MaPe Posted October 12, 2009 Share Posted October 12, 2009 Hej! Varje gång jag startar min dator får jag upp följande felmeddelande: "Det gick inte att läsa in tftp.nfo. Det går inte att hitta modulen." Efter att ha googlat förstår jag att detta är bra, virusprogrammet har tydligen gjort sitt jobb. Men varför vill datorn fortfarande försöka läsa in filen? Jag har kört CCleaner och skapat en TM HJT-log (med virusprogrammet tillfälligt inaktiverat). Vad beträffar loggen (som jag dessvärre inte förstår så mycket av) ser jag fyra poster "Files\Canon\... O8 - ... ". Jag hade tidigare en Canonskrivare och tror mig ha avinstallerat alla kringprogram, därför undrar jag också om dessa poster ska vara kvar? Tack på förhand! MaPe Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:26:20, on 2009-10-12 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Asus\EZVCR\EZSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\ASUS\EZVCR\Agent.exe C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\daquupu.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\mape.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tftp.nfo beforegllav O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [toucoofu] C:\WINDOWS\system32\daquupu.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [perfdm32] rundll32.exe "C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\perfdm32\perfdm32.dll", DllInit O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [toucoofu] C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ikowin32.exe O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: ASUSKeyboardService (eaauehiuh) - Unknown owner - C:\WINDOWS\system32\soogis.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\Asus\EZVCR\EZSERVICE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10022 bytes Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 12, 2009 Share Posted October 12, 2009 Det finns ett antal rader i loggen som inte verkar bra. Ladda ner Malwarebytes Anti-Malware (MBAM) från: http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html Dubbelklicka på mbam-setup för att installera programmet. Se till i slutet av installationen att det är bockar för: Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware Tryck på Slutför Om det finns någon uppdatering så kommer den att laddas ner och installeras. När programmet startar så välj "Utför snabb skanning" och tryck på Skanna. Skanningen tar ett tag. När den är klar så tryck på OK och sedan "Visa resultat". Bocka för allt och tryck sedan Ta bort markerade. När borttagningen är klar så öppnar Anteckningar med en logg. Eventuellt så kommer det upp en begäran om att starta om datorn (Restart). I så fall gör det. Om det blir ett felmeddelande Error loading... efter omstarten så starta om datorn än en gång. Om programmet inte kommer igång efter omstarten så starta det. Om loggen inte kommer upp själv i Anteckningar så hittar du loggen på fliken Loggar i MBAM. Kopiera loggen och klistra in den i ditt svar. Quote Link to comment Share on other sites More sharing options...
PCGuiden Posted October 12, 2009 Share Posted October 12, 2009 Hej Cecilia Har en undring när du säger att det är några saker som inte stämmer.. kan du delge oss hur man läser dessa loggar eftersom du kan tydligen vet hur man gör. Kanske finns det någon guide på nätet där man kan läsa om detta? Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 12, 2009 Share Posted October 12, 2009 Hej Cecilia Har en undring när du säger att det är några saker som inte stämmer.. kan du delge oss hur man läser dessa loggar eftersom du kan tydligen vet hur man gör. Kanske finns det någon guide på nätet där man kan läsa om detta? Hej! Man söker information om allt man inte känner igen i loggen. För det så använder man t ex http://www.systemlookup.com/ och Google. När man har sett och sökt information om 100 loggar eller så så börjar man se mönster, vad som är normalt och inte etc. När jag började kolla på loggar för ca 5 år sedan så kunde det ta mig 1-2 timmar att kolla igenom en HijackThis-logg, men nu så går det ju mycket fortare. Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 12, 2009 Author Share Posted October 12, 2009 Det finns ett antal rader i loggen som inte verkar bra. Hej Cecilia! Nu har jag följt dina instruktioner, se MBAM-log nedan. Felmeddelandet kom inte upp efter omstart. Hälsningar MaPe Malwarebytes' Anti-Malware 1.41 Databasversion: 2945 Windows 5.1.2600 Service Pack 3 2009-10-12 12:55:19 mbam-log-2009-10-12 (12-55-19).txt Skanningstyp: Snabb skanning Antal skannade objekt: 103722 Förfluten tid: 5 minute(s), 0 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 6 Infekterade registervärden: 2 Infekterade registerdataposter: 1 Infekterade mappar: 2 Infekterade filer: 2 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. Infekterade registervärden: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> Quarantined and deleted successfully. Infekterade registerdataposter: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tftp.nfo beforegllav) Good: (Explorer.exe) -> Quarantined and deleted successfully. Infekterade mappar: C:\Documents and Settings\All Users\Application Data\16262344 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\16949064 (Rogue.Multiple) -> Quarantined and deleted successfully. Infekterade filer: C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Cutwail) -> Quarantined and deleted successfully. C:\Documents and Settings\Magnus Pettersson\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 12, 2009 Share Posted October 12, 2009 Felmeddelandet kom inte upp efter omstart. Då får vi se vad som är kvar i en ny HijackThis-logg. Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 12, 2009 Author Share Posted October 12, 2009 Så här ser den loggen ut: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:46:17, on 2009-10-12 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Asus\EZVCR\EZSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe C:\Program Files\ASUS\EZVCR\Agent.exe C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\daquupu.