plug-in 1.6.0_11

{D27CDB6E-AE6D-11CF-96B8-444553540000}: https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab Shockwave Flash Object

 

========== (O17) DNS Name Servers ==========

 

{AAD939F6-7CD8-4F97-8E9C-F9943E0FAAD6} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)

 

========== (O19) User Style Sheets ==========

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

 

========== Safeboot Options ==========

 

"AlternateShell"=cmd.exe

 

========== CDRom AutoRun Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

 

========== Autorun Files on Drives ==========

 

AUTOEXEC.BAT []

[2004-11-26 19:06:44 | 00,000,000 | | M] () C:\AUTOEXEC.BAT [ NTFS ]

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009-01-22 13:20:55 | 00,422,912 | | C] (OldTimer Tools) C:\Documents and Settings\Admin\Skrivbord\OTViewIt.exe

[2009-01-20 09:04:22 | 00,000,664 | | C] () C:\WINDOWS\System32\d3d9caps.dat

[2009-01-19 13:53:25 | 00,001,678 | | C] () C:\Documents and Settings\Admin\Skrivbord\HijackThis.lnk

[2009-01-19 13:53:22 | 00,000,000 | -D | C] C:\Program\Trend Micro

[2009-01-19 13:51:26 | 00,812,344 | | C] (Trend Micro Inc.) C:\Documents and Settings\Admin\Skrivbord\HJTInstall.exe

[2009-01-08 13:38:20 | 00,000,000 | -D | C] C:\Program\IObit

[2009-01-08 13:35:26 | 02,718,816 | | C] (IObit ) C:\Documents and Settings\Admin\Skrivbord\DefragSetup.exe

 

========== Files - Modified Within 30 Days ==========

 

[1 C:\WINDOWS\System32\*.tmp files]

[4 C:\WINDOWS\*.tmp files]

[2009-01-22 13:20:55 | 00,422,912 | | M] (OldTimer Tools) C:\Documents and Settings\Admin\Skrivbord\OTViewIt.exe

[2009-01-22 11:07:11 | 00,013,646 | | M] () C:\WINDOWS\System32\wpa.dbl

[2009-01-22 11:04:53 | 00,000,006 | -H | M] () C:\WINDOWS\tasks\SA.DAT

[2009-01-22 11:04:08 | 00,002,048 | S- | M] () C:\WINDOWS\bootstat.dat

[2009-01-22 11:04:05 | 26,796,4416 | -HS- | M] () C:\hiberfil.sys

[2009-01-20 09:04:22 | 00,000,664 | | M] () C:\WINDOWS\System32\d3d9caps.dat

[2009-01-19 13:53:26 | 00,001,678 | | M] () C:\Documents and Settings\Admin\Skrivbord\HijackThis.lnk

[2009-01-19 13:51:26 | 00,812,344 | | M] (Trend Micro Inc.) C:\Documents and Settings\Admin\Skrivbord\HJTInstall.exe

[2009-01-09 17:35:30 | 20,853,704 | | M] (Microsoft Corporation) C:\WINDOWS\System32\MRT.exe

[2009-01-08 16:37:07 | 00,001,532 | | M] () C:\Documents and Settings\Admin\Skrivbord\CCleaner.lnk

[2009-01-08 13:35:26 | 02,718,816 | | M] (IObit ) C:\Documents and Settings\Admin\Skrivbord\DefragSetup.exe

[2009-01-07 16:51:46 | 00,174,080 | | M] () C:\Documents and Settings\Admin\Skrivbord\Tidschema, memolista 2004.xls

[2009-01-07 14:24:43 | 00,429,056 | -HS- | M] () C:\Documents and Settings\Admin\Skrivbord\Thumbs.db

@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Admin\Skrivbord\Thumbs.db:encryptable

< End of report >

 

[/log]

[log]OTViewIt Extras logfile created on: 2009-01-22 13:23:06 - Run

OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Admin\Skrivbord

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

255,48 Mb Total Physical Memory | 141,86 Mb Available Physical Memory | 55,53% Memory free

618,12 Mb Paging File | 363,77 Mb Available in Paging File | 58,85% Paging File free

Paging file location(s): C:\pagefile.sys 384 768;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 37,26 Gb Total Space | 14,53 Gb Free Space | 39,00% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RIKARD

