Just nu i M3-nätverket
Jump to content

Replay Music + Spotify, hänger sig


emilou77

Recommended Posts

Jag installerade en demoversion av Replay Music för att spela in låtar från Spotify. Jag spelade in en och sedan hängde hela datorn sig och jag var tvungen att stänga av på själva datorn. Jag startade igen och avinstallerade hela RM. Allt funkar bra då tills jag startar Spotify,efter två-tre låtar så hänger sig hela datorn igen och jag får trycka av på datorn.

 

När jag nu startar datorn kommer det upp en ruta där det står "you´re about to install Replay Music" och jag får välja att fortsätta installationen eller avbryta. Vilket jag än väljer så hänger sig datorn när Spotify startats.

 

Jag har försökt gå in och radera alla spår, dels genom vanlig sökfunktion, glarys utilities samt kör - regedit. Inget funkar! Installationen startar så fort jag startar datorn!

 

Tips?

 

Link to comment
Share on other sites

Vi kan se om HijackThis visar vad som får installationen att börja. Ladda ner från en av länkarna:

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

Installera, starta och välj "Do a system scan and save a logfile", kopiera loggen som kommer upp (inget annat).

 

I ditt svar bifogar du HijackThis-loggen på detta sätt:

Tryck på LOG-knappen i Besvara-fönstret

Klistra in loggen

Tryck igen på LOG-knappen nappen i Besvara-fönstret

 

Link to comment
Share on other sites

[log]Scan saved at 15:18:06, on 2009-05-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Jensen\Common\JensenUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php'>http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program\pdfforge Toolbar\WidgiToolbarIE.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup

O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32:ctfmon.com

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program\Jensen\Common\JensenUI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/vaxjo/support/plugins/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {71C51CB8-6116-44F5-A2DC-575DAE8ADAA4} (ISUploadOCX.Upload) - http://www2.idrottonline.se/ImageStoreNET/CAB/ISUploadOCX.CAB

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elhallah.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225797941004&h=49f817456fc2732db66f04be819cf0df/&filename=jinstall-6u10-windows-i586-jc.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.se/clients/uploader_v2.2.0.6.cab

O16 - DPF: {DCC74818-0EA1-4682-8D57-649C1DC70C77} (Croom3 Object) - http://launcher.room-3.com/room3/room3.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://secure.storegate.se/USER/Files/Cabs/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O24 - Desktop Component 0: (no name) - http://www.lanstrafiken-z.se/core/templateresources/page-bg.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/HP_GAR~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

[/log]

 

Link to comment
Share on other sites

[log]C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Jensen\Common\JensenUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php'>http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program\pdfforge Toolbar\WidgiToolbarIE.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program\pdfforge Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup

O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32:ctfmon.com

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program\Jensen\Common\JensenUI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/vaxjo/support/plugins/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {71C51CB8-6116-44F5-A2DC-575DAE8ADAA4} (ISUploadOCX.Upload) - http://www2.idrottonline.se/ImageStoreNET/CAB/ISUploadOCX.CAB

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elhallah.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225797941004&h=49f817456fc2732db66f04be819cf0df/&filename=jinstall-6u10-windows-i586-jc.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.se/clients/uploader_v2.2.0.6.cab

O16 - DPF: {DCC74818-0EA1-4682-8D57-649C1DC70C77} (Croom3 Object) - http://launcher.room-3.com/room3/room3.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://secure.storegate.se/USER/Files/Cabs/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O24 - Desktop Component 0: (no name) - http://www.lanstrafiken-z.se/core/templateresources/page-bg.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/HP_GAR~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

[/log]

 

Link to comment
Share on other sites

Hela loggar är alltid bra.

 

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\pdfforge Toolbar\SearchSettings.dll

O4 - HKLM\..\Run: [searchSettings] C:\Program\pdfforge Toolbar\SearchSettings.exe

Det programmet verkar inte vara bra att ha:

http://www.systemlookup.com/CLSID/34383-SearchSettings_dll.html

http://www.systemlookup.com/Startup/10841-SearchSettings_exe.html

så det bör du avinstallera. Klistra sedan in en ny HijackThis-logg.

 

Fungerar Norton/Symantec?