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Trend Micro\HijackThis\mape.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [toucoofu] C:\WINDOWS\system32\daquupu.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [perfdm32] rundll32.exe "C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\perfdm32\perfdm32.dll", DllInit O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [toucoofu] C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: ASUSKeyboardService (eaauehiuh) - Unknown owner - C:\WINDOWS\system32\soogis.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\Asus\EZVCR\EZSERVICE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10028 bytes Vad säger du om de poster jag nämnde i mitt första inlägg? Hälsningar MaPe Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 12, 2009 Share Posted October 12, 2009 Surfa till http://www.virustotal.com (fungerar bäst med Internet Explorer) klistra in ett av följande filnamn i rutan, tryck på Skicka Fil och vänta tills resultatet är klart (Närvarande status blir genomförd). Klistra in resultatet från de olika antivirusprogrammen (inte Övrig information) här. Upprepa med nästa filnamn. C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe C:\WINDOWS\system32\daquupu.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe Ladda ner ComboFix till Skrivbordet: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Stäng av alla program du ser inklusive antivirusprogram och antispionprogram men lämna brandväggen på. Hur? Se http://www.bleepingcomputer.com/forums/topic114351.html Kör ComboFix och följ anvisningarna som visas. Om det kommer upp en fråga om du vill installera återställningskonsolen så svara ja. VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig. När den är färdig så ska en logg komma upp, klistra in den i ditt svar. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet. Om du får problem med att komma ut på internet: Kontrollpanelen - Nätverksanslutningar högerklicka på din internetanslutning och välj Reparera och/eller starta om datorn. Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 13, 2009 Author Share Posted October 13, 2009 Varning! ComboFix förhindrar automatisk körning av CD, disketter och USB-enheter för att göra det lättare att rensa datorn och skydda datorn mot infektioner i framtiden. Det kan bli problem t ex om datorn har internet via ett USB-modem eller USB-nätverkskort. Säg då till i stället för att köra ComboFix. Jag har endast mobilt bredband till min laptop, mao USB-modem. Hur ska jag då gå tillväga? Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 13, 2009 Share Posted October 13, 2009 Kolla upp filerna på virustotal kan du göra i alla fall. Har du möjlighet att installera om modemet ifall det skulle behövas? Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 13, 2009 Author Share Posted October 13, 2009 C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe C:\WINDOWS\system32\daquupu.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe Alla tre filerna hade blivit analyserade vid tidigare tillfällen. Det var enbart 3 antivirusprogram som gav utslag och varje program gav samma utslag för de tre olika filerna: DrWeb v5.0.0.12182; Senast uppdaterat 2009.09.23; Resultat: Trojan.MulDrop.34866 Microsoft v1.5005; Senast uppdaterat 2009.09.22; Resultat: Backdoor:Win32/Oderoor.gen!H Panda v10.0.2.2; Senast uppdaterat 2009.09.22; Resultat: Suspicious file Vad beträffar ominstallation av modemet, ska det väl inte vara någon omöjlighet. Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 13, 2009 Share Posted October 13, 2009 Kan du ladda upp en av de tre filerna (gärna i en zip-fil) på http://www.skickafilen.se/ Du kommer då att få en länk tillbaka. Den länken skickar du i ett PM (meddelande) här i forumet till mig (klicka på kuvert-ikonen till vänster om det här inlägget). Då kan jag ladda ner filen och undersöka den närmare samt skicka den vidare till antivirusföretagen så att de kan uppdatera sina program. Vi ser om det går bra utan ComboFix. Ladda ner OTL till Skrivbordet. http://oldtimer.geekstogo.com/OTL.exe Stäng alla program. Kör OTL (i Vista högerklicka och Kör som administratör). Under Output högt upp så välj Minimal Output. Bocka för LOP Check och Purity Check. Tryck på Run Scan och låt programmet köra ostört. När det är klart så skapas två loggfiler på Skrivbordet, OTL.txt och Extras.txt. I ditt svar klistrar du in OTL.txt medan du låter Extras.txt ligga kvar på Skrivbordet. Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 14, 2009 Author Share Posted October 14, 2009 Länken du frågade efter har jag skickat till dig och här kommer loggfilen från OTL.txt: OTL logfile created on: 2009-10-14 10:08:20 - Run 1 OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Magnus Pettersson\Desktop\OTL Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 1023,20 Mb Total Physical Memory | 523,79 Mb Available Physical Memory | 51,19% Memory free 2,40 Gb Paging File | 1,97 Gb Available in Paging File | 81,96% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 64,73 Gb Total Space | 21,03 Gb Free Space | 32,49% Space Free | Partition Type: FAT32 Drive D: | 43,11 Gb Total Space | 43,08 Gb Free Space | 99,91% Space Free | Partition Type: FAT32 Drive E: | 2,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded Drive G: | 8,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAGNUS Current User Name: Magnus Pettersson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Magnus Pettersson\Desktop\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) PRC - C:\Program Files\ASUS\EZVCR\Agent.exe (ASUS) PRC - C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe (NXP Semiconductors Germany GmbH) PRC - C:\Program Files\Asus\EZVCR\EZSERVICE.exe () PRC - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\Skype\Phone\Skype.