Current User Name: Admin

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Whitelist: On

File Age = 30 Days

"MaxScriptStatements"=

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=1

"AntiVirusDisableNotify"=0

"FirewallDisableNotify"=0

"UpdatesDisableNotify"=0

"AntiVirusOverride"=1

"FirewallOverride"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall"=1

"DoNotAllowExceptions"=0

"DisableNotifications"=0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | | M] (Microsoft Corporation) %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | | M] (Microsoft Corporation) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[2008-04-14 17:05:18 | 00,141,312 | | M] (Microsoft Corporation) %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[2008-04-13 19:53:32 | 00,558,080 | | M] (Microsoft Corporation) %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[2007-11-01 16:13:40 | 00,053,248 | | M] (CyberLink Corp.) C:\Program\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio

[2007-11-01 16:13:26 | 00,151,552 | | M] (CyberLink Corp.) C:\Program\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program

[2007-10-08 19:04:36 | 04,171,048 | | M] (CyberLink Corp.) C:\Program\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express

 

========== (O18) Protocol Handlers ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

ipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

msdaipp: [HKLM - No CLSID value]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers

[2005-09-20 11:33:58 | 00,843,984 | | M] (Microsoft Corporation) C:\Program\Delade filer\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2000-04-19 18:47:36 | 00,520,117 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-03-14 12:10:22 | 07,255,384 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]

[2007-05-10 12:45:34 | 08,069,464 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

 

========== (O18) Protocol Filters ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters

[2007-04-19 12:57:40 | 00,046,432 | | M] (Microsoft Corporation) C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{003212D9-AD05-4746-9463-8273B7BF52E3}"=Genline Family Finder 2

"{03B7F3F1-5A2C-4FC8-A4C1-AF6FE3F8E9AA}"=Genline FamilyFinder 2

"{105CFC7C-6992-11D5-BD9D-000102C10FD8}"=Lizardtech DjVu Control

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java 6 Update 11

"{27F650A9-6FAB-41C8-8621-92FF0118B0C4}"=EPSON Easy Photo Print

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant

"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java 6 Update 7

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP

"{39CEE1F2-12B6-4C50-9131-04BFCA110578}"=PowerCinema NE for Everio

"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth

"{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}"=Adobe InDesign CS

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}"=Photo Story 3 for Windows

"{53145EBA-86F8-4FAE-A9CB-43EA6633A116}"=Effective Site Studio

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0

"{7148F0A8-6813-11D6-A77B-00B0D0142060}"=Java 2 Runtime Environment, SE v1.4.2_06

"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable

"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}"=EPSON Web-To-Page

"{9011041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003

"{9012041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003

"{9015041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Access 2003

"{9016041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Excel 2003

"{9017041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003

"{9018041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office PowerPoint 2003

"{9019041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Publisher 2003

"{901A041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Outlook 2003

"{901B041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word 2003

"{9044041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office InfoPath 2003

"{90A1041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office OneNote 2003

"{90CA041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Small Business Edition 2003

"{90E0041D-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Outlook 2003

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}"=Nero - Burning Rom

"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer

"{B83E0346-D2D0-11D5-A9AE-00105AA9E047}"=ControlCenter

"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}"=Digital Photo Navigator 1.5

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware 2007

"{E0828692-FD9D-459F-9312-C645C3CA6650}"=HP Photo and Imaging 2.0 - Deskjet Series

"{E80F62FF-5D3C-4A19-8409-9721F2928206}"=LiveUpdate (Symantec Corporation)

"{E86BC406-944E-41F6-ADE6-2C136734C96B}"=EPSON File Manager

"{EDE721EC-870A-11D8-9D75-000129760D75}"=PowerDirector Express

"ABBYY FineReader 4.0 Sprint"=ABBYY FineReader 4.0 Sprint

"Adobe Acrobat 5.0"=Adobe Acrobat 5.0

"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX

"Adobe PageMaker 7.0"=Adobe PageMaker 7.0

"Adobe Photoshop 7.0"=Adobe Photoshop 7.0

"CCleaner"=CCleaner (remove only)

"Crush'Em 2.0"=Crush'Em 2.0

"DjVu"=Lizardtech DjVu Control (autoinstall)