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:11:14, on 2009-05-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\Program\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Jensen\Common\JensenUI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php'>http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program\pdfforge Toolbar\WidgiToolbarIE.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program\pdfforge Toolbar\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program\pdfforge Toolbar\WidgiToolbarIE.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup

O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32:ctfmon.com

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program\Jensen\Common\JensenUI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/vaxjo/support/plugins/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {71C51CB8-6116-44F5-A2DC-575DAE8ADAA4} (ISUploadOCX.Upload) - http://www2.idrottonline.se/ImageStoreNET/CAB/ISUploadOCX.CAB

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elhallah.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225797941004&h=49f817456fc2732db66f04be819cf0df/&filename=jinstall-6u10-windows-i586-jc.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.se/clients/uploader_v2.2.0.6.cab

O16 - DPF: {DCC74818-0EA1-4682-8D57-649C1DC70C77} (Croom3 Object) - http://launcher.room-3.com/room3/room3.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://secure.storegate.se/USER/Files/Cabs/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O24 - Desktop Component 0: (no name) - http://www.lanstrafiken-z.se/core/templateresources/page-bg.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/HP_GAR~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 12818 bytes[/log]

 

Link to comment
Share on other sites

Norton funkar, ja. Jag har scannat både med Norton och efter malware. Hittade lite malware som jag tog bort igår men det hjälpte inte mot problemet.

 

Link to comment
Share on other sites

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:09, on 2009-05-25

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program\Java\jre6\bin\jqs.exe

c:\Program\Delade filer\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe

C:\Program\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program\Personal\bin\Personal.exe

C:\Program\Jensen\Common\JensenUI.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\msfeedssync.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php'>http://google.icq.com/search/search_frame.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe"

O4 - HKLM\..\Run: [4-Day Forecast] "C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup

O4 - HKLM\..\Run: [ctfmon.exe] C:\WINDOWS\system32:ctfmon.com

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')

O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe

O4 - Global Startup: Jensen AirLink Utility.lnk = C:\Program\Jensen\Common\JensenUI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/vaxjo/support/plugins/ebraryRdr.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {71C51CB8-6116-44F5-A2DC-575DAE8ADAA4} (ISUploadOCX.Upload) - http://www2.idrottonline.se/ImageStoreNET/CAB/ISUploadOCX.CAB

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://elhallah.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225797941004&h=49f817456fc2732db66f04be819cf0df/&filename=jinstall-6u10-windows-i586-jc.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.se/ImageUploader4.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.se/clients/uploader_v2.2.0.6.cab

O16 - DPF: {DCC74818-0EA1-4682-8D57-649C1DC70C77} (Croom3 Object) - http://launcher.room-3.com/room3/room3.cab

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - https://secure.storegate.se/USER/Files/Cabs/ImageUploader4.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program\Norton AntiVirus\isPwdSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program\Delade filer\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe

O24 - Desktop Component 0: (no name) - http://www.lanstrafiken-z.se/core/templateresources/page-bg.gif

O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/HP_GAR~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

 

--

End of file - 12484 bytes

[/log]

 

Link to comment
Share on other sites

Jag tycker det ser ut att vara onormalt lite Norton-processor igång. Vad är det för årsmodell på Norton? Det ser inte ut som den senaste och normalt så kan man uppgradera till den och då få förbättrad detektering och borttagning. Kan du få fram vad Norton hittade, både filnamn och typ av skadligt program, från någon logg eller liknande? Utifall att Norton inte har hittat allt.

 

Var det något problem med att avinstallera pdfforge ?

 

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe

Är det där något du känner igen?

 

Tyvärr så kan jag inte se något i loggen som drar igång en installation. Har du installerat eller avinstallerat något annat sedan du installerade Replay Music?

 

Link to comment
Share on other sites

Oj, hinner inte med här med alla inlägg.

 

Nu ser pdfforge ut att vara borta i alla fall. :thumbsup:

 

Link to comment
Share on other sites

Samsung är till telefonen så det är som det ska...

 

Logg 1 från Malwarebytes (som jag installerade efter RM):

 

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2164

Windows 5.1.2600 Service Pack 2

 

2009-05-22 13:08:45

mbam-log-2009-05-22 (13-08-45).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|)

Antal skannade objekt: 29323

Förfluten tid: 6 minute(s), 44 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 4

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

Logg 2 från Malwarebytes:

 

 

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2164

Windows 5.1.2600 Service Pack 2

 

2009-05-22 14:05:14

mbam-log-2009-05-22 (14-05-14).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|)

Antal skannade objekt: 44850

Förfluten tid: 14 minute(s), 51 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 0

Infekterade registervärden: 0

Infekterade registerdataposter: 0

Infekterade mappar: 0

Infekterade filer: 1

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

(Inga illasinnade poster hittades)

 

Infekterade registervärden:

(Inga illasinnade poster hittades)

 

Infekterade registerdataposter:

(Inga illasinnade poster hittades)

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

C:\System Volume Information\_restore{7FA95762-7F57-4B6D-9078-2FB5ACF8DBFA}\RP120\A0025246.dll (Adware.Shopper) -> Quarantined and deleted successfully.