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\WINDOWS\System32\daquupu.exe () PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (eaauehiuh [Auto | Stopped]) -- File not found SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (EZSERVICE [Auto | Running]) -- C:\Program Files\Asus\EZVCR\EZSERVICE.exe () SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (kzbouqeyyn [Auto | Stopped]) -- C:\WINDOWS\System32\kakoopus.exe () SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard) SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET) DRV - (easdrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys (ESET) DRV - (epfwtdir [system | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys () DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (hwdatacard [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation) DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys () DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\NPF.sys (CACE Technologies) DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smserial.sys (Motorola Inc.) DRV - (SynMini [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynMini.sys (Syntek America Inc.) DRV - (SynScan [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynScan.sys (Syntek America Inc.) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (toshidpt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom [system | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfnds [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.) DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (u3kmini [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\u3kmini.sys (ASUSTeK) DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-08 21:01:28 | 00,000,000 | ---D | M] [2007-07-31 23:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions [2007-07-31 23:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-07-31 23:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\sv@dictionaries.addons.mozilla.org O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe (ASYSTeK Computer INC.) O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toucoofu] C:\WINDOWS\System32\daquupu.exe () O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [perfdm32] File not found O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe () O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} http://clients.theshining.se/colorapp/ColorAppOnline.cab (ColorApplication Control) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-12-26 22:25:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006-04-05 17:38:16 | 00,050,534 | R--- | M] () - E:\AutoRun.ico -- [ UDF ] O32 - AutoRun File - [2003-03-14 13:03:15 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007-08-17 17:37:06 | 00,000,046 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\url.DLL -- [2009-06-29 18:12:18 | 00,105,984 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb0\command - "" = F:\EClient.exe -- File not found O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb1\command - "" = F:\Gupdate.exe -- File not found O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb2\command - "" = F:\Gupdate.exe -- File not found O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009-10-14 09:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\OTL [2009-10-13 10:42:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Combofix [2009-10-13 07:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\qw [2009-10-13 07:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny info bilpool [2009-10-11 23:14:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\ccbackup [2009-10-11 19:42:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Trendnew [2009-10-11 19:33:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\ccnew ========== Files - Modified Within 30 Days ========== [2009-10-14 09:45:34 | 00,256,675 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\daquupu.zip [2009-10-14 09:38:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-14 09:36:10 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-10-14 09:36:04 | 00,039,942 | ---- | M] () -- C:\WINDOWS\ezvcr.ini [2009-10-14 09:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-14 09:36:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-14 09:35:54 | 10,729,75872 | -HS- | M] () -- C:\hiberfil.sys [2009-10-13 23:34:12 | 00,004,495 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url [2009-10-13 13:19:18 | 00,033,792 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny(tt) Microsoft Excel-kalkylblad.xls [2009-10-13 13:19:00 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\v.doc [2009-10-13 12:43:08 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006.url [2009-10-11 23:07:26 | 00,001,452 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\CCleaner.lnk [2009-10-11 20:32:20 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Boka bilpoolsbil.url [2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job [2009-10-09 13:07:20 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc [2009-10-09 09:14:08 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK [2009-10-07 18:04:16 | 00,000,345 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Lunds bilpool.url [2009-09-30 10:04:08 | 01,578,786 | -H-- | M] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db [2009-09-25 14:19:02 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006 (2).url [2009-09-23 02:17:12 | 00,325,632 | ---- | M] () -- C:\WINDOWS\System32\kakoopus.exe [2009-09-23 02:17:12 | 00,325,632 | ---- | M] () -- C:\WINDOWS\System32\daquupu.exe [2009-09-22 23:39:56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini ========== Files - No Company Name ========== [2009-10-14 09:45:32 | 00,256,675 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\daquupu.zip [2009-10-13 23:30:22 | 00,325,632 | ---- | C] () -- C:\WINDOWS\System32\kakoopus.exe [2009-10-13 13:15:45 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\v.doc [2009-10-13 12:57:28 | 00,033,792 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny(tt) Microsoft Excel-kalkylblad.xls [2009-10-13 09:31:38 | 00,004,495 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url [2009-10-10 08:08:43 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job [2009-10-09 13:07:19 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc [2009-10-02 13:21:26 | 00,001,092 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK [2009-09-25 14:19:01 | 00,000,257 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006 (2).url [2009-09-23 02:17:10 | 00,325,632 | ---- | C] () -- C:\WINDOWS\System32\daquupu.exe [2009-03-13 03:02:53 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009-02-09 00:23:23 | 00,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008-10-24 20:53:28 | 00,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2008-09-29 09:40:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2008-08-23 12:18:54 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008-08-23 12:18:53 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008-08-23 12:18:50 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008-02-11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll [2008-02-11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll [2008-02-08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll [2007-12-18 20:09:40 | 00,039,942 | ---- | C] () -- C:\WINDOWS\ezvcr.ini [2007-10-12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-07-27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll [2007-07-27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll [2007-07-25 05:54:32 | 00,008,962 | ---- | C] () -- C:\WINDOWS\gcspro.ini [2007-07-18 00:28:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2007-05-21 04:26:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-03-21 12:47:25 | 00,020,192 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007-03-14 22:43:57 | 00,108,032 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-02-11 16:34:59 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\fusioncache.dat [2007-02-05 12:21:45 | 00,000,374 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-01-09 05:05:54 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2007-01-09 01:51:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-12-26 23:00:24 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-12-26 22:29:15 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006-12-26 22:17:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2006-12-26 17:39:49 | 01,578,786 | -H-- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db [2006-12-26 17:39:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Magnus Pettersson\Application Data\desktop.ini [2006-12-26 16:27:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006-09-18 16:09:09 | 00,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2006-09-18 16:09:09 | 00,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006-09-18 16:07:32 | 00,000,669 | ---- | C] () -- C:\WINDOWS\win.ini [2006-09-18 16:07:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2006-05-17 22:28:14 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI [2006-04-23 01:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006-03-16 22:15:59 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-03-16 22:15:59 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-03-16 22:15:59 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-03-16 22:15:59 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-03-16 22:15:59 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-01-02 19:16:31 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini [2005-12-05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll [2005-12-05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll [2005-09-02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005-08-05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2005-07-22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005-02-17 08:07:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004-07-20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004-01-15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2003-04-08 11:35:24 | 00,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2006-12-26 22:17:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2007-04-27 17:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2009-02-08 00:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2007-07-25 15:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2007-06-08 14:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg [2007-08-19 23:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2006-12-26 23:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel [2006-12-26 22:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008-09-29 09:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006-12-26 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data [2008-06-17 18:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ColorAppOnline [2007-04-27 17:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\CyberLink [2007-06-08 14:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\F-Secure [2008-12-09 09:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ICAClient [2006-12-26 23:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Intel [2007-04-21 14:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Ringarnas herre - Häxkungens tid-filer [2008-09-14 14:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård-filer [2006-12-26 18:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård II-filer [2009-09-01 02:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\MSA [2007-07-24 21:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Opera [2007-12-29 20:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Petroglyph [2007-04-21 09:20:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\SecuROM [2007-08-26 22:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\U3 [2006-03-16 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-14 09:36:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job ========== Purity Check ========== < End of report > Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 14, 2009 Share Posted October 14, 2009 (edited) Tack för filen! Det är nu betydligt fler antivirusprogram som upptäcker den, 18 av 41 enligt virustotal, men tyvärr inte Nod32. http://www.virustotal.com/sv/analisis/067c5f1ea827ea156d571c6b8c75444488ab49ca4d6836f5977924a4967dd3e3-1255510460 Kontrollpanelen - Administrationsverktyg - Tjänster Leta upp eaauehiuh i listan, dubbelklicka och välj Startmetod Inaktiverad. Upprepa med kzbouqeyyn. Starta om datorn. Starta OTL (i Vista högerklicka och Kör som administratör). Kopiera alla dessa markerade rader och klistra in i rutan Custom Scans/Fixes i OTL: :OTL O4 - HKCU..