"EPSON Printer and Utilities"=EPSON-skrivarprogramvara

"ESPR240 Användarhandbok"=ESPR240 Användarhandbok

"Genline Family Finder"=Genline Family Finder

"HijackThis"=HijackThis 2.0.2

"hp print screen utility"=hp print screen utility

"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs

"ie7"=Windows Internet Explorer 7

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email

"NAV"=Norton AntiVirus

"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs

"NVIDIA"=NVIDIA Windows 2000/XP Display Drivers

"Packard Bell Diamond 1200Plus v1.0"=Packard Bell Diamond 1200Plus v1.0

"PsuedoLiveUpdate"=LiveUpdate (Symantec Corporation)

"Puzzl'Em1.0Beta2"=Puzzl'Em 1.0 Beta2

"RealPlayer 6.0"=RealPlayer

"Rosenberg"=Rosenberg

"ShockwaveFlash"=Adobe Flash Player 9 ActiveX

"Smart Defrag_is1"=Smart Defrag 1.03

"SPCS Administration 2000 Nät"=SPCS Administration 2000 Nät

"Symantec eSupport"=Symantec eSupport

"Ulead Photo Express 3.0 SE"=Ulead Photo Express 3.0 SE

"VIA Audio Driver Setup Program"=VIA Audio Driver Setup Program

"Winamp"=Winamp (remove only)

"Windows Media Format Runtime"=Windows Media Format Runtime

"Windows Media Player"=Windows Media Player 10

"Windows XP Service Pack"=Windows XP Service Pack 3

"WinZip"=WinZip

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ADClient"=ADClient

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-73586283-764733703-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ADClient"=ADClient

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2009-01-04 17:18:58 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:20:16 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:20:35 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:21:06 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:21:10 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:21:23 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:22:17 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-04 17:22:30 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-07 11:48:33 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-01-19 08:48:13 | Computer Name = RIKARD | Source = Application Hang | ID = 1002

Description = Stoppat program iexplore.exe, version 7.0.6000.16762, stoppad modul

hungapp, version 0.0.0.0, stoppad adress 0x00000000.

 

[ System Events ]

Error - 2009-01-20 04:05:10 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2009-01-20 04:05:10 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2009-01-20 10:30:56 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2009-01-20 10:30:56 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2009-01-20 15:05:19 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2009-01-20 15:05:19 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2009-01-21 04:18:58 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2009-01-21 04:18:58 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

Error - 2009-01-22 06:05:41 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Automatisk

LiveUpdate-schemaläggare ska ansluta.

 

Error - 2009-01-22 06:05:41 | Computer Name = RIKARD | Source = Service Control Manager | ID = 7000

Description = Tjänsten Automatisk LiveUpdate-schemaläggare kunde inte startas på

grund av följande fel: %%1053

 

 

< End of report >[/log]

 

Det var det hela, /Rikard

 

Lagt till LOG-taggar även för den andra loggen

Cecilia - Moderator för Virus, skadliga program & botemedel

 

[inlägget ändrat 2009-01-22 13:42:58 av Cecilia]

Link to comment
Share on other sites

Det jag kan se som tillkommit i datorn senaste månaden är program från IOBit.

[2009-01-08 13:38:20 | 00,000,000 | -D | C] C:\Program\IObit

[2009-01-08 13:35:26 | 02,718,816 | | C] (IObit ) C:\Documents and Settings\Admin\Skrivbord\DefragSetup.exe

 

Nedanstående är gamla versioner med säkerhetshål och ska därför avinstalleras:

"{3248F0A8-6813-11D6-A77B-00B0D0150000}"=J2SE Runtime Environment 5.0

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7

"{7148F0A8-6813-11D6-A77B-00B0D0142060}"=Java 2 Runtime Environment, SE v1.4.2_06

 

Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här.

C:\Windows\msn.hta

 

Gå också till C:\Windows och högerklicka på msn.hta och välj Egenskaper. Vad står det för olika datum där? Finns där någon information som gör att man kan knyta filen till en produkt eller företag?

 

Link to comment
Share on other sites

  • 3 weeks later...

Jag gav upp, för det blev för mycket till slut att kolla med din benägna hjälp men stort tack ändå Cecilia. Prövade idag att ladda ned senaste Zone Alamet igen, och har fått allt att funka nu ändå, ja se datorer...

 

 

Link to comment
Share on other sites

Huvudsaken är att du fått ordning på internetanslutningen :thumbsup:

Det var kanske någon inställningen som blivit konstig i ZoneAlarm.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...