[/log]

 

 

Logg 3 från Malwarebytes:

 

 

[log]Malwarebytes' Anti-Malware 1.36

Databasversion: 2164

Windows 5.1.2600 Service Pack 2

 

2009-05-22 20:29:18

mbam-log-2009-05-22 (20-29-18).txt

 

Skanningstyp: Fullständig skanning (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|)

Antal skannade objekt: 369876

Förfluten tid: 5 hour(s), 53 minute(s), 20 second(s)

 

Infekterade minnesprocesser: 0

Infekterade minnesmoduler: 0

Infekterade registernycklar: 1

Infekterade registervärden: 1

Infekterade registerdataposter: 2

Infekterade mappar: 0

Infekterade filer: 0

 

Infekterade minnesprocesser:

(Inga illasinnade poster hittades)

 

Infekterade minnesmoduler:

(Inga illasinnade poster hittades)

 

Infekterade registernycklar:

HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.

 

Infekterade registervärden:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc5vdj0e77c (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

 

Infekterade registerdataposter:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Infekterade mappar:

(Inga illasinnade poster hittades)

 

Infekterade filer:

(Inga illasinnade poster hittades)

[/log]

 

 

 

Link to comment
Share on other sites

När var det som du installerade Replay Music?

 

Vi kan se om det går att se vilka filer som tillkom i datorn i samband med det.

Ladda ner OTL till Skrivbordet.

http://oldtimer.geekstogo.com/OTL.exe

Stäng alla program.

Kör OTL (i Vista högerklicka och Kör som administratör).

Under Output högt upp så välj Minimal Output.

Bocka för LOP Check och Purity Check.

Tryck på Run Scan och låt programmet köra ostört.

 

När det är klart så skapas två loggfiler på Skrivbordet, OTListIt .txt och Extras.txt. I ditt svar bifogar du de två loggarna.

 

Link to comment
Share on other sites

Tusen tack för att du tar dig tid. Nu ser vi om det här ger nåt...

 

[log]OTL Extras logfile created on: 2009-05-25 21:00:31 - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\BUIM2EPR

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

510,48 Mb Total Physical Memory | 254,13 Mb Available Physical Memory | 49,78% Memory free

1,22 Gb Paging File | 0,76 Gb Available in Paging File | 62,13% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 180,30 Gb Total Space | 96,29 Gb Free Space | 53,40% Space Free | Partition Type: NTFS

Drive D: | 5,99 Gb Total Space | 2,15 Gb Free Space | 35,95% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 298,02 Gb Total Space | 186,69 Gb Free Space | 62,65% Space Free | Partition Type: FAT32

 

Computer Name: ELHALLAHFERMVIK

Current User Name: HP_Ägaren

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 7 Days

Company Name Whitelist: On

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = htmlfile] -- C:\Program\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes File not found

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)

C:\Program\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager File not found

C:\Program\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio File not found

C:\Program\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile File not found

C:\Program\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi File not found

C:\Program\Spotify\spotify.exe:*:Enabled:Spotify (Spotify AB)

C:\Program\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

C:\Program\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server (PeeringPortal)

C:\Program\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server (PeeringPortal)

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{06337E41-D7CD-4529-B15F-D306F2780C73}" = ImageStore ClientDeploy

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0F7B625C-1077-42A7-97A7-86405677D14C}" = SymNet

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus

"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Jensen Air:Link 85300

"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection

"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help

"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon

"{3EDE9D4A-02A5-4B73-989A-DAB900102044}" = Windows Live Writer

"{420DADC7-0E52-48F2-81EE-7BCF663815E0}" = Windows Live Essentials

"{475881C0-51A3-4B27-BED8-B8DA26657095}" = Windows Live Photo Gallery

"{4824B59D-B9A4-45F8-8998-6C09C79A3EFB}" = Disc2Phone

"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{6B30FB1E-9F4A-49BA-9D74-174F1ECEB59D}" = Windows Live inloggningsassistenten

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{7AA7B9FF-F4B4-4B64-8C51-7C3B4D0F5A28}" = 4-Day Forecast

"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus

"{841FA243-8E66-4C8F-9D96-079F3C212BA5}" = Symantec Real Time Storage Protection Component

"{85DAFBE2-75DE-436A-BD77-5902FF47F8DF}" = Windows Live Sync

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9028041D-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional med FrontPage

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}" = Microsoft .NET Framework 1.1 Swedish Language Pack

"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1053-7B44-A70000000000}" = Adobe Reader 7.0 - Svenska

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1

"{C11FEBBF-C008-4864-84A6-B6473369111B}" = SymNet

"{C4B76E93-3FC2-4E90-81EE-EE62948CFB03}" = Sony Ericsson Mobile Phone Monitor

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" = Norton AntiVirus SYMLT MSI