\Run: [perfdm32] File not found O4 - HKLM..\Run: [toucoofu] C:\WINDOWS\System32\daquupu.exe () :Files C:\WINDOWS\System32\kakoopus.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe C:\WINDOWS\system32\daquupu.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\madouzo.exe :Commands [EmptyTemp] [Reboot] Tryck på "Run Fix". Avsluta OTL. Om du blir tillfrågad om att starta om datorn så gör det. Det kommer upp en logg som visar resultat, klistra in den i ditt svar. Klistra också in en ny OTL-logg. Edited October 14, 2009 by Cecilia Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 14, 2009 Author Share Posted October 14, 2009 Kontrollpanelen - Administrationsverktyg - Tjänster Leta upp eaauehiuh i listan, dubbelklicka och välj Startmetod Inaktiverad. Upprepa med kzbouqeyyn. Tyvärr, via den här sökvägen hittar jag ingen av tjänsterna, varken under fliken Standard eller Extended och jag har visning av dolda mappar/filer/systemfiler. Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 14, 2009 Share Posted October 14, 2009 Har du hittat Administrationsverktyg i Kontrollpanelen? Nu har jag ju visserligen inte XP längre men jag kan inte påminna mig att där finns några flikar i Tjänster. Quote Link to comment Share on other sites More sharing options...
Mickilina Posted October 14, 2009 Share Posted October 14, 2009 Ser ut följande: Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 14, 2009 Author Share Posted October 14, 2009 Har du hittat Administrationsverktyg i Kontrollpanelen? Mina flikar ser ut som Mickilinas (Tack Mickilina!), fliktext engelsk. Men likväl, varken eaauehiuh eller kzbouqeyyn går att hitta hos mig, tyvärr! Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 14, 2009 Author Share Posted October 14, 2009 Ser ut följande: Tack Mickilina! Det det var rätt som jag hade hittat, men filerna som Cecilia frågar efter kan jag ändå inte hitta. Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 14, 2009 Share Posted October 14, 2009 Då utökar jag lite vad du ska göra med OTL. :OTL SRV - (eaauehiuh [Auto | Stopped]) -- File not found SRV - (kzbouqeyyn [Auto | Stopped]) -- C:\WINDOWS\System32\kakoopus.exe () O4 - HKCU..\Run: [perfdm32] File not found O4 - HKLM..\Run: [toucoofu] C:\WINDOWS\System32\daquupu.exe () :Files C:\WINDOWS\System32\kakoopus.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe C:\WINDOWS\system32\daquupu.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe C:\Documents and Settings\LocalService\Application Data\Microsoft\madouzo.exe :Commands [EmptyTemp] [Reboot] Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 14, 2009 Author Share Posted October 14, 2009 Resultatlogg: All processes killed ========== OTL ========== Service\Driver eaauehiuh stopped successfully. Service\Driver eaauehiuh deleted successfully. File File not found not found. Service\Driver kzbouqeyyn stopped successfully. Service\Driver kzbouqeyyn deleted successfully. C:\WINDOWS\System32\kakoopus.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\perfdm32 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\toucoofu deleted successfully. C:\WINDOWS\System32\daquupu.exe moved successfully. ========== FILES ========== File\Folder C:\WINDOWS\System32\kakoopus.exe not found. C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe moved successfully. File\Folder C:\WINDOWS\system32\daquupu.exe not found. C:\Documents and Settings\LocalService\Application Data\Microsoft\kakoopus.exe moved successfully. C:\Documents and Settings\LocalService\Application Data\Microsoft\madouzo.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 65984 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 2607723 bytes User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Magnus Pettersson ->Temp folder emptied: 2421264 bytes File delete failed. C:\Documents and Settings\Magnus Pettersson\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 11709107 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3189048 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 2775569 bytes File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_3e4.dat scheduled to be deleted on reboot. Windows Temp folder emptied: 1041696 bytes RecycleBin emptied: 5051193 bytes Total Files Cleaned = 27,64 mb OTL by OldTimer - Version 3.0.20.0 log created on 10142009_170942 Files\Folders moved on Reboot... File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3e4.dat not found! Registry entries deleted on Reboot... Ny OTL-logg: OTL logfile created on: 2009-10-14 17:18:42 - Run 2 OTL by OldTimer - Version 3.0.20.0 Folder = C:\Documents and Settings\Magnus Pettersson\Desktop\Problem skadlig kod\OTL Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd 1023,20 Mb Total Physical Memory | 592,05 Mb Available Physical Memory | 57,86% Memory free 2,40 Gb Paging File | 2,03 Gb Available in Paging File | 84,43% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 64,73 Gb Total Space | 21,03 Gb Free Space | 32,49% Space Free | Partition Type: FAT32 Drive D: | 43,11 Gb Total Space | 43,07 Gb Free Space | 99,91% Space Free | Partition Type: FAT32 Drive E: | 2,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF F: Drive not present or media not loaded Drive G: | 8,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAGNUS Current User Name: Magnus Pettersson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Magnus Pettersson\Desktop\Problem skadlig kod\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) PRC - C:\Program Files\ASUS\EZVCR\Agent.exe (ASUS) PRC - C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe (NXP Semiconductors Germany GmbH) PRC - C:\Program Files\Asus\EZVCR\EZSERVICE.exe () PRC - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) PRC - C:\Program Files\Skype\Phone\Skype.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation) SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (EZSERVICE [Auto | Running]) -- C:\Program Files\Asus\EZVCR\EZSERVICE.exe () SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation) SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard) SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard) SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications) DRV - (eamon [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET) DRV - (easdrv [system | Running]) -- C:\WINDOWS\System32\DRIVERS\easdrv.sys (ESET) DRV - (epfwtdir [system | Running]) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys () DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider) DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP) DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP) DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP) DRV - (hwdatacard [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation) DRV - (MPE [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\MPE.sys (Microsoft Corporation) DRV - (MTsensor [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ATKACPI.sys () DRV - (NPF [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\NPF.sys (CACE Technologies) DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation) DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (smserial [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smserial.sys (Motorola Inc.) DRV - (SynMini [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynMini.sys (Syntek America Inc.) DRV - (SynScan [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SynScan.sys (Syntek America Inc.) DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV - (toshidpt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation) DRV - (Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfcom [system | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfnds [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.) DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (u3kmini [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\u3kmini.sys (ASUSTeK) DRV - (w39n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys (Intel® Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-04-08 21:01:28 | 00,000,000 | ---D | M] [2007-07-31 23:29:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions [2007-07-31 23:36:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007-07-31 23:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\mozilla\Firefox\Profiles\470uf1fu.default\extensions\sv@dictionaries.addons.mozilla.org O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe (ASYSTeK Computer INC.) O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe () O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard) O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe () O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe () O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xportera till Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll File not found O9 - Extra Button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} http://clients.theshining.se/colorapp/ColorAppOnline.cab (ColorApplication Control) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-12-26 22:25:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2006-04-11 16:15:11 | 00,323,584 | R--- | M] (Nival Interactive) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006-04-05 17:38:16 | 00,050,534 | R--- | M] () - E:\AutoRun.ico -- [ UDF ] O32 - AutoRun File - [2003-03-14 13:03:15 | 00,000,047 | R--- | M] () - E:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2007-08-17 17:37:06 | 00,000,046 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{0369b9e0-85a9-11dc-a93d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{288262f2-8817-11dc-a94b-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{560da63c-79fc-11dd-acb6-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{569e22b2-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{569e22b4-66f0-11dd-ac6d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\url.DLL -- [2009-06-29 18:12:18 | 00,105,984 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb0\command - "" = F:\EClient.exe -- File not found O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb1\command - "" = F:\Gupdate.exe -- File not found O33 - MountPoints2\{7f6d57ba-c10b-11dd-adae-0018f37187dd}\Shell\verb2\command - "" = F:\Gupdate.exe -- File not found O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{84ec29f8-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{84ec29f9-c000-11dc-aa17-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{916b22aa-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{916b22ab-6ecb-11dc-a8f3-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{a66a4624-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{a66a4625-254a-11dc-a812-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{aaaefd92-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{aaaefd93-8bd9-11dc-a95a-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{ae7706ce-8c72-11dc-a95e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{b2f5be3a-85aa-11dc-a93e-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{b58a0cb0-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{b58a0cb1-15a6-11dc-a7e9-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{bd84c2f8-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell - "" = AutoRun O33 - MountPoints2\{bd84c2f9-1f4b-11dc-a7fc-0018de78ef7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{de0a9c8e-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{de0a9c8f-8c3b-11dc-a95d-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell - "" = AutoRun O33 - MountPoints2\{df7fe310-fac3-11dd-ae5f-0018f37187dd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007-07-14 