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI

"{ED9A325D-9622-4FD0-A731-73D23C6265F3}" = CapMan

"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{EFF913ED-03A6-42D2-A2A7-5966A612EEB9}" = LS_HSI

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}" = Microsoft Works

"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV

"{FCEA59CC-5A80-4680-9F7F-6E75174E884C}" = Windows Live Messenger

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-drivrutinspaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-drivrutinspaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Advanced Windows Optimizer_is1" = Advanced Windows Optimizer 5.11

"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem

"ATI Display Driver" = ATI Display Driver

"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition

"Glary Utilities_is1" = Glary Utilities 2.10.0.622

"Help and Support Additions" = Tillägg för Hjälp- och support

"HijackThis" = HijackThis 2.0.2

"Huawei Modems" = Huawei Modems

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"iriver plus 2" = iriver plus 2 (remove only)

"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSN Toolbar" = MSN Toolbar

"NimoCorp" = Nimo Codecs Pack v4.4 (Remove Only)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Peggle Deluxe" = Peggle Deluxe

"Personal" = BankID säkerhetsprogram 4.10

"PS2" = PS2

"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"Spotify" = Spotify

"SymSetup.{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus (Symantec Corporation)

"uTorrent" = µTorrent

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"VLC media player" = VideoLAN VLC media player 0.8.6

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 2009-05-19 14:32:51 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Det går inte att utföra den begärda åtgärden på den angivna servern.

 

Error - 2009-05-19 14:32:51 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Det går inte att utföra den begärda åtgärden på den angivna servern.

 

Error - 2009-05-19 14:32:51 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Det går inte att utföra den begärda åtgärden på den angivna servern.

 

Error - 2009-05-19 14:32:52 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Det går inte att utföra den begärda åtgärden på den angivna servern.

 

Error - 2009-05-19 14:32:52 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131080

Description = Det gick inte att automatiskt uppdatera tredjepartsrotlistsekvensnumret

från: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>.

Fel: Det går inte att utföra den begärda åtgärden på den angivna servern.

 

Error - 2009-05-20 08:03:09 | Computer Name = ELHALLAHFERMVIK | Source = Application Hang | ID = 1002

Description = Stoppat program Photoshop.exe, version 8.0.1.0, stoppad modul hungapp,

version 0.0.0.0, stoppad adress 0x00000000.

 

Error - 2009-05-24 03:10:58 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131077

Description = Det gick inte att automatiskt uppdatera tredjepartsrotcertifikat från:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>.'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>.

Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

 

Error - 2009-05-24 03:13:04 | Computer Name = ELHALLAHFERMVIK | Source = crypt32 | ID = 131077

Description = Det gick inte att automatiskt uppdatera tredjepartsrotcertifikat från:

<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8782C6C304353BCFD29692D2593E7D44D934FF11.crt>.

Fel: Åtgärden misslyckades eftersom tidsgränsen överskreds.

 

Error - 2009-05-25 10:57:12 | Computer Name = ELHALLAHFERMVIK | Source = Application Error | ID = 1000

Description = Felaktigt program SPA.exe, version 0.0.0.0, felaktig modul SPA.exe,

version 0.0.0.0, felaktig adress 0x0000727d.

 

Error - 2009-05-25 10:59:29 | Computer Name = ELHALLAHFERMVIK | Source = MsiInstaller | ID = 11327

Description = Product: SymNet -- Error 1327. Invalid Drive: L:

[ System Events ]

Error - 2009-05-25 10:14:41 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:42 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:42 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:42 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:42 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:42 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:42 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:14:43 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7023

Description = Tjänsten Application Management avbröts med följande fel: %%126

 

Error - 2009-05-25 10:33:11 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Symantec

Network Proxy ska ansluta.

 

Error - 2009-05-25 11:13:08 | Computer Name = ELHALLAHFERMVIK | Source = Service Control Manager | ID = 7009

Description = En timeout (30000 ms) inträffade vid väntan på att tjänsten Symantec

Network Proxy ska ansluta.

 

 

< End of report >

[/log]

 

 

[log]OTL logfile created on: 2009-05-25 21:00:31 - Run 1

OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\BUIM2EPR

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

 

510,48 Mb Total Physical Memory | 254,13 Mb Available Physical Memory | 49,78% Memory free

1,22 Gb Paging File | 0,76 Gb Available in Paging File | 62,13% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Drive C: | 180,30 Gb Total Space | 96,29 Gb Free Space | 53,40% Space Free | Partition Type: NTFS

Drive D: | 5,99 Gb Total Space | 2,15 Gb Free Space | 35,95% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Drive M: | 298,02 Gb Total Space | 186,69 Gb Free Space | 62,65% Space Free | Partition Type: FAT32

 

Computer Name: ELHALLAHFERMVIK

Current User Name: HP_Ägaren

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Output = Minimal

File Age = 7 Days

Company Name Whitelist: On

 

========== Processes (SafeList) ==========

 

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)

PRC - C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\RMSetup.exe ()

PRC - C:\Program\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

PRC - C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\_ir_sf7_temp_4\irsetup.exe ()

PRC - C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

PRC - C:\Program\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - c:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

PRC - C:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

PRC - C:\Program\Delade filer\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe ()

PRC - C:\Program\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

PRC - C:\Program\Jensen\Common\JensenUI.exe (Jensen Scandinavia AS.)

PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)

PRC - C:\Program\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

PRC - C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\BUIM2EPR\OTL[1].exe (OldTimer Tools)

 

========== Win32 Services (SafeList) ==========

 

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)

SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)

SRV - (ccEvtMgr [Auto | Running]) -- C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (ccProxy [Auto | Stopped]) -- C:\Program\Delade filer\Symantec Shared\ccProxy.exe (Symantec Corporation)

SRV - (ccSetMgr [Auto | Running]) -- C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (CLTNetCnService [Auto | Running]) -- C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (FsUsbExService [Auto | Running]) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (ISPwdSvc [On_Demand | Stopped]) -- C:\Program\Norton AntiVirus\isPwdSvc.exe (Symantec Corporation)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (LightScribeService [Auto | Running]) -- c:\Program\Delade filer\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (LiveUpdate [On_Demand | Running]) -- C:\Program\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (LiveUpdate Notice Ex [Auto | Running]) -- C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe (Symantec Corporation)

SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

SRV - (PCLEPCI [Auto | Stopped]) -- C:\WINDOWS\system32\drivers\pclepci.sys (Pinnacle Systems GmbH)

SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe ()

SRV - (SymAppCore [Auto | Running]) -- C:\Program\Delade filer\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)

SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)

 

========== Driver Services (SafeList) ==========

 

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)

DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (AmdK8 [system | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)

DRV - (dtscsi [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()

DRV - (eeCtrl [system | Running]) -- C:\Program\Delade filer\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program\Delade filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (ltmodem5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys (LT)

DRV - (MarvinBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)

DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)

DRV - (NAVENG [On_Demand | Running]) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20090525.002\NAVENG.SYS (Symantec Corporation)

DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program\Delade filer\Symantec Shared\VirusDefs\20090525.002\NAVEX15.SYS (Symantec Corporation)

DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (rt2870 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rt2870.sys (Ralink Technology, Corp.)

DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )

DRV - (s716bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s716bus.sys (MCCI Corporation)

DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)

DRV - (SPBBCDrv [system | Running]) -- C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (sptd [boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (SRTSP [system | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)

DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)

DRV - (SRTSPX [system | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)

DRV - (sscdbus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys (MCCI Corporation)

DRV - (sscdmdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys (MCCI Corporation)

DRV - (sscdmdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sscdmdm.sys (MCCI Corporation)

DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)

DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)

DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)

DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program\Delade filer\Symantec Shared\SymcData\ids-diskless\20090519.001\SymIDSCo.sys (Symantec Corporation)

DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)

DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)

DRV - (SYMTDI [system | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)

DRV - (z800bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\z800bus.sys (MCCI)

DRV - (z800mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\z800mdfl.sys (MCCI)

DRV - (z800mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\z800mdm.sys (MCCI)

DRV - (z800mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\z800mgmt.sys (MCCI)

DRV - (z800obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\z800obex.sys (MCCI)

DRV - (FsUsbExDisk [On_Demand | Running]) -- C:\WINDOWS\system32\FsUsbExDisk.SYS ()

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q305&bd=pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

[2009-04-24 16:07:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\mozilla\Extensions

[2009-01-08 23:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\mozilla\Extensions\home2@tomtom.com

 

O1 HOSTS File: (710 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live inloggningshjälpen) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)

O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program\Google\Google Toolbar\GoogleToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - Reg Error: Key error. File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found

O4 - HKLM..\Run: [4-Day Forecast] "C:\Program\4-Day Forecast\4-Day Forecast\4-Day Forecast.exe" /Startup ()

O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" (Symantec Corporation)

O4 - HKLM..\Run: [ctfmon.exe] C:\WINDOWS\system32:ctfmon.com [2009-05-25 20:59:27 | 00,000,000 | ---D | M]

O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [osCheck] "C:\Program\Norton AntiVirus\osCheck.exe" (Symantec Corporation)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()

O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)

O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [msnmsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BankID säkerhetsprogram.lnk = C:\Program\Personal\bin\Personal.exe (Technology Nexus AB)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Jensen AirLink Utility.lnk = C:\Program\Jensen\Common\JensenUI.exe (Jensen Scandinavia AS.)