16:28:32 | 00,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009-10-14 17:09:42 | 00,000,000 | ---D | C] -- C:\_OTL [2009-10-14 14:37:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\WebbTek1 [2009-10-14 14:20:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Problem skadlig kod [2009-10-13 07:41:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\qw [2009-10-13 07:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Magnus Pettersson\Desktop\Ny info bilpool ========== Files - Modified Within 30 Days ========== [2009-10-14 17:13:44 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009-10-14 17:11:42 | 00,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009-10-14 17:11:38 | 00,039,942 | ---- | M] () -- C:\WINDOWS\ezvcr.ini [2009-10-14 17:11:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009-10-14 17:11:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009-10-14 17:11:30 | 10,729,75872 | -HS- | M] () -- C:\hiberfil.sys [2009-10-14 17:02:04 | 00,004,848 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url [2009-10-14 14:39:46 | 00,000,257 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Microsoft ISA Server 2006.url [2009-10-11 23:07:26 | 00,001,452 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\CCleaner.lnk [2009-10-11 20:32:20 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Boka bilpoolsbil.url [2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job [2009-10-09 13:07:20 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc [2009-10-09 09:14:08 | 00,001,092 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK [2009-10-07 18:04:16 | 00,000,345 | ---- | M] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Lunds bilpool.url [2009-09-30 10:04:08 | 01,578,786 | -H-- | M] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db [2009-09-22 23:39:56 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini ========== Files - No Company Name ========== [2009-10-13 09:31:38 | 00,004,848 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\alltomxp.se och alltomvista.se.url [2009-10-10 08:08:43 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\WebReg HP Deskjet F4200 series.job [2009-10-09 13:07:19 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Desktop\Instruktion redigering hemvården.doc [2009-10-02 13:21:26 | 00,001,092 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK [2009-03-13 03:02:53 | 00,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009-02-09 00:23:23 | 00,001,630 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008-10-24 20:53:28 | 00,034,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys [2008-09-29 09:40:31 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll [2008-08-23 12:18:54 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008-08-23 12:18:53 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008-08-23 12:18:50 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2008-02-11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll [2008-02-11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll [2008-02-08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll [2007-12-18 20:09:40 | 00,039,942 | ---- | C] () -- C:\WINDOWS\ezvcr.ini [2007-10-12 23:20:06 | 00,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2007-07-27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll [2007-07-27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll [2007-07-25 05:54:32 | 00,008,962 | ---- | C] () -- C:\WINDOWS\gcspro.ini [2007-07-18 00:28:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2007-05-21 04:26:09 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007-03-21 12:47:25 | 00,020,192 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2007-03-14 22:43:57 | 00,108,032 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007-02-11 16:34:59 | 00,000,140 | ---- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\fusioncache.dat [2007-02-05 12:21:45 | 00,000,374 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007-01-09 05:05:54 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL [2007-01-09 01:51:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006-12-26 23:00:24 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006-12-26 22:29:15 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006-12-26 22:17:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2006-12-26 17:39:49 | 01,578,786 | -H-- | C] () -- C:\Documents and Settings\Magnus Pettersson\Local Settings\Application Data\IconCache.db [2006-12-26 17:39:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Magnus Pettersson\Application Data\desktop.ini [2006-12-26 16:27:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006-09-18 16:09:09 | 00,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2006-09-18 16:09:09 | 00,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006-09-18 16:07:32 | 00,000,669 | ---- | C] () -- C:\WINDOWS\win.ini [2006-09-18 16:07:30 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini [2006-05-17 22:28:14 | 00,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI [2006-04-23 01:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2006-03-16 22:15:59 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006-03-16 22:15:59 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006-03-16 22:15:59 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006-03-16 22:15:59 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006-03-16 22:15:59 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006-01-02 19:16:31 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.ini [2005-12-05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll [2005-12-05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll [2005-09-02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005-08-05 14:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2005-07-22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2005-02-17 08:07:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2004-07-20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004-01-15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2003-04-08 11:35:24 | 00,005,414 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2006-12-26 22:17:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2007-04-27 17:09:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2009-02-08 00:03:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2007-07-25 15:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2007-06-08 14:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg [2007-08-19 23:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE [2006-12-26 23:18:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel [2006-12-26 22:31:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008-09-29 09:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2006-12-26 22:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data [2008-06-17 18:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ColorAppOnline [2007-04-27 17:09:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\CyberLink [2007-06-08 14:36:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\F-Secure [2008-12-09 09:15:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\ICAClient [2006-12-26 23:19:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Intel [2007-04-21 14:56:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Ringarnas herre - Häxkungens tid-filer [2008-09-14 14:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård-filer [2006-12-26 18:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Mina Slaget om Midgård II-filer [2009-09-01 02:08:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\MSA [2007-07-24 21:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Opera [2007-12-29 20:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\Petroglyph [2007-04-21 09:20:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\SecuROM [2007-08-26 22:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Magnus Pettersson\Application Data\U3 [2006-03-16 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini [2009-10-14 17:11:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT [2009-10-10 08:08:46 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\WebReg HP Deskjet F4200 series.job ========== Purity Check ========== < End of report > Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 14, 2009 Share Posted October 14, 2009 Det ser ju bra ut Hur fungerar datorn nu? Du hade några frågor om Canon i HijackThis-loggen om jag minns rätt. Du kan väl klistra in en ny sådan så ser vi hur det ser ut där nu. Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 14, 2009 Author Share Posted October 14, 2009 Jo tack, datorn mår för tillfället riktigt bra - inga konstigheter än så länge ... Den senaste HijackThis-loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:20:05, on 2009-10-14 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Asus\EZVCR\EZSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\ASUS\EZVCR\Agent.exe C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATK0100\HControl.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\mape.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sMSERIAL] C:\WINDOWS\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [toucoofu] C:\Documents and Settings\LocalService\Application Data\Microsoft\daquupu.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182372911921 O16 - DPF: {9478041E-CAEC-44A5-8271-B56799715926} (ColorApplication Control) - http://clients.theshining.se/colorapp/ColorAppOnline.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\Asus\EZVCR\EZSERVICE.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 9975 bytes Quote Link to comment Share on other sites More sharing options...
Cecilia Posted October 14, 2009 Share Posted October 14, 2009 Det var väl så att du inte hade kvar någon Canon-skrivare och därför inte ville ha kvar menyvalet för Easy-WebPrint i Internet Explorer. Har du kollat om det programmet finns i Lägg till eller ta bort program? Nu återstår en sista städomgång. 1. Ta bort samtliga systemåterställningspunkter eftersom dessa kan vara infekterade. Du gör det genom att stänga av systemåterställningsfunktionen, starta om datorn och så slå på funktionen igen. Skapa sedan en ny punkt. Systemåterställningsfunktionen slår man av och på här: Högerklick på Den här datorn - Egenskaper - Systemåterställning 2. Starta OTL Tryck på knappen CleanUp och programmet avinstalleras efter en omstart av datorn. 3. Byt alla lösenord som du använder i datorn och på internet eftersom dessa kan ha kommit i orätta händer. http://mnin.blogspot.com/2009/02/why-i-enjoyed-tiggersyzor.html beskriver ett skadligt program som spionerar genom att ta skärmbilder, logga tangentbordsnedtryckningar och läsa lösenord som är lagrade i webbläsare, epostprogram etc. 4. Förbättra skyddet i datorn, se mina Råd för en säkrare dator. http://ceblstockholm.googlepages.com/home PS. Online-skanningar är bra, men man ska inte göra det hos tillverkaren av det antivirusprogram man har installerat utan hos någon annan eftersom olika antivirusprogram upptäcker olika saker. Quote Link to comment Share on other sites More sharing options...
MaPe Posted October 15, 2009 Author Share Posted October 15, 2009 Det var väl så att du inte hade kvar någon Canon-skrivare och därför inte ville ha kvar menyvalet för Easy-WebPrint i Internet Explorer. Har du kollat om det programmet finns i Lägg till eller ta bort program? Ja, skrivaren är borta och mjukvaran avinstallerades mha avinstallationshjälpen som fanns i Canonkatalogen under Startmenyn. Det finns inget menyval kvar för Easy-WebPrint i Internet Explorer heller. Dock, har du rätt i att Easy-WebPrint finns kvar i Lägg till eller ta bort program - men det gick inte att utföra någon borttagning där. Anledningen till detta var: "Unable to locate installation log file ´C:\Program Files\Canon\Easy-WebPrint\Uninst.isu". Letar jag i Program Files finns ingen Canon-katalog kvar. Hur gör man i ett sådant här läge? Skulle passa bra innan "slutstädningen" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.