O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~3\Office10\EXCEL.EXE/3000 (Microsoft Corporation)

O9 - Extra Button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com/lib/vaxjo/support/plugins/ebraryRdr.cab (Infotl Control)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {71C51CB8-6116-44F5-A2DC-575DAE8ADAA4} http://www2.idrottonline.se/ImageStoreNET/CAB/ISUploadOCX.CAB (ISUploadOCX.Upload)

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://elhallah.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225797941004&h=49f817456fc2732db66f04be819cf0df/&filename=jinstall-6u10-windows-i586-jc.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab (Aurigma Image Uploader 3.0 Control)

O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} http://www.extrafilm.se/ImageUploader4.cab (Image Uploader)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game10.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab'>http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://www.pixdiscount.se/clients/uploader_v2.2.0.6.cab (PB_Uploader Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DCC74818-0EA1-4682-8D57-649C1DC70C77} http://launcher.room-3.com/room3/room3.cab (Croom3 Object)

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} https://secure.storegate.se/USER/Files/Cabs/ImageUploader4.cab (Image Uploader Control)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\System\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 () - http://www.lanstrafiken-z.se/core/templateresources/page-bg.gif

O24 - Desktop Components:1 () - file:///C:/DOCUME~1/HP_GAR~1/LOKALA~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Components:2 (Min aktuella startsida) - About:Home

O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-10-29 16:29:30 | 00,000,083 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001-07-28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2004-04-30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O32 - AutoRun File - [2006-08-08 09:59:46 | 00,000,000 | -H-D | M] - M:\autorun -- [ FAT32 ]

O32 - AutoRun File - [2005-11-15 11:08:04 | 00,000,036 | -H-- | M] () - M:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{08409882-3df3-11dd-b34e-0013d326db9c}\Shell - "" = AutoRun

O33 - MountPoints2\{08409882-3df3-11dd-b34e-0013d326db9c}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O33 - MountPoints2\{3c703e35-75cc-11dd-b374-000e2ed617fd}\Shell - "" = AutoRun

O33 - MountPoints2\{3c703e35-75cc-11dd-b374-000e2ed617fd}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -- File not found

O33 - MountPoints2\{6e196cbc-88ba-11dd-b394-000e2ed617fd}\Shell - "" = AutoRun

O33 - MountPoints2\{995ba1c5-4958-11de-b4cf-000e2ed617fd}\Shell - "" = AutoRun

O33 - MountPoints2\{995ba1c5-4958-11de-b4cf-000e2ed617fd}\Shell\ɱ¶¾(&K)\command - "" = N:\delautorun.bat -- File not found

O33 - MountPoints2\{b49fff8a-7e1a-11dc-b24f-0013d326db9c}\Shell\Auto\command - "" = AdobeR.exe e

O33 - MountPoints2\{fd7acc9e-7f54-11dd-b381-000e2ed617fd}\Shell - "" = AutoRun

O33 - MountPoints2\{fd7acc9e-7f54-11dd-b381-000e2ed617fd}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O33 - MountPoints2\L\Shell - "" = AutoRun

O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - * [2009-05-25 15:17:52 | 00,000,000 | ---D | M]

 

========== Files/Folders - Created Within 7 Days ==========

 

[2009-05-25 16:58:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi

[2009-05-25 16:14:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009-05-25 15:17:52 | 00,001,688 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\HijackThis.lnk

[2009-05-25 15:17:51 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro

[2009-05-24 07:36:06 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\~$otokoll styrelsen 09 04 19..doc

[2009-05-24 07:35:42 | 00,013,836 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Protokoll styrelsen 09 04 19..doc

[2009-05-24 07:25:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Ägaren\Application Data\Spotify

[2009-05-24 07:25:00 | 00,000,632 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Spotify.lnk

[2009-05-24 07:24:59 | 00,000,000 | ---D | C] -- C:\Program\Spotify

[2009-05-24 07:21:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2009-05-22 12:17:15 | 00,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-05-22 12:17:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009-05-22 12:17:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009-05-22 12:17:09 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware

[2009-05-21 16:17:39 | 00,323,584 | ---- | C] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL

[2009-05-21 16:16:26 | 00,000,000 | ---D | C] -- C:\Program\Replay Music 3

[2009-05-20 22:31:45 | 00,151,949 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\biljetter.pdf

[2009-05-20 14:53:42 | 06,357,189 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\5052_Remissvar%20Kulturutredningen.pdf

[2009-05-20 12:20:31 | 00,211,660 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Inbjudan 2 Augustiträff.pdf

[2009-05-20 12:15:28 | 00,213,292 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Inbjudan, Augustiträff.pdf

[2009-05-20 12:09:24 | 00,064,150 | ---- | C] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\riksteatern_jpg.jpg

[2009-05-15 12:36:06 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2009-05-15 12:36:06 | 00,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2009-03-25 19:37:23 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2009-03-02 10:34:06 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009-02-21 08:25:20 | 00,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2009-02-17 22:55:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\system.ini

[2009-01-19 23:23:56 | 00,018,790 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll

[2008-11-12 20:58:10 | 00,002,735 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008-10-29 17:47:37 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini

[2008-08-29 15:13:40 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\CoInstaller.dll

[2007-10-25 17:26:10 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2006-08-09 16:29:55 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys

[2006-08-09 16:17:43 | 00,643,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2006-08-09 16:17:43 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd6429.sys

[2005-11-02 00:29:05 | 00,000,383 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005-10-30 19:44:19 | 00,000,128 | ---- | C] () -- C:\WINDOWS\barwiz20.ini

[2005-10-30 19:44:19 | 00,000,056 | ---- | C] () -- C:\WINDOWS\barwizck.ini

[2005-10-20 16:51:21 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini

[2005-08-10 00:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2005-08-10 00:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005-04-30 04:29:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005-01-02 02:32:17 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005-01-02 02:08:31 | 00,013,830 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005-01-02 02:08:25 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005-01-02 01:49:29 | 00,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005-01-02 01:35:53 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005-01-02 01:34:03 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005-01-02 01:34:03 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005-01-02 01:33:41 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004-11-29 18:37:32 | 00,000,617 | ---- | C] () -- C:\WINDOWS\win.ini

[2002-09-28 02:22:32 | 00,000,479 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2002-01-20 15:26:36 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\SimpleResize.dll

[2001-10-25 17:53:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\avisynth.dll

[2001-06-22 14:06:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll

[2000-02-04 07:18:12 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

 

========== Files - Modified Within 7 Days ==========

 

[2009-05-25 20:50:13 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3ED890F9-1D9C-4ED7-924D-78B8A16109A0}.job

[2009-05-25 19:14:34 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009-05-25 17:12:02 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2009-05-25 17:11:36 | 00,000,298 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job

[2009-05-25 17:11:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009-05-25 17:11:19 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Ägaren\Lokala inställningar\desktop.ini

[2009-05-25 17:11:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009-05-25 17:10:45 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys

[2009-05-25 16:56:44 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS

[2009-05-25 16:56:44 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL

[2009-05-25 16:56:44 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT

[2009-05-25 16:56:44 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF

[2009-05-25 15:17:52 | 00,001,688 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\HijackThis.lnk

[2009-05-24 07:36:06 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\~$otokoll styrelsen 09 04 19..doc

[2009-05-24 07:35:43 | 00,013,836 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Protokoll styrelsen 09 04 19..doc

[2009-05-24 07:25:00 | 00,000,632 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Spotify.lnk

[2009-05-24 07:24:03 | 00,323,584 | ---- | M] (Stefan Toengi) -- C:\WINDOWS\System32\AUDIOGENIE2.DLL

[2009-05-22 20:29:53 | 00,000,536 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Ägaren.job

[2009-05-22 12:17:15 | 00,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk

[2009-05-20 22:31:48 | 00,151,949 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\biljetter.pdf

[2009-05-20 14:53:54 | 06,357,189 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\5052_Remissvar%20Kulturutredningen.pdf

[2009-05-20 13:48:29 | 00,211,660 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Inbjudan 2 Augustiträff.pdf

[2009-05-20 12:37:14 | 00,213,292 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\Inbjudan, Augustiträff.pdf

[2009-05-20 12:19:58 | 00,035,840 | -HS- | M] () -- C:\Documents and Settings\HP_Ägaren\Mina dokument\Thumbs.db

[2009-05-20 12:09:26 | 00,064,150 | ---- | M] () -- C:\Documents and Settings\HP_Ägaren\Skrivbord\riksteatern_jpg.jpg

 

========== LOP Check ==========

 

[2009-05-24 07:21:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009-03-13 12:23:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4-Day Forecast

[2009-05-20 12:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2008-04-15 22:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2008-02-27 10:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7

[2008-10-14 12:24:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology

[2009-02-12 12:50:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2005-01-02 01:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard

[2008-11-25 18:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hps

[2005-01-02 02:01:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2008-09-14 14:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009-03-25 00:47:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2009-03-10 08:49:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2005-10-18 16:05:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6

[2009-05-24 07:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2008-10-29 16:34:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2008-10-29 16:34:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio

[2005-01-02 02:06:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime

[2005-01-02 01:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI

[2005-11-02 00:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2008-08-29 15:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2009-01-19 23:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2005-11-30 19:15:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2008-02-23 12:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller

[2007-09-11 13:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2009-05-24 08:12:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data

[2009-05-20 12:17:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Adobe

[2006-12-11 22:55:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\AdobeUM

[2005-01-02 02:06:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Apple Computer

[2009-03-02 10:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\deskPDF

[2008-09-01 14:22:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\DivX

[2009-05-17 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\dvdcss

[2009-04-20 14:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\GlarySoft

[2007-10-27 17:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Google

[2005-11-29 22:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Help

[2007-03-02 17:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\ICQ Toolbar

[2009-04-07 13:17:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Identities

[2008-08-29 15:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\InstallShield

[2005-10-18 17:50:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\InterVideo

[2005-10-23 01:31:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Leadertech

[2009-05-23 07:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Macromedia

[2008-09-14 14:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Malwarebytes

[2009-03-25 14:49:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Microsoft

[2008-11-05 22:59:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Mozilla

[2005-10-18 16:05:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\MSN6

[2008-09-03 15:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\My Games

[2008-11-05 16:38:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Opera

[2009-03-02 10:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\pdfforge

[2009-03-03 15:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Personal

[2008-06-27 13:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Printer Info Cache

[2008-11-27 11:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\proDAD

[2007-11-22 09:59:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Qualcomm

[2008-11-27 11:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Real

[2005-01-02 02:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\SampleView

[2009-05-15 12:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Samsung

[2009-03-02 10:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Search Settings

[2005-10-23 01:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Sonic

[2009-05-24 07:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Spotify

[2005-10-18 17:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Sun

[2008-02-28 13:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Symantec

[2007-11-21 12:19:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Talkback

[2005-10-18 20:31:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Template

[2007-11-21 12:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Thunderbird

[2009-01-08 23:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\TomTom

[2009-05-25 20:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\U3

[2009-05-21 16:14:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\uTorrent

[2005-11-09 20:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\vlc

[2008-12-07 15:45:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Ägaren\Application Data\Zylom

[2004-08-04 20:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009-05-25 17:11:36 | 00,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

[2009-05-22 20:29:53 | 00,000,536 | ---- | M] () -- C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Ägaren.job

[2009-05-25 17:11:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009-05-25 20:50:13 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3ED890F9-1D9C-4ED7-924D-78B8A16109A0}.job

 

========== Purity Check ==========

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 8892465 bytes -> C:\WINDOWS\system32:ctfmon.com

@Alternate Data Stream - 12923 bytes -> C:\WINDOWS\system32:ctfmon

< End of report >

[/log]

 

Link to comment
Share on other sites

Det är en gammal Java-version med säkerhetshål i datorn. Jag rekommenderar dig att installera en ny från http://www.java.com/sv/ och därefter avinstallera alla Java och J2SE utom den senaste i Kontrollpanelen - Lägg till eller ta bort program (inga webbläsare igång).

 

Vad är det för årsmodell på Norton? Det ser inte ut som den senaste och normalt så kan man uppgradera till den och då få förbättrad detektering och borttagning.

 

Jag ser inte vad som drar igång installationen men jag ser att installationsfilen ligger i en mapp för temporära filer:

C:\Documents and Settings\HP_Ägaren\Lokala inställningar\Temp\RMSetup.exe ()

 

Dessutom finns mappen C:\Program\Replay Music 3 kvar så börja med att ta bort den mappen.

 

Ta bort alla tillfälliga filer genom att ladda ner ATF-Cleaner på Skrivbordet:

http://www.atribune.org/ccount/click.php?id=1

 

[log]Stäng av alla andra program, särskilt webbläsare.

Dubbelklicka på ATF-Cleaner.exe för att starta programmet.

Bocka i Select All. Tryck på Empty Selected.

 

Om du använder Firefox: Tryck på Firefox och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Om du använder Opera: Tryck på Opera och välj Select All. Tryck på Empty Selected. Om du vill ha kvar dina lösenord så tryck No vid frågan.

 

Tryck på Exit i Main-menyn för att stänga programmet.

 

Obs! Detta kommer att ta bort alla cookies, om du har cookies som du vill ha kvar så får du antingen spara undan dem innan eller låta bli att välja Select All och i stället markera allt annat.[/log]

 

Starta sedan om datorn och så en ny OTL-logg, tack, men extra-loggen behövs inte den här gången.

 

Link to comment
Share on other sites

Jag gav upp och formaterade om alltihop. Nu har jag ett dagsgöra att få tillbaka allt som det var innan men RM är borta iaf.. Tack för all hjälp, Cecilia!

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.



×
×
  